Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirects malware -brawsing-check


  • This topic is locked This topic is locked
8 replies to this topic

#1 AMS123

AMS123

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 28 December 2010 - 08:24 AM

Everytime i try to go to a website via google i get redirected to adverts(i see brawsing-check redirecting to adverts).
It seems to happen maily when i am using internet explorer but not when i use mizilla firefox.(welli havent seen it happen yet when using firefox!!)

I have tried the following virus checkers and none of them are stopping the malware.- AVG, Adware,malware bytes & avast.

Please find attached my GMER log. And below i have posted my DDS post.

PLEASE HELP!!

thnks

AMS



DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 11:56:18.21 on 28/12/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_10
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.3069.857 [GMT 0:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSAS10.SQLSERVER2008\OLAP\bin\msmdsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\PLFSetI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft SQL Server\MSRS10.SQLSERVER2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\fdlauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\fdhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\PLFSetI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\explorer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
mStart Page = hxxp://en.uk.acer.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - c:\users\amit\appdata\local\temp\f5tmp\cachecleaner.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\amit\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\amit\appdata\local\temp\f5tmp\InstallerControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mymeetingroom.webex.com/client/T25LSP41EP15/webex/ieatgpc1.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\amit\appdata\local\temp\f5tmp\urxhost.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\qwnorsjx.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-4-25 43184]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-27 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-25 41456]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-2-26 21752]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-25 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-21 24576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-12-18 202592]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
R2 MSOLAP$SQLSERVER2008;SQL Server Analysis Services (SQLSERVER2008);c:\program files\microsoft sql server\msas10.sqlserver2008\olap\bin\msmdsrv.exe [2008-7-10 21945368]
R2 MSSQL$SQLSERVER2008;SQL Server (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\sqlservr.exe [2008-7-10 40999448]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-2-25 49152]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-25 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-2-26 131072]
R2 ReportServer$SQLSERVER2008;SQL Server Reporting Services (SQLSERVER2008);c:\program files\microsoft sql server\msrs10.sqlserver2008\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2008-12-18 13656]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-4-25 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-2-15 595248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-1-25 54784]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
R3 MSSQLFDLauncher$SQLSERVER2008;SQL Full-text Filter Daemon Launcher (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\fdlauncher.exe [2008-7-10 31256]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2009-1-25 40752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-25 80912]
S3 SQLAgent$SQLSERVER2008;SQL Server Agent (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-21 11264]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2010-12-28 01:46:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-12-27 20:58:41 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-27 20:36:17 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-27 20:21:39 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-27 20:20:53 -------- d-----w- c:\program files\Lavasoft
2010-12-26 23:02:57 -------- d-----w- c:\users\admini~1\appdata\local\Mozilla
2010-12-26 20:24:13 -------- d--h--w- C:\$AVG
2010-12-26 20:05:41 -------- d-----w- c:\users\admini~1\appdata\roaming\AVG10
2010-12-26 20:04:05 -------- d--h--w- c:\progra~2\Common Files
2010-12-26 20:02:57 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-26 20:02:57 -------- d-----w- c:\progra~2\AVG10
2010-12-26 20:02:14 -------- d-----w- c:\program files\AVG
2010-12-26 19:36:59 -------- d-----w- c:\progra~2\MFAData
2010-12-23 19:45:03 -------- d-sh--w- C:\found.000
2010-12-23 17:39:21 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2010-12-23 17:39:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 17:39:05 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-23 17:39:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 17:39:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-20 18:04:17 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2984ebff-4dda-4b91-9582-a9f0ea16e494}\mpengine.dll
2010-12-08 04:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys

==================== Find3M ====================

2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8746E555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x874747b0]; MOV EAX, [0x8747482c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82300F6F] -> \Device\Harddisk0\DR0[0x86EA7AC8]
3 CLASSPNP[0x8A5C2745] -> ntkrnlpa!IofCallDriver[0x82300F6F] -> [0x8577A900]
5 acpi[0x8069C6A0] -> ntkrnlpa!IofCallDriver[0x82300F6F] -> [0x8577E028]
\Driver\iaStor[0x87450AB8] -> IRP_MJ_CREATE -> 0x8746E555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#4&1aca7fc7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 11:57:47.78 ===============

Attached Files

  • Attached File  gner.log   12.27KB   1 downloads

Edited by AMS123, 28 December 2010 - 08:30 AM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:05 PM

Posted 03 January 2011 - 04:13 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



If the system has been used after topic creation time we need to take a look at fresh logs. So, please post fresh copies of dds.txt & attach.txt logs.


Regards,
Georgi :hello:

cXfZ4wS.png


#3 AMS123

AMS123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 03 January 2011 - 06:03 PM

I still have the problem....Now my computer also seems really slow and firefox is also redirecting me to advert sites.

Please find attched the files you have requested. Any problems let me know.

thanks

Ams123

Attached Files

  • Attached File  gner.log   12.27KB   1 downloads
  • Attached File  DDS.txt   19.61KB   2 downloads

Edited by AMS123, 03 January 2011 - 06:05 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 03 January 2011 - 07:55 PM

Hello AMS123,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Lavasoft Ad-Watch Live! Anti-Virus or AV: AVG Anti-Virus 2011.

Spybot S&D or Ad-Aware are no longer recommended
  • mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products)
  • Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.
  • More effective alternatives are Malwarebytes Anti-Malware and SUPERAntiSpyware Free.


2.
We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

3.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

4.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

Things to include in your next reply::
TDSSKiller log
MBRCheck log
A new DDS log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 AMS123

AMS123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 04 January 2011 - 05:56 AM

Hi Fireman4It

First of all thanks for your help with this.
My computer still seems to running slow when windows is initally loading up all the desktop items.

The google redirect seems to have stopped once I followed your instructions below. Please find the logs that you requested pasted below:

DDS LOG


DDS (Ver_10-12-12.02) - NTFSx86
Run by Amit at 10:45:28.57 on 04/01/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_10
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.3069.1491 [GMT 0:00]

AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSAS10.SQLSERVER2008\OLAP\bin\msmdsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\sqlservr.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\PLFSetI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\MSRS10.SQLSERVER2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\fdhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Amit\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - c:\users\amit\appdata\local\temp\f5tmp\cachecleaner.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\amit\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\amit\appdata\local\temp\f5tmp\InstallerControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mymeetingroom.webex.com/client/T25LSP41EP15/webex/ieatgpc1.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\amit\appdata\local\temp\f5tmp\urxhost.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

================= FIREFOX ===================

FF - ProfilePath - c:\users\amit\appdata\roaming\mozilla\firefox\profiles\zfbvh1gm.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\amit\appdata\roaming\mozilla\firefox\profiles\zfbvh1gm.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: XULRunner: {AE251D17-E2D1-406E-8018-D19D26F9BA7B} - c:\users\amit\appdata\local\{AE251D17-E2D1-406E-8018-D19D26F9BA7B}

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-4-25 43184]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-25 41456]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-2-26 21752]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-25 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-21 24576]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-12-18 202592]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
R2 MSOLAP$SQLSERVER2008;SQL Server Analysis Services (SQLSERVER2008);c:\program files\microsoft sql server\msas10.sqlserver2008\olap\bin\msmdsrv.exe [2008-7-10 21945368]
R2 MSSQL$SQLSERVER2008;SQL Server (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\sqlservr.exe [2008-7-10 40999448]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-2-25 49152]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-25 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-2-26 131072]
R2 ReportServer$SQLSERVER2008;SQL Server Reporting Services (SQLSERVER2008);c:\program files\microsoft sql server\msrs10.sqlserver2008\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2008-12-18 13656]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-4-25 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-2-15 595248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-1-25 54784]
R3 MSSQLFDLauncher$SQLSERVER2008;SQL Full-text Filter Daemon Launcher (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\fdlauncher.exe [2008-7-10 31256]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2009-1-25 40752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-25 80912]
S3 SQLAgent$SQLSERVER2008;SQL Server Agent (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-21 11264]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2010-12-30 16:03:37 -------- d-sh--w- C:\found.001
2010-12-27 20:58:41 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-27 20:22:10 -------- d-----w- c:\users\amit\appdata\local\Sunbelt Software
2010-12-26 23:00:51 -------- d-----w- c:\users\amit\appdata\roaming\AVG10
2010-12-26 20:24:13 -------- d--h--w- C:\$AVG
2010-12-26 20:04:05 -------- d--h--w- c:\progra~2\Common Files
2010-12-26 20:02:57 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-26 20:02:57 -------- d-----w- c:\progra~2\AVG10
2010-12-26 20:02:14 -------- d-----w- c:\program files\AVG
2010-12-26 19:36:59 -------- d-----w- c:\progra~2\MFAData
2010-12-23 22:58:46 -------- d-----w- c:\users\amit\appdata\roaming\Malwarebytes
2010-12-23 19:45:03 -------- d-sh--w- C:\found.000
2010-12-23 17:39:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 17:39:05 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-23 17:39:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 17:39:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 01:14:00 0 ----a-w- c:\users\amit\appdata\local\Oqekevori.bin
2010-12-22 01:13:58 -------- d-----w- c:\users\amit\appdata\local\{AE251D17-E2D1-406E-8018-D19D26F9BA7B}
2010-12-20 18:04:17 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2984ebff-4dda-4b91-9582-a9f0ea16e494}\mpengine.dll
2010-12-08 04:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys

==================== Find3M ====================

2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 10:46:25.66 ===============


TDSSKiller

2011/01/04 10:22:03.0603 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/04 10:22:03.0603 ================================================================================
2011/01/04 10:22:03.0603 SystemInfo:
2011/01/04 10:22:03.0603
2011/01/04 10:22:03.0603 OS Version: 6.0.6001 ServicePack: 1.0
2011/01/04 10:22:03.0603 Product type: Workstation
2011/01/04 10:22:03.0603 ComputerName: ACER
2011/01/04 10:22:03.0604 UserName: Amit
2011/01/04 10:22:03.0604 Windows directory: C:\Windows
2011/01/04 10:22:03.0604 System windows directory: C:\Windows
2011/01/04 10:22:03.0604 Processor architecture: Intel x86
2011/01/04 10:22:03.0604 Number of processors: 2
2011/01/04 10:22:03.0604 Page size: 0x1000
2011/01/04 10:22:03.0604 Boot type: Normal boot
2011/01/04 10:22:03.0604 ================================================================================
2011/01/04 10:22:04.0241 Initialize success
2011/01/04 10:22:55.0908 ================================================================================
2011/01/04 10:22:55.0908 Scan started
2011/01/04 10:22:55.0908 Mode: Manual;
2011/01/04 10:22:55.0908 ================================================================================
2011/01/04 10:22:56.0366 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/01/04 10:22:56.0451 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/01/04 10:22:56.0520 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/01/04 10:22:56.0577 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/01/04 10:22:56.0675 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/01/04 10:22:56.0778 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/01/04 10:22:56.0883 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/01/04 10:22:56.0969 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/01/04 10:22:57.0007 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/01/04 10:22:57.0069 AlfaFF (8d59617a9c3dbf4650aa44f4e9215744) C:\Windows\system32\Drivers\AlfaFF.sys
2011/01/04 10:22:57.0113 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/01/04 10:22:57.0155 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/01/04 10:22:57.0199 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/01/04 10:22:57.0233 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/01/04 10:22:57.0272 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/01/04 10:22:57.0356 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/01/04 10:22:57.0406 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/01/04 10:22:57.0493 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/04 10:22:57.0528 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/01/04 10:22:57.0658 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/01/04 10:22:57.0725 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/01/04 10:22:57.0773 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/01/04 10:22:57.0837 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/01/04 10:22:57.0927 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/01/04 10:22:57.0992 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/01/04 10:22:58.0071 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/01/04 10:22:58.0150 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/01/04 10:22:58.0247 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/01/04 10:22:58.0305 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/01/04 10:22:58.0379 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/04 10:22:58.0422 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/04 10:22:58.0463 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/01/04 10:22:58.0514 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/01/04 10:22:58.0557 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/01/04 10:22:58.0632 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/04 10:22:58.0671 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/01/04 10:22:58.0725 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/01/04 10:22:58.0771 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/04 10:22:58.0816 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/01/04 10:22:58.0874 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
2011/01/04 10:22:58.0923 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/01/04 10:22:58.0981 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/04 10:22:59.0021 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/04 10:22:59.0078 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/04 10:22:59.0135 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/01/04 10:22:59.0224 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/04 10:22:59.0267 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/01/04 10:22:59.0304 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/04 10:22:59.0342 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/01/04 10:22:59.0381 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/01/04 10:22:59.0445 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2011/01/04 10:22:59.0539 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/01/04 10:22:59.0615 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/01/04 10:22:59.0681 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/01/04 10:22:59.0805 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\Program Files\Launch Manager\DPortIO.sys
2011/01/04 10:22:59.0843 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/01/04 10:22:59.0926 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/04 10:23:00.0016 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/01/04 10:23:00.0076 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/01/04 10:23:00.0164 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/01/04 10:23:00.0240 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/01/04 10:23:00.0335 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/01/04 10:23:00.0387 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/01/04 10:23:00.0443 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/04 10:23:00.0532 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/01/04 10:23:00.0575 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/01/04 10:23:00.0639 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/04 10:23:00.0681 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/01/04 10:23:00.0755 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/04 10:23:00.0797 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/04 10:23:00.0840 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/04 10:23:00.0906 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/04 10:23:00.0963 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/04 10:23:01.0003 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/01/04 10:23:01.0040 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/04 10:23:01.0114 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/01/04 10:23:01.0165 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/01/04 10:23:01.0236 HTTP (e046fbc483b041a41b1e922c97cfcc0d) C:\Windows\system32\drivers\HTTP.sys
2011/01/04 10:23:01.0297 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/01/04 10:23:01.0359 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/04 10:23:01.0443 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
2011/01/04 10:23:01.0491 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/01/04 10:23:01.0537 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/01/04 10:23:01.0658 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2011/01/04 10:23:01.0769 IntcAzAudAddService (92bcc487f16892cda495dbd8160272d9) C:\Windows\system32\drivers\RTKVHDA.sys
2011/01/04 10:23:01.0863 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/01/04 10:23:01.0906 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/04 10:23:01.0948 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/04 10:23:02.0030 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/04 10:23:02.0081 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/04 10:23:02.0131 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/01/04 10:23:02.0170 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/01/04 10:23:02.0215 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/04 10:23:02.0265 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/01/04 10:23:02.0326 itecir (8bcd857c7932ad005d5f9c89329da2e1) C:\Windows\system32\DRIVERS\itecir.sys
2011/01/04 10:23:02.0376 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/01/04 10:23:02.0447 JMCR (8123f605779db22ffc67fa84b8381803) C:\Windows\system32\DRIVERS\jmcr.sys
2011/01/04 10:23:02.0501 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/04 10:23:02.0532 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/04 10:23:02.0656 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/04 10:23:02.0781 L1E (999ff607e8870f3d6106ae93b41c2cd5) C:\Windows\system32\DRIVERS\L1E60x86.sys
2011/01/04 10:23:02.0939 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/04 10:23:03.0014 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/04 10:23:03.0064 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/04 10:23:03.0104 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/04 10:23:03.0187 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/01/04 10:23:03.0256 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/01/04 10:23:03.0367 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/01/04 10:23:03.0412 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/01/04 10:23:03.0497 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/01/04 10:23:03.0539 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/04 10:23:03.0572 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/04 10:23:03.0622 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/04 10:23:03.0655 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/01/04 10:23:03.0693 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/01/04 10:23:03.0734 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/04 10:23:03.0786 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/04 10:23:03.0817 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/01/04 10:23:03.0870 mrxsmb (66592e91051728c3571b0d77175686ab) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/04 10:23:03.0931 mrxsmb10 (aa9496b3b8f1d3cb2d2a731ba05464e0) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/04 10:23:03.0964 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/04 10:23:04.0004 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/01/04 10:23:04.0068 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/01/04 10:23:04.0166 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/01/04 10:23:04.0264 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/01/04 10:23:04.0328 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/04 10:23:04.0373 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/04 10:23:04.0405 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/01/04 10:23:04.0456 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/01/04 10:23:04.0542 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/04 10:23:04.0629 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/01/04 10:23:04.0698 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/01/04 10:23:04.0759 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/04 10:23:04.0810 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/01/04 10:23:04.0854 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/04 10:23:04.0892 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/04 10:23:04.0933 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/04 10:23:04.0974 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/01/04 10:23:05.0021 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/04 10:23:05.0081 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/04 10:23:05.0263 NETw4v32 (caaea35dae7f4c19db05481dac22c2ba) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/01/04 10:23:05.0373 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/01/04 10:23:05.0427 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\Windows\system32\drivers\nmwcdc.sys
2011/01/04 10:23:05.0484 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcm.sys
2011/01/04 10:23:05.0548 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\Windows\system32\drivers\nmwcd.sys
2011/01/04 10:23:05.0639 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcj.sys
2011/01/04 10:23:05.0696 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/01/04 10:23:05.0769 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/04 10:23:05.0878 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/01/04 10:23:05.0973 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/01/04 10:23:06.0077 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
2011/01/04 10:23:06.0136 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/01/04 10:23:06.0171 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/01/04 10:23:06.0463 nvlddmkm (426efdb1f64a4d23333f97adf94c3a38) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/01/04 10:23:06.0705 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/01/04 10:23:06.0743 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/01/04 10:23:06.0795 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/01/04 10:23:06.0907 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/01/04 10:23:06.0973 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/01/04 10:23:07.0015 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/01/04 10:23:07.0066 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/01/04 10:23:07.0107 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/01/04 10:23:07.0146 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/01/04 10:23:07.0192 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/01/04 10:23:07.0257 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/01/04 10:23:07.0437 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/04 10:23:07.0475 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/01/04 10:23:07.0543 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/04 10:23:07.0643 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/01/04 10:23:07.0681 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/01/04 10:23:07.0721 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/01/04 10:23:07.0790 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/01/04 10:23:07.0861 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/01/04 10:23:07.0917 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/04 10:23:07.0953 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/04 10:23:08.0010 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/04 10:23:08.0076 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/04 10:23:08.0115 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/04 10:23:08.0178 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/04 10:23:08.0213 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/04 10:23:08.0278 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/01/04 10:23:08.0312 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/04 10:23:08.0381 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/01/04 10:23:08.0493 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/01/04 10:23:08.0644 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
2011/01/04 10:23:08.0691 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/04 10:23:08.0759 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/01/04 10:23:08.0853 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/04 10:23:08.0921 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/01/04 10:23:08.0973 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/01/04 10:23:09.0010 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/01/04 10:23:09.0121 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/01/04 10:23:09.0160 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/04 10:23:09.0203 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/01/04 10:23:09.0251 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/01/04 10:23:09.0364 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/01/04 10:23:09.0404 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/01/04 10:23:09.0458 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/01/04 10:23:09.0559 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/01/04 10:23:09.0683 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/01/04 10:23:09.0814 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
2011/01/04 10:23:09.0870 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/04 10:23:09.0936 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/04 10:23:10.0008 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/01/04 10:23:10.0090 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/04 10:23:10.0160 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/01/04 10:23:10.0213 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/01/04 10:23:10.0278 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/01/04 10:23:10.0366 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
2011/01/04 10:23:10.0504 Tcpip (1acbb7a47e78f4cc82d2effb72901528) C:\Windows\system32\drivers\tcpip.sys
2011/01/04 10:23:10.0592 Tcpip6 (1acbb7a47e78f4cc82d2effb72901528) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/04 10:23:10.0644 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/04 10:23:10.0687 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/01/04 10:23:10.0740 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/01/04 10:23:10.0791 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/04 10:23:10.0834 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/04 10:23:10.0932 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/04 10:23:10.0973 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/01/04 10:23:11.0003 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/04 10:23:11.0053 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/01/04 10:23:11.0113 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/01/04 10:23:11.0167 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/04 10:23:11.0243 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/04 10:23:11.0295 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/01/04 10:23:11.0347 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/01/04 10:23:11.0409 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/01/04 10:23:11.0448 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/04 10:23:11.0520 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys
2011/01/04 10:23:11.0583 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/04 10:23:11.0669 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/01/04 10:23:11.0715 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/04 10:23:11.0756 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/04 10:23:11.0799 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/01/04 10:23:11.0853 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/04 10:23:11.0906 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/04 10:23:11.0957 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/04 10:23:11.0999 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/04 10:23:12.0059 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/01/04 10:23:12.0129 vfs101x (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys
2011/01/04 10:23:12.0174 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/04 10:23:12.0212 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/01/04 10:23:12.0249 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/01/04 10:23:12.0298 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/01/04 10:23:12.0342 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/01/04 10:23:12.0413 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/01/04 10:23:12.0465 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/01/04 10:23:12.0504 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/01/04 10:23:12.0550 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/01/04 10:23:12.0664 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/01/04 10:23:12.0707 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/04 10:23:12.0739 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/04 10:23:12.0823 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/01/04 10:23:12.0875 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/04 10:23:13.0108 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/04 10:23:13.0207 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/01/04 10:23:13.0243 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/04 10:23:13.0333 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/04 10:23:13.0518 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/01/04 10:23:13.0564 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/04 10:23:13.0572 ================================================================================
2011/01/04 10:23:13.0572 Scan finished
2011/01/04 10:23:13.0572 ================================================================================
2011/01/04 10:23:13.0605 Detected object count: 1
2011/01/04 10:23:47.0190 \HardDisk0 - will be cured after reboot
2011/01/04 10:23:47.0192 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/04 10:23:55.0157 Deinitialize success

MBRCHECK

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 8920
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 168):
0x82238000 \SystemRoot\system32\ntkrnlpa.exe
0x82205000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80473000 \SystemRoot\system32\PSHED.dll
0x80484000 \SystemRoot\system32\BOOTVID.dll
0x8048C000 \SystemRoot\system32\CLFS.SYS
0x804CD000 \SystemRoot\system32\CI.dll
0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068B000 \SystemRoot\system32\drivers\acpi.sys
0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E2000 \SystemRoot\system32\drivers\pci.sys
0x80709000 \SystemRoot\System32\drivers\partmgr.sys
0x80718000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80725000 \SystemRoot\system32\drivers\volmgr.sys
0x80734000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077E000 \SystemRoot\system32\drivers\intelide.sys
0x80785000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80793000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A3000 \SystemRoot\System32\Drivers\UBHelper.sys
0x8A004000 \SystemRoot\system32\drivers\iastor.sys
0x8A0CC000 \SystemRoot\system32\drivers\atapi.sys
0x8A0D4000 \SystemRoot\system32\drivers\ataport.SYS
0x8A0F2000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A124000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A134000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8A13D000 \SystemRoot\system32\Drivers\AlfaFF.sys
0x8A146000 \SystemRoot\system32\Drivers\ksecdd.sys
0x8A208000 \SystemRoot\system32\drivers\ndis.sys
0x8A313000 \SystemRoot\system32\drivers\msrpc.sys
0x8A33E000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A40C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A51B000 \SystemRoot\system32\drivers\volsnap.sys
0x8A554000 \SystemRoot\System32\Drivers\spldr.sys
0x8A55C000 \SystemRoot\System32\Drivers\mup.sys
0x8A56B000 \SystemRoot\System32\drivers\ecache.sys
0x8A592000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8A5B6000 \SystemRoot\system32\drivers\disk.sys
0x8A5C7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5E8000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5F1000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8A5F6000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8E2E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E2EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8E2F8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E307000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F007000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F721000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F7C0000 \SystemRoot\System32\drivers\watchdog.sys
0x8F7CD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E310000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F7D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F7E7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E34E000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8E601000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8E879000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E87D000 \SystemRoot\system32\DRIVERS\itecir.sys
0x8E8D5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E8E8000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8E8F2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E8FD000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E92C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E92E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E939000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E951000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8E959000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E963000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E991000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E9D2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E9DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E9F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E35E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E381000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E390000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E3A4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FA07000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8FA90000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FAA0000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8FABD000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8FAE3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FAE5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FB0F000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8FB1D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FB27000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FB34000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FB68000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91200000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FB79000 \SystemRoot\system32\drivers\portcls.sys
0x8FBA6000 \SystemRoot\system32\drivers\drmk.sys
0x91405000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9152B000 \SystemRoot\system32\drivers\modem.sys
0x91538000 \SystemRoot\system32\DRIVERS\hidir.sys
0x91543000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91553000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9155A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91563000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9156B000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x91577000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91580000 \SystemRoot\system32\drivers\vfs101x.sys
0x9158D000 \SystemRoot\System32\Drivers\Null.SYS
0x91594000 \SystemRoot\System32\Drivers\Beep.SYS
0x9159B000 \SystemRoot\System32\drivers\vga.sys
0x915A7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x915C8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x915D0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x915D8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x915E3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x915F1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90E02000 \SystemRoot\System32\drivers\tcpip.sys
0x90EEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90F06000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90F1C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90F33000 \SystemRoot\system32\DRIVERS\smb.sys
0x90F47000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x90F8F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x90FB0000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8A385000 \SystemRoot\system32\drivers\afd.sys
0x90FE2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FBCB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FBD9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E3B9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FBEC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90FF8000 \??\C:\Program Files\Launch Manager\DPortIO.sys
0x91C05000 \SystemRoot\system32\drivers\csc.sys
0x91C5F000 \SystemRoot\System32\Drivers\dfsc.sys
0x91C76000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x91CB2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x91CC8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91CD5000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x91D9D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x96EF0000 \SystemRoot\System32\win32k.sys
0x91DAE000 \SystemRoot\System32\drivers\Dxapi.sys
0x91DB8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97110000 \SystemRoot\System32\TSDDD.dll
0x97130000 \SystemRoot\System32\cdd.dll
0x91DC7000 \SystemRoot\system32\drivers\luafv.sys
0x8E200000 \SystemRoot\system32\drivers\spsys.sys
0x91DE2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8E2AF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x91DF2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8A3CD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8FBF6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA3208000 \SystemRoot\system32\drivers\HTTP.sys
0xA3275000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA3292000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA32AB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA32C0000 \SystemRoot\system32\drivers\mrxdav.sys
0xA32E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA32FF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3338000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA3350000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3377000 \SystemRoot\System32\DRIVERS\srv.sys
0xA33DD000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA33E8000 \??\C:\Windows\system32\drivers\int15.sys
0xA33C5000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x8A3E0000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xACA01000 \SystemRoot\system32\drivers\peauth.sys
0xACADF000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xACAE8000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xACAFA000 \SystemRoot\System32\Drivers\secdrv.SYS
0xACB04000 \SystemRoot\System32\drivers\tcpipreg.sys
0xACB10000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0xACB2D000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xACB37000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x77480000 \Windows\System32\ntdll.dll

Processes (total 98):
0 System Idle Process
4 System
512 C:\Windows\System32\smss.exe
544 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
812 csrss.exe
872 C:\Windows\System32\wininit.exe
884 csrss.exe
916 C:\Windows\System32\services.exe
928 C:\Windows\System32\lsass.exe
944 C:\Windows\System32\lsm.exe
1088 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\winlogon.exe
1188 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\audiodg.exe
1496 C:\Windows\System32\SLsvc.exe
1516 C:\Windows\System32\svchost.exe
1740 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
1804 C:\Windows\System32\svchost.exe
2036 C:\Windows\System32\spoolsv.exe
332 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\agrsmsvc.exe
1336 C:\Windows\System32\svchost.exe
1308 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1508 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1724 C:\Program Files\Bonjour\mDNSResponder.exe
1944 C:\Windows\System32\svchost.exe
1844 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
1572 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
1004 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
2084 C:\Windows\System32\taskeng.exe
2184 C:\Windows\System32\dwm.exe
2220 C:\Windows\System32\taskeng.exe
2280 C:\Windows\explorer.exe
2440 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2524 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2540 C:\Windows\System32\inetsrv\inetinfo.exe
2556 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2584 C:\ACER\Mobility Center\MobilityService.exe
2688 C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
3004 C:\Program Files\Windows Defender\MSASCui.exe
3016 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3024 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3032 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3084 C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
3132 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
3176 C:\Program Files\Microsoft SQL Server\MSAS10.SQLSERVER2008\OLAP\bin\msmdsrv.exe
3292 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3324 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\sqlservr.exe
3372 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
3380 C:\Windows\PLFSetI.exe
3396 C:\Program Files\iTunes\iTunesHelper.exe
3404 C:\Program Files\Java\jre6\bin\jusched.exe
3480 C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
3500 C:\Program Files\AVG\AVG10\avgtray.exe
3528 C:\Program Files\Windows Sidebar\sidebar.exe
3536 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3544 C:\Windows\ehome\ehtray.exe
3552 C:\Program Files\Windows Media Player\wmpnscfg.exe
3584 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
3724 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
3788 C:\Windows\System32\svchost.exe
3816 C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
3888 C:\Program Files\Microsoft SQL Server\MSRS10.SQLSERVER2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
992 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2464 C:\Program Files\Acer\Acer VCM\RS_Service.exe
424 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
1632 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2656 C:\Windows\System32\svchost.exe
1700 C:\Windows\System32\vfsFPService.exe
1612 C:\Windows\System32\svchost.exe
2288 C:\Windows\System32\svchost.exe
2452 C:\Windows\System32\SearchIndexer.exe
4048 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
4308 C:\Program Files\AVG\AVG10\avgam.exe
4332 C:\Program Files\AVG\AVG10\avgnsx.exe
4700 C:\Windows\ehome\ehmsas.exe
5400 C:\Windows\System32\wbem\unsecapp.exe
5488 WmiPrvSE.exe
5908 C:\Program Files\AVG\AVG10\avgcsrvx.exe
5988 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
6120 C:\Program Files\Mozilla Firefox\firefox.exe
4232 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\fdlauncher.exe
4216 unsecapp.exe
4956 C:\Program Files\Windows Media Player\wmpnetwk.exe
5020 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\fdhost.exe
5480 C:\Program Files\iPod\bin\iPodService.exe
3108 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5280 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
5092 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3684 C:\Windows\System32\SearchProtocolHost.exe
2960 C:\Windows\System32\SearchFilterHost.exe
4492 dllhost.exe
5144 dllhost.exe
2392 C:\Users\Amit\Desktop\MBRCheck.exe
536 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 04 January 2011 - 12:46 PM

Hello,

You had a MBR infection which seems to be cured now. Sometimes with these infections they also come with other infections. Let's do a few more scans to see if any leftovers are around.

1.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)
Posted Image
You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

3.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Things to include in your next reply::
MBAM log
Eset log
A new DDS log
Attach.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 AMS123

AMS123
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 05 January 2011 - 05:47 PM

Hi Fireman

I have done as you have requested. Computer still seems slow on bootup. thanks for your help so far ams123

MBAM LOG

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5460

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

04/01/2011 20:55:24
mbam-log-2011-01-04 (20-55-18).txt

Scan type: Quick scan
Objects scanned: 188754
Time elapsed: 16 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\qni8hj710fdl (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

<b>ESET LOG </b>
C:\Users\Amit\AppData\Local\Temp\jar_cache56093.tmp probably a variant of Win32/Agent.FGYIOLB trojan deleted - quarantined
C:\Users\Amit\AppData\Local\Temp\jar_cache62333.tmp Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\Amit\AppData\Local\Temp\tem97FB.tmp a variant of Win32/Kryptik.HQX trojan cleaned by deleting - quarantined
C:\Users\Amit\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\35695db-431d5fcd multiple threats deleted - quarantined
C:\Users\Amit\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7e60d1b9-7e3096ae multiple threats deleted - quarantined
C:\Users\Amit\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\5f332cc9-4e220b52 multiple threats deleted - quarantined

<b>DDS Log </b>


DDS (Ver_10-12-12.02) - NTFSx86
Run by Amit at 22:34:40.07 on 05/01/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.44.1033.18.3069.1114 [GMT 0:00]

AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\PLFSetI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSAS10.SQLSERVER2008\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\sqlservr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\MSRS10.SQLSERVER2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLSERVER2008\MSSQL\Binn\fdhost.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Users\Amit\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - c:\users\amit\appdata\local\temp\f5tmp\cachecleaner.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - c:\users\amit\appdata\local\temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\users\amit\appdata\local\temp\f5tmp\InstallerControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://mymeetingroom.webex.com/client/T25LSP41EP15/webex/ieatgpc1.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:\users\amit\appdata\local\temp\f5tmp\urxhost.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

================= FIREFOX ===================

FF - ProfilePath - c:\users\amit\appdata\roaming\mozilla\firefox\profiles\zfbvh1gm.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\amit\appdata\roaming\mozilla\firefox\profiles\zfbvh1gm.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: XULRunner: {AE251D17-E2D1-406E-8018-D19D26F9BA7B} - c:\users\amit\appdata\local\{AE251D17-E2D1-406E-8018-D19D26F9BA7B}

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2008-4-25 43184]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-4-25 41456]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-2-26 21752]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-4-25 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-21 24576]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-12-18 202592]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
R2 MSOLAP$SQLSERVER2008;SQL Server Analysis Services (SQLSERVER2008);c:\program files\microsoft sql server\msas10.sqlserver2008\olap\bin\msmdsrv.exe [2008-7-10 21945368]
R2 MSSQL$SQLSERVER2008;SQL Server (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\sqlservr.exe [2008-7-10 40999448]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-2-25 49152]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-4-25 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-2-26 131072]
R2 ReportServer$SQLSERVER2008;SQL Server Reporting Services (SQLSERVER2008);c:\program files\microsoft sql server\msrs10.sqlserver2008\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2008-12-18 13656]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2008-4-25 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-2-15 595248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-1-25 54784]
R3 MSSQLFDLauncher$SQLSERVER2008;SQL Full-text Filter Daemon Launcher (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\fdlauncher.exe [2008-7-10 31256]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2009-1-25 40752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-25 80912]
S3 SQLAgent$SQLSERVER2008;SQL Server Agent (SQLSERVER2008);c:\program files\microsoft sql server\mssql10.sqlserver2008\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-21 11264]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2011-01-05 22:32:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-05 22:32:39 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-04 21:01:07 -------- d-----w- c:\program files\ESET
2010-12-30 16:03:37 -------- d-sh--w- C:\found.001
2010-12-27 20:58:41 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-27 20:22:10 -------- d-----w- c:\users\amit\appdata\local\Sunbelt Software
2010-12-26 23:00:51 -------- d-----w- c:\users\amit\appdata\roaming\AVG10
2010-12-26 20:24:13 -------- d--h--w- C:\$AVG
2010-12-26 20:04:05 -------- d--h--w- c:\progra~2\Common Files
2010-12-26 20:02:57 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-26 20:02:57 -------- d-----w- c:\progra~2\AVG10
2010-12-26 20:02:14 -------- d-----w- c:\program files\AVG
2010-12-26 19:36:59 -------- d-----w- c:\progra~2\MFAData
2010-12-23 22:58:46 -------- d-----w- c:\users\amit\appdata\roaming\Malwarebytes
2010-12-23 19:45:03 -------- d-sh--w- C:\found.000
2010-12-23 17:39:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 17:39:05 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-23 17:39:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 17:39:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 01:14:00 0 ----a-w- c:\users\amit\appdata\local\Oqekevori.bin
2010-12-22 01:13:58 -------- d-----w- c:\users\amit\appdata\local\{AE251D17-E2D1-406E-8018-D19D26F9BA7B}
2010-12-20 18:04:17 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2984ebff-4dda-4b91-9582-a9f0ea16e494}\mpengine.dll
2010-12-08 04:12:38 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys

==================== Find3M ====================

2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 22:36:01.89 ===============

Attach log attached

Attached Files



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 05 January 2011 - 07:33 PM

Hello, AMS123 .
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:05 PM

Posted 07 January 2011 - 12:43 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users