Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

whistler@mbr [rtk]


  • This topic is locked This topic is locked
15 replies to this topic

#1 vinokirk

vinokirk

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 25 February 2011 - 02:05 PM

Hello esteemed malware removal experts!
I appear to have the whistler@mbr rootkit. Avast keeps saying it detects it and i need to restart my computer to fix it, but when I restart, Avast detects it again!
Please may I have your valued guidance?

I am running Windows 7 64-bit
I have enabled a firewall.
I have disabled all CD emulation.
I have d/l and ran DDS (logs attached).

Many Thanks :)

DDS (Ver_10-12-12.02) - NTFS_AMD64  
Run by Calvin at 19:07:46.67 on 25/02/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.44.1033.18.4094.2339 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\StkCSrv.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
F:\My Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = 
uSearch Bar = 
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Driver Updater] 
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
StartupFolder: C:\Users\Calvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &NeoTrace It! - C:\PROGRA~2\VISUAL~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265709343046
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
IE-X64: {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~2\VISUAL~1\NTXtoolbar.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1	www.spywareinfo.com
Hosts: 82.192.86.132 oron.com www.oron.com 

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\24ofl12l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig|http://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Calvin\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\24ofl12l.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-2-24 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-7-7 280408]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/03/24 10:37:53];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-3-13 146928]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-7-7 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-7-7 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-2-24 42184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-1-1 363344]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-3 1153368]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;C:\Windows\System32\StkCSrv.exe [2010-2-23 24576]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-2-3 24152]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-8-31 24176]
R3 R5BaseSmc;USB Token Holder Service;C:\Windows\System32\drivers\smccard.sys [2007-4-3 17024]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2011-1-29 34032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-9 136176]
S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-7-26 20568]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2010-7-10 13352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\qcusbser.sys [2010-10-26 120960]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2010-9-23 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2010-9-23 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2010-9-23 159208]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2010-2-23 632704]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-9-23 16392]
S3 token;USB Token Service;C:\Windows\System32\drivers\eps2kt1.sys [2007-4-3 35968]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2010-2-12 43664]

=============== Created Last 30 ================

2011-02-24 23:19:31	--------	d-----r-	C:\Users\Calvin\Dropbox
2011-02-24 23:17:49	--------	d-----w-	C:\Users\Calvin\AppData\Roaming\Dropbox
2011-02-24 19:51:22	--------	d-----w-	C:\Users\Calvin\AppData\Roaming\HTC
2011-02-24 19:49:28	--------	d-----w-	C:\Users\Calvin\AppData\Local\Downloaded Installations
2011-02-24 19:48:34	--------	d-----w-	C:\Program Files (x86)\Spirent Communications
2011-02-24 19:47:52	--------	d-----w-	C:\Program Files (x86)\HTC
2011-02-24 19:47:19	--------	d-----w-	C:\Program Files (x86)\MSXML 4.0
2011-02-24 13:32:16	--------	d-----w-	C:\Windows\System32\SPReview
2011-02-24 13:31:51	--------	d-----w-	C:\Windows\System32\EventProviders
2011-02-24 10:04:05	505176	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2011-02-23 12:52:59	367104	----a-w-	C:\Windows\System32\wcncsvc.dll
2011-02-23 12:52:59	276992	----a-w-	C:\Windows\SysWow64\wcncsvc.dll
2011-02-23 12:29:48	662528	----a-w-	C:\Windows\System32\XpsPrint.dll
2011-02-23 12:29:48	475648	----a-w-	C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 12:29:48	442880	----a-w-	C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 12:29:48	288256	----a-w-	C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-18 20:29:13	--------	d-----w-	C:\Program Files\Nuclear Coffee
2011-02-18 20:28:52	--------	d-----w-	C:\Program Files (x86)\Nuclear Coffee
2011-02-17 21:33:15	--------	d-----w-	C:\Users\Calvin\AppData\Local\MagicSoftware
2011-02-17 21:33:14	--------	d-----w-	C:\Program Files (x86)\MagicDVDRipper
2011-02-12 19:44:35	612352	----a-w-	C:\Windows\System32\vbscript.dll
2011-02-12 19:44:35	428032	----a-w-	C:\Windows\SysWow64\vbscript.dll
2011-02-11 11:31:04	--------	d-----w-	C:\PROGRA~3\TomTom
2011-02-11 11:30:04	--------	d-----w-	C:\Users\Calvin\AppData\Roaming\TomTom
2011-02-11 11:30:04	--------	d-----w-	C:\Users\Calvin\AppData\Local\TomTom
2011-02-11 11:30:01	--------	d-----w-	C:\Program Files (x86)\TomTom International B.V
2011-02-11 11:29:53	--------	d-----w-	C:\Program Files (x86)\TomTom HOME 2
2011-02-07 19:59:47	--------	d--h--w-	C:\IORRT
2011-02-07 19:53:59	--------	d-----w-	C:\Program Files\Microsoft Synchronization Services
2011-02-07 19:51:25	--------	d-----w-	C:\Program Files\Microsoft Analysis Services
2011-02-07 19:51:25	--------	d-----w-	C:\Program Files (x86)\Microsoft Analysis Services
2011-02-03 09:25:13	42776	----a-w-	C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-03 09:25:10	710976	----a-w-	C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-01 11:00:09	--------	d-----w-	C:\Users\Calvin\AppData\Roaming\OpenOffice.org
2011-02-01 10:58:46	--------	d-----w-	C:\Program Files (x86)\JRE
2011-02-01 10:58:23	--------	d-----w-	C:\Program Files (x86)\OpenOffice.org 3
2011-02-01 10:57:04	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2011-02-01 10:57:04	472808	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-31 08:21:07	--------	d-----w-	C:\Users\Calvin\AppData\Roaming\TeamViewer
2011-01-30 17:29:59	--------	d-----w-	C:\Program Files (x86)\TeamViewer
2011-01-30 12:40:13	--------	d-----w-	C:\Windows\PCHEALTH
2011-01-30 12:40:13	--------	d-----w-	C:\Program Files\Microsoft SQL Server Compact Edition
2011-01-30 12:39:00	--------	d-----w-	C:\Program Files (x86)\Microsoft Visual Studio 8
2011-01-29 17:28:31	--------	d-----w-	C:\f3nv temp a
2011-01-29 17:04:05	--------	d-----w-	C:\f3nv temp
2011-01-29 16:59:37	--------	d-----w-	C:\Games
2011-01-29 16:59:25	--------	d-----w-	C:\Users\Calvin\AppData\Local\FOMM
2011-01-29 16:59:23	--------	d-----w-	C:\Program Files (x86)\GeMM
2011-01-29 16:36:49	--------	d-----w-	C:\Users\Calvin\AppData\Local\Fallout3
2011-01-29 16:32:05	753664	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-01-29 16:32:05	69714	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-01-29 16:32:05	63488	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-01-29 16:32:05	5632	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-01-29 16:32:05	274432	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-01-29 16:32:05	200836	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-01-29 16:32:05	184320	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-01-29 16:32:04	331908	----a-w-	C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-01-29 11:57:15	34032	----a-w-	C:\Windows\System32\drivers\seehcri.sys
2011-01-29 11:56:20	--------	d-----w-	C:\Program Files (x86)\Sony Ericsson

==================== Find3M  ====================

2011-02-23 15:04:21	40648	----a-w-	C:\Windows\avastSS.scr
2011-02-23 14:55:05	64344	----a-w-	C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-26 06:53:10	982912	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10	265088	----a-w-	C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20	144384	----a-w-	C:\Windows\System32\cdd.dll
2011-01-07 08:06:50	46080	----a-w-	C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20	366080	----a-w-	C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11	294400	----a-w-	C:\Windows\SysWow64\atmfd.dll
2011-01-06 11:21:36	427777	----a-r-	C:\Windows\System32\drivers\etc\hosts.bak1
2011-01-05 04:00:16	3127808	----a-w-	C:\Windows\System32\win32k.sys
2010-12-21 06:16:27	97280	----a-w-	C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27	62976	----a-w-	C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16	214016	----a-w-	C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14	442880	----a-w-	C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14	1197056	----a-w-	C:\Windows\System32\wininet.dll
2010-12-21 06:16:09	258048	----a-w-	C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55	264192	----a-w-	C:\Windows\System32\upnp.dll
2010-12-21 06:15:31	15360	----a-w-	C:\Windows\System32\slwga.dll
2010-12-21 06:13:03	2003968	----a-w-	C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03	1880576	----a-w-	C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22	100864	----a-w-	C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24	51200	----a-w-	C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22	981504	----a-w-	C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22	350720	----a-w-	C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21	204800	----a-w-	C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19	204288	----a-w-	C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16	14336	----a-w-	C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17	1389568	----a-w-	C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16	1236992	----a-w-	C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12	80384	----a-w-	C:\Windows\SysWow64\davclnt.dll
2010-12-20 18:08:40	24152	----a-w-	C:\Windows\System32\drivers\mbam.sys
2010-12-18 06:11:41	57856	----a-w-	C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34	714752	----a-w-	C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40	44544	----a-w-	C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31	541184	----a-w-	C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03	482816	----a-w-	C:\Windows\System32\html.iec
2010-12-18 04:20:55	386048	----a-w-	C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40	1638912	----a-w-	C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 19:10:43.99 ===============

Bump.
EDIT: Please be patient. There are over 150 unanswered topics in this forum at present and the current average wait time to receive help is 5 days. ~BP

Attached Files


Edited by Budapest, 27 February 2011 - 04:35 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 01 March 2011 - 01:26 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 vinokirk

vinokirk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 01 March 2011 - 05:24 PM

Hi Gringo, I understand about the delay. I can see there are a lot of topics on here and I applaud the work you are doing!
I cannot edit my previous posts to remove the logs unfortunately. Am I intentionally blocked from editing my previous posts or am I just being blind?!

I initially ran Spybot and MBAM but they did not pick up anything so I came here. I have Avast, but I haven't run a scan as per the instructions.
There seem to be no symptoms to this problem, apart from the Avast message telling me I have a problem.

As requested here are my DDS logs:
DDS.txt


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Calvin at 22:18:19.92 on 01/03/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2451 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkCSrv.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\NOTEPAD.EXE
F:\My Downloads\dds (1).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Driver Updater]
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &NeoTrace It! - C:\PROGRA~2\VISUAL~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265709343046
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
IE-X64: {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~2\VISUAL~1\NTXtoolbar.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 82.192.86.132 oron.com www.oron.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\24ofl12l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig|http://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Calvin\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\24ofl12l.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-2-24 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-7-7 280408]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/03/24 10:37:53];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-3-13 146928]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-7-7 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-7-7 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-2-24 42184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-1-1 363344]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-3 1153368]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;C:\Windows\System32\StkCSrv.exe [2010-2-23 24576]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-2-3 24152]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-8-31 24176]
R3 R5BaseSmc;USB Token Holder Service;C:\Windows\System32\drivers\smccard.sys [2007-4-3 17024]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2011-1-29 34032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-9 136176]
S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-7-26 20568]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2010-7-10 13352]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\qcusbser.sys [2010-10-26 120960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-24 20992]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2010-9-23 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2010-9-23 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2010-9-23 159208]
S3 StkCMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkCMini.sys [2010-2-23 632704]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-9-23 16392]
S3 token;USB Token Service;C:\Windows\System32\drivers\eps2kt1.sys [2007-4-3 35968]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-24 59392]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2010-2-12 43664]

=============== Created Last 30 ================

2011-02-27 19:16:21 -------- d-----w- C:\Users\Calvin\AppData\Roaming\Spotify
2011-02-27 19:16:21 -------- d-----w- C:\Users\Calvin\AppData\Local\Spotify
2011-02-27 19:16:14 -------- d-----w- C:\Program Files (x86)\Spotify
2011-02-27 12:40:14 -------- d-----w- C:\Program Files (x86)\Common Files\Ulead Systems
2011-02-27 12:40:13 -------- d-----w- C:\Program Files (x86)\Ulead Systems
2011-02-26 12:17:47 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2011-02-25 22:20:26 -------- d-----w- C:\Windows\System32\SPReview
2011-02-24 23:19:31 -------- d-----r- C:\Users\Calvin\Dropbox
2011-02-24 23:17:49 -------- d-----w- C:\Users\Calvin\AppData\Roaming\Dropbox
2011-02-24 19:51:22 -------- d-----w- C:\Users\Calvin\AppData\Roaming\HTC
2011-02-24 19:49:28 -------- d-----w- C:\Users\Calvin\AppData\Local\Downloaded Installations
2011-02-24 19:48:34 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2011-02-24 19:47:52 -------- d-----w- C:\Program Files (x86)\HTC
2011-02-24 19:47:19 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-02-24 13:31:51 -------- d-----w- C:\Windows\System32\EventProviders
2011-02-24 13:24:53 86528 ----a-w- C:\Windows\SysWow64\isoburn.exe
2011-02-24 13:22:55 3584 ----a-w- C:\Windows\System32\drivers\tr-TR\vpchbus.sys.mui
2011-02-24 13:21:59 61952 ----a-w- C:\Windows\System32\WavDest.dll
2011-02-24 13:20:55 419840 ----a-w- C:\Windows\System32\KernelBase.dll
2011-02-24 13:19:59 67584 ----a-w- C:\Windows\System32\samcli.dll
2011-02-24 10:04:05 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-02-23 12:29:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 12:29:48 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 12:29:48 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 12:29:48 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-18 20:29:13 -------- d-----w- C:\Program Files\Nuclear Coffee
2011-02-18 20:28:52 -------- d-----w- C:\Program Files (x86)\Nuclear Coffee
2011-02-17 21:33:15 -------- d-----w- C:\Users\Calvin\AppData\Local\MagicSoftware
2011-02-17 21:33:14 -------- d-----w- C:\Program Files (x86)\MagicDVDRipper
2011-02-12 19:44:35 612864 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-12 19:44:35 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-11 11:31:04 -------- d-----w- C:\PROGRA~3\TomTom
2011-02-11 11:30:04 -------- d-----w- C:\Users\Calvin\AppData\Roaming\TomTom
2011-02-11 11:30:04 -------- d-----w- C:\Users\Calvin\AppData\Local\TomTom
2011-02-11 11:30:01 -------- d-----w- C:\Program Files (x86)\TomTom International B.V
2011-02-11 11:29:53 -------- d-----w- C:\Program Files (x86)\TomTom HOME 2
2011-02-07 19:59:47 -------- d--h--w- C:\IORRT
2011-02-07 19:53:59 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2011-02-07 19:51:25 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2011-02-07 19:51:25 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-02-03 09:25:13 42776 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-03 09:25:10 710976 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-01 11:00:09 -------- d-----w- C:\Users\Calvin\AppData\Roaming\OpenOffice.org
2011-02-01 10:58:46 -------- d-----w- C:\Program Files (x86)\JRE
2011-02-01 10:58:23 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-02-01 10:57:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-01 10:57:04 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-31 08:21:07 -------- d-----w- C:\Users\Calvin\AppData\Roaming\TeamViewer

==================== Find3M ====================

2011-02-25 22:23:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-02-25 22:23:26 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-02-23 15:04:21 40648 ----a-w- C:\Windows\avastSS.scr
2011-02-23 14:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-29 11:57:15 34032 ----a-w- C:\Windows\System32\drivers\seehcri.sys
2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 06:01:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-06 11:21:36 427777 ----a-r- C:\Windows\System32\drivers\etc\hosts.bak1
2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys
2010-12-20 18:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-17 11:42:18 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-17 11:40:10 715776 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-17 07:07:55 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

============= FINISH: 22:20:45.47 ===============

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 02/02/2010 17:34:20
System Uptime: 01/03/2011 22:04:41 (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | P35C-DS3R
Processor: Intel® Core™2 Duo CPU E6850 @ 3.00GHz | Socket 775 | 3000/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 699 GiB total, 499.332 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 1397 GiB total, 44.118 GiB free.
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AVG network filter service
Device ID: ROOT\LEGACY_AVGFWFD\0000
Manufacturer:
Name: AVG network filter service
PNP Device ID: ROOT\LEGACY_AVGFWFD\0000
Service: Avgfwfd

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Sun Microsystems, Inc.
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp

==== System Restore Points ===================

RP242: 24/02/2011 13:32:07 - Windows 7 Service Pack 1
RP243: 24/02/2011 19:49:53 - Installed HTC Sync.
RP244: 25/02/2011 22:19:23 - Windows Update
RP245: 27/02/2011 12:34:04 - Configured Ulead VideoStudio
RP246: 27/02/2011 12:38:57 - Installed Ulead VideoStudio

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
µTorrent
avast! Free Antivirus
AVI/MPEG/RM/WMV Joiner 4.82
Avira NTFS4DOS 1.9
Back to the Future The Game - Episode 1
BBC iPlayer Desktop
Certification Preparation
Cisco Packet Tracer 5.3.1
Curse Client
CyberLink PowerDVD 10
Dell PC Suite
Driver Updater
Dropbox
EASEUS Data Recovery Wizard Professional 4.3.6
Facebook Plug-In
Fallout 3 - The Garden of Eden Creation Kit
Fallout Mod Manager 0.13.21
Fallout New Vegas
Flash Favorite 1.8
Freelancer
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
HD Tune Pro 4.01
HP USB Disk Storage Format Tool
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
InterVideo DeviceService
Java Auto Updater
Java™ 6 Update 23
Magic DVD Ripper V5.2.1 build 6
Magic ISO Maker v5.3 (build 0221)
Malwarebytes' Anti-Malware
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
mIRC
Mozilla Firefox (3.6.13)
MSVC80_x86_v2
MSXML 4.0 SP3 Parser
Need For Speed™ World
NetLimiter 2 Pro (remove only)
OJOsoft Total Video Converter
OpenOffice.org 3.2
OutlookAddInNet3Setup
PC Connectivity Solution
PowerISO
Quake III Arena Point Release 1.32
QuickTime
Realtek High Definition Audio Driver
RebelConfig 1.00
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Seesmic Desktop 2
SIMCardReaderPro
Skype Toolbars
Skype™ 5.1
SolarWinds Advanced Subnet Calculator
Sony Ericsson Update Service
SpeedFan (remove only)
Spotify
Spybot - Search & Destroy
Steam
System Requirements Lab
Talkative IRC 0.4.4.16
Tipard MKV Video Converter
TomTom HOME 2.8.0.2146
TomTom HOME Visual Studio Merge Modules
Ulead VideoStudio 11
USB2.0 ATV
VideoGet
VideoStudio
VLC media player 1.1.6
Wallpaperio Android Maker 2.03
Windows Internet Explorer Platform Preview
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
World of Warcraft
YouTube Downloader 2.7
Zipeg

==== Event Viewer Messages From Past Week ========

27/02/2011 17:26:44, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
25/02/2011 22:29:35, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 3 for x64-based Systems (KB973685).
25/02/2011 22:28:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2488113).
23/02/2011 22:22:33, Error: volsnap [25] - The shadow copies of volume E: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
23/02/2011 22:12:20, Error: volsnap [10] - The shadow copy of volume E: took too long to install.
01/03/2011 22:05:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgfwfd

==== End Of File ===========================

Edited by vinokirk, 01 March 2011 - 05:25 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 01 March 2011 - 05:44 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 vinokirk

vinokirk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 02 March 2011 - 05:00 AM

Ok I ran combo fix, the log is below. The computer was running fine before and its running fine now. I haven't had any warning messages from Avast, but some days they don't appear at all, whereas other days I might get three :)


ComboFix 11-03-01.03 - Calvin 02/03/2011 9:18.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2287 [GMT 0:00]
Running from: f:\my downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\windows\System32\drivers\etc\hosts.bak1
c:\windows\system32\system
c:\windows\SysWow64\system

.
((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))
.

2011-02-27 19:16 . 2011-02-27 19:46 -------- d-----w- c:\users\Calvin\AppData\Roaming\Spotify
2011-02-27 19:16 . 2011-02-27 19:17 -------- d-----w- c:\users\Calvin\AppData\Local\Spotify
2011-02-27 19:16 . 2011-02-27 19:16 -------- d-----w- c:\program files (x86)\Spotify
2011-02-27 12:40 . 2011-02-27 12:41 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2011-02-27 12:40 . 2011-02-27 12:40 -------- d-----w- c:\program files (x86)\Ulead Systems
2011-02-26 15:51 . 2011-02-26 15:51 -------- d-----w- c:\users\Danielle\AppData\Roaming\HTC
2011-02-26 12:17 . 2011-02-26 12:17 -------- d-----w- c:\program files (x86)\YouTube Downloader
2011-02-25 22:20 . 2011-02-25 22:20 -------- d-----w- c:\windows\system32\SPReview
2011-02-24 23:19 . 2011-02-28 09:13 -------- d-----r- c:\users\Calvin\Dropbox
2011-02-24 23:17 . 2011-02-28 09:13 -------- d-----w- c:\users\Calvin\AppData\Roaming\Dropbox
2011-02-24 19:51 . 2011-02-24 19:51 -------- d-----w- c:\users\Calvin\AppData\Roaming\HTC
2011-02-24 19:49 . 2011-02-24 19:49 -------- d-----w- c:\users\Calvin\AppData\Local\Downloaded Installations
2011-02-24 19:48 . 2011-02-24 19:48 -------- d-----w- c:\program files (x86)\Spirent Communications
2011-02-24 19:47 . 2011-02-24 19:50 -------- d-----w- c:\program files (x86)\HTC
2011-02-24 19:47 . 2011-02-24 19:47 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-02-24 13:31 . 2011-02-24 13:31 -------- d-----w- c:\windows\system32\EventProviders
2011-02-24 13:24 . 2010-11-20 12:21 11264 ----a-w- c:\windows\SysWow64\wshirda.dll
2011-02-24 13:22 . 2010-11-20 14:28 2560 ----a-w- c:\windows\system32\drivers\zh-TW\vpchbus.sys.mui
2011-02-24 13:21 . 2010-11-20 13:33 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-02-24 13:20 . 2010-11-20 13:26 419840 ----a-w- c:\windows\system32\KernelBase.dll
2011-02-24 13:19 . 2010-11-20 13:27 67584 ----a-w- c:\windows\system32\samcli.dll
2011-02-24 10:04 . 2011-02-23 14:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-23 12:29 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 12:29 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 12:29 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-23 12:29 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-21 09:18 . 2011-02-21 09:18 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-02-18 20:29 . 2011-02-18 20:29 -------- d-----w- c:\program files\Nuclear Coffee
2011-02-18 20:28 . 2011-02-18 20:28 -------- d-----w- c:\program files (x86)\Nuclear Coffee
2011-02-17 21:33 . 2011-02-17 21:33 -------- d-----w- c:\users\Calvin\AppData\Local\MagicSoftware
2011-02-17 21:33 . 2011-02-17 21:33 -------- d-----w- c:\program files (x86)\MagicDVDRipper
2011-02-12 19:44 . 2011-01-05 10:34 612864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-12 19:44 . 2011-01-05 05:55 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-02-11 11:31 . 2011-02-11 11:31 -------- d-----w- c:\programdata\TomTom
2011-02-11 11:30 . 2011-02-11 11:30 -------- d-----w- c:\users\Calvin\AppData\Roaming\TomTom
2011-02-11 11:30 . 2011-02-11 11:30 -------- d-----w- c:\users\Calvin\AppData\Local\TomTom
2011-02-11 11:30 . 2011-02-11 11:30 -------- d-----w- c:\program files (x86)\TomTom International B.V
2011-02-11 11:29 . 2011-02-11 11:29 -------- d-----w- c:\program files (x86)\TomTom HOME 2
2011-02-09 19:57 . 2011-02-09 20:00 -------- d-----w- c:\program files (x86)\Google
2011-02-07 19:59 . 2011-02-07 19:59 -------- d-----w- C:\IORRT
2011-02-07 19:53 . 2011-02-07 19:53 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-02-07 19:53 . 2011-02-07 19:53 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-02-07 19:51 . 2011-02-07 19:51 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-02-07 19:51 . 2011-02-07 19:51 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-02-03 09:25 . 2011-02-03 09:25 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-03 09:25 . 2011-02-03 09:25 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-02 15:11 . 2011-02-02 15:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-01 11:00 . 2011-02-01 11:00 -------- d-----w- c:\users\Calvin\AppData\Roaming\OpenOffice.org
2011-02-01 10:58 . 2011-02-01 10:58 -------- d-----w- c:\program files (x86)\JRE
2011-02-01 10:58 . 2011-02-01 10:58 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-02-01 10:57 . 2010-11-12 18:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-01 10:57 . 2010-11-12 18:53 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-25 22:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-25 22:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-23 15:04 . 2010-07-07 07:57 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-07-07 07:57 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-01-16 18:18 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2010-07-07 07:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-07-07 07:57 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-07-07 07:57 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-07-07 07:57 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-07-07 07:57 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-03 09:25 . 2010-03-22 13:59 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-01-29 11:57 . 2011-01-29 11:57 34032 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-12-20 18:09 . 2011-01-01 11:03 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-02-03 02:26 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3524608]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 229888]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 12800]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 491088]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 339536]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 107904]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 194128]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2010-11-20 61440]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 97856]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [2009-06-10 468480]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [2009-06-10 270848]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-06-10 18432]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-06-10 8704]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 286720]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-06-10 47104]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-06-10 14976]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-14 45568]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 20568]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [2009-06-10 3286016]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 530496]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 34304]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 55376]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13352]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-06-10 31232]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2010-11-20 78720]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 410496]
R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 78848]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 273792]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 114752]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 106560]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 65600]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 115776]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 35392]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-11-20 155008]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 31104]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-11-20 140672]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-14 8192]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-14 15360]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-14 318976]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-14 35328]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 51264]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 166272]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2010-09-16 120960]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1524816]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 128592]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-14 13824]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 80464]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-14 93184]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-06-21 125416]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-06-21 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-06-21 159208]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 24656]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2007-06-28 632704]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-07-26 16392]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 token;USB Token Service;c:\windows\system32\DRIVERS\eps2kt1.sys [2007-04-03 35968]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 39424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 40960]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 64592]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-14 100352]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 31232]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-02-12 145360]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-02-12 43664]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 215936]
R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 161872]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [2009-07-14 24576]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-14 27776]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2010-11-20 1504256]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 21056]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-03 834544]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 27008]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 367696]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2010-11-20 459248]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 70224]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 223248]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2010-11-20 152960]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 15424]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 50768]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
S0 spldr;Security Processor Loader Driver; [x]
S0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;c:\windows\system32\drivers\vmstorfl.sys [2010-11-20 46464]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 36432]
S0 vmbus;Virtual Machine Bus;c:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-11-20 71552]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 45056]
S1 CSC;Offline Files Driver;c:\windows\system32\drivers\csc.sys [2010-11-20 514560]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 102400]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 40448]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 24576]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 7680]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 8192]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 119296]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-02-12 193232]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-02-12 53264]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 88576]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-14 12800]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/03/24 10:37];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 12:58 146928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 CscService;Offline Files;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-14 60928]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 113152]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 651264]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 StkSSrv;Syntek AVStream USB2.0 ATV Service;c:\windows\System32\StkCSrv.exe [2007-02-12 24576]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 45056]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 90624]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 38912]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 982912]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 31232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 30208]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-14 77312]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 287744]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 128000]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 24176]
S3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\DRIVERS\smccard.sys [2007-04-03 17024]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 60416]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 29696]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2011-01-29 34032]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 413184]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 167936]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 125440]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-11-20 48640]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-02-12 165200]
S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - PBFILTER

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
wcssvc REG_MULTI_SZ WcsPlugInService

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
sppuinotify

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv

.
Contents of the 'Scheduled Tasks' folder

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 19:57]

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-09 19:57]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-466221320-1047205590-4175310157-1001Core.job
- c:\users\Calvin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 10:06]

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-466221320-1047205590-4175310157-1001UA.job
- c:\users\Calvin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 10:06]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Calvin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 13:27 509952 ----a-w- c:\windows\System32\ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9996320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
AppMgmt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &NeoTrace It! - c:\progra~2\VISUAL~1\NTXcontext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\24ofl12l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig|http://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
.
- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-Driver Updater - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
AddRemove-NetLimiter 2 Pro - c:\program files\NetLimiter 2 Pro\nl2uninst.exe
AddRemove-4010690609.d.seesmic.com - c:\program files (x86)\Microsoft Silverlight\4.0.51204.0\Silverlight.Configuration.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Completion time: 2011-03-02 09:52:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-02 09:52

Pre-Run: 533,332,754,432 bytes free
Post-Run: 533,278,539,776 bytes free

- - End Of File - - 9CE30A5F099076380B07FBFB5E76CB3A

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 02 March 2011 - 06:15 AM

MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 vinokirk

vinokirk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 02 March 2011 - 07:05 AM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P35C-DS3R
Logical Drives Mask: 0x000000ac

Kernel Drivers (total 210):
0x03216000 \SystemRoot\system32\ntoskrnl.exe
0x03800000 \SystemRoot\system32\hal.dll
0x00BBA000 \SystemRoot\system32\kdcom.dll
0x00C4A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C99000 \SystemRoot\system32\PSHED.dll
0x00CAD000 \SystemRoot\system32\CLFS.SYS
0x00D0B000 \SystemRoot\system32\CI.dll
0x00EF5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F99000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA8000 \SystemRoot\system32\drivers\ACPI.sys
0x00E00000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E09000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E13000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E20000 \SystemRoot\system32\drivers\pci.sys
0x00E53000 \SystemRoot\System32\drivers\partmgr.sys
0x00E68000 \SystemRoot\system32\drivers\volmgr.sys
0x00E7D000 \SystemRoot\System32\drivers\volmgrx.sys
0x00ED9000 \SystemRoot\system32\drivers\pciide.sys
0x00EE0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00DCB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\drivers\vmbus.sys
0x00DE5000 \SystemRoot\system32\drivers\winhv.sys
0x00C3C000 \SystemRoot\system32\drivers\atapi.sys
0x010EF000 \SystemRoot\system32\drivers\ataport.SYS
0x01119000 \SystemRoot\system32\drivers\amdxata.sys
0x01124000 \SystemRoot\system32\drivers\fltmgr.sys
0x01170000 \SystemRoot\system32\drivers\fileinfo.sys
0x01231000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01184000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013EF000 \SystemRoot\System32\drivers\pcw.sys
0x01200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0142D000 \SystemRoot\system32\drivers\ndis.sys
0x01520000 \SystemRoot\system32\drivers\NETIO.SYS
0x01580000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016DE000 \SystemRoot\System32\drivers\tcpip.sys
0x018E2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0192C000 \SystemRoot\system32\drivers\vmstorfl.sys
0x0193C000 \SystemRoot\system32\drivers\volsnap.sys
0x01988000 \SystemRoot\System32\Drivers\spldr.sys
0x01990000 \SystemRoot\SysWOW64\speedfan.sys
0x01997000 \SystemRoot\System32\drivers\rdyboost.sys
0x019D1000 \SystemRoot\System32\Drivers\mup.sys
0x019E3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0163A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01650000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x015AB000 \SystemRoot\system32\drivers\cdrom.sys
0x03A9B000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x03B1B000 \SystemRoot\System32\Drivers\Null.SYS
0x03B24000 \SystemRoot\System32\Drivers\Beep.SYS
0x03B2B000 \SystemRoot\System32\drivers\vga.sys
0x03B39000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03B5E000 \SystemRoot\System32\drivers\watchdog.sys
0x03B6E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03B77000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03B80000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03B89000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03B94000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03BA5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03BC7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03BD4000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03A00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03ECE000 \SystemRoot\system32\drivers\afd.sys
0x03F57000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03F61000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03F6A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F90000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x03FA4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03FB3000 \SystemRoot\system32\DRIVERS\serial.sys
0x03FD0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03E00000 \SystemRoot\system32\drivers\vpcvmm.sys
0x03E57000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x03E63000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x03E91000 \SystemRoot\system32\drivers\termdd.sys
0x03EA5000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03A45000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03EB7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03EC3000 \SystemRoot\system32\drivers\mssmbios.sys
0x03FEB000 \SystemRoot\System32\drivers\discache.sys
0x04092000 \SystemRoot\system32\drivers\csc.sys
0x04115000 \SystemRoot\System32\Drivers\dfsc.sys
0x04133000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04144000 \SystemRoot\System32\Drivers\aswSP.SYS
0x0418F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x041B5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F0E0000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FD72000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x042F3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04200000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04246000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04253000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x042A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x042BA000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0FD74000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x042DE000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0FDCA000 \SystemRoot\system32\DRIVERS\parport.sys
0x043E7000 \SystemRoot\system32\drivers\CompositeBus.sys
0x043F7000 \SystemRoot\system32\DRIVERS\vncmirror.sys
0x0FDE7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0F000000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0F024000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0F030000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0F05F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0F07A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0F09B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0F0B5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0F0C0000 \SystemRoot\system32\drivers\kbdclass.sys
0x0F0CF000 \SystemRoot\system32\drivers\mouclass.sys
0x041CB000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x042EA000 \SystemRoot\system32\DRIVERS\smccard.sys
0x041D7000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x041E3000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x04000000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x042EF000 \SystemRoot\system32\drivers\swenum.sys
0x04027000 \SystemRoot\system32\drivers\ks.sys
0x0406A000 \SystemRoot\system32\drivers\umbus.sys
0x016B6000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x0407C000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x042F1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x01072000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x048B3000 \SystemRoot\system32\drivers\usbhub.sys
0x0490D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x056DB000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x058FD000 \SystemRoot\system32\drivers\portcls.sys
0x0593A000 \SystemRoot\system32\drivers\drmk.sys
0x0595C000 \SystemRoot\system32\drivers\ksthunk.sys
0x05962000 \SystemRoot\system32\drivers\usbccgp.sys
0x0597F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x059AD000 \SystemRoot\system32\drivers\hidusb.sys
0x059BB000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x059D4000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x059DD000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x05600000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0560D000 \SystemRoot\system32\drivers\kbdhid.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x0561B000 \SystemRoot\System32\drivers\Dxapi.sys
0x05627000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05635000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05641000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0564A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0565D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x00780000 \SystemRoot\System32\cdd.dll
0x0566B000 \SystemRoot\system32\drivers\luafv.sys
0x0568E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x056C8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x04922000 \SystemRoot\system32\drivers\WudfPf.sys
0x04943000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04958000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0645A000 \SystemRoot\system32\drivers\HTTP.sys
0x06523000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06541000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06559000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06586000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x065D3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06400000 \SystemRoot\system32\drivers\npf.sys
0x04800000 \SystemRoot\system32\drivers\peauth.sys
0x0640F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0641A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04970000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04982000 \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
0x06C75000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06CE0000 \SystemRoot\System32\DRIVERS\srv.sys
0x06D79000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06DAA000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x06DB5000 \??\C:\Program Files\PeerBlock\pbfilter.sys
0x06DBE000 \??\C:\Windows\system32\drivers\mbam.sys
0x06DC8000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77150000 \Windows\System32\ntdll.dll
0x477A0000 \Windows\System32\smss.exe
0xFF470000 \Windows\System32\apisetschema.dll
0xFF850000 \Windows\System32\autochk.exe
0xFF350000 \Windows\System32\msctf.dll
0xFF2B0000 \Windows\System32\clbcatq.dll
0xFE520000 \Windows\System32\shell32.dll
0xFE2C0000 \Windows\System32\iertutil.dll
0x77030000 \Windows\System32\kernel32.dll
0xFE2A0000 \Windows\System32\imagehlp.dll
0x77320000 \Windows\System32\normaliz.dll
0xFE290000 \Windows\System32\nsi.dll
0xFE080000 \Windows\System32\ole32.dll
0xFE050000 \Windows\System32\imm32.dll
0xFDF20000 \Windows\System32\wininet.dll
0xFDE40000 \Windows\System32\oleaut32.dll
0xFDDC0000 \Windows\System32\difxapi.dll
0xFDD40000 \Windows\System32\shlwapi.dll
0xFDCD0000 \Windows\System32\gdi32.dll
0xFDB50000 \Windows\System32\urlmon.dll
0x77310000 \Windows\System32\psapi.dll
0xFDB30000 \Windows\System32\sechost.dll
0x76F30000 \Windows\System32\user32.dll
0xFDA90000 \Windows\System32\comdlg32.dll
0xFDA40000 \Windows\System32\ws2_32.dll
0xFD970000 \Windows\System32\usp10.dll
0xFD840000 \Windows\System32\rpcrt4.dll
0xFD830000 \Windows\System32\lpk.dll
0xFD790000 \Windows\System32\msvcrt.dll
0xFD5B0000 \Windows\System32\setupapi.dll
0xFD4D0000 \Windows\System32\advapi32.dll
0xFD470000 \Windows\System32\Wldap32.dll
0xFD450000 \Windows\System32\devobj.dll
0xFD410000 \Windows\System32\wintrust.dll
0xFD2A0000 \Windows\System32\crypt32.dll
0xFD200000 \Windows\System32\comctl32.dll
0xFD190000 \Windows\System32\KernelBase.dll
0xFD150000 \Windows\System32\cfgmgr32.dll
0xFD140000 \Windows\System32\msasn1.dll
0x751C0000 \Windows\SysWOW64\normaliz.dll

Processes (total 64):
0 System Idle Process
4 System
348 C:\Windows\System32\smss.exe
476 csrss.exe
536 C:\Windows\System32\wininit.exe
548 csrss.exe
584 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\winlogon.exe
828 C:\Windows\System32\nvvsvc.exe
872 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
400 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\nvvsvc.exe
1364 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1596 C:\Windows\System32\spoolsv.exe
1640 C:\Windows\System32\svchost.exe
1752 C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
1836 C:\Windows\System32\svchost.exe
1320 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1208 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2164 C:\Windows\System32\svchost.exe
2404 C:\Windows\System32\StkCSrv.exe
2424 C:\Windows\System32\dwm.exe
2468 C:\Windows\System32\taskhost.exe
2508 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
2588 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2928 C:\Windows\explorer.exe
2992 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
1660 WUDFHost.exe
3712 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3720 C:\Program Files\PeerBlock\peerblock.exe
3740 C:\Program Files\Windows Sidebar\sidebar.exe
2344 C:\Windows\System32\SearchIndexer.exe
3280 C:\Program Files\Windows Media Player\wmpnetwk.exe
3540 C:\Windows\System32\svchost.exe
3548 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
392 C:\Windows\System32\svchost.exe
892 C:\ComboFix\pev.exe
2824 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3644 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
1124 C:\Windows\System32\audiodg.exe
3924 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
3920 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
3964 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
3424 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
1360 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
3948 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
452 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
3684 C:\Users\Calvin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
3872 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
2192 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
2788 C:\Windows\System32\taskeng.exe
1720 C:\Windows\System32\SearchFilterHost.exe
468 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
3460 C:\Windows\System32\SearchProtocolHost.exe
4544 F:\My Downloads\MBRCheck.exe
4552 C:\Windows\System32\conhost.exe
4584 C:\Windows\System32\svchost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: SAMSUNGHD753LJ, Rev: 1AA01109
PhysicalDrive0 Model Number: SAMSUNGHD154UI, Rev: 1AG01118

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 680C3DFB3AF5C02B7E098CA7B25CA73D63745DC5
1397 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 680C3DFB3AF5C02B7E098CA7B25CA73D63745DC5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 02 March 2011 - 07:48 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 vinokirk

vinokirk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 02 March 2011 - 04:57 PM

2011/03/02 21:53:53.0234 4100 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/02 21:53:53.0531 4100 ================================================================================
2011/03/02 21:53:53.0531 4100 SystemInfo:
2011/03/02 21:53:53.0531 4100
2011/03/02 21:53:53.0531 4100 OS Version: 6.1.7601 ServicePack: 1.0
2011/03/02 21:53:53.0531 4100 Product type: Workstation
2011/03/02 21:53:53.0531 4100 ComputerName: CALVIN-PC
2011/03/02 21:53:53.0531 4100 UserName: Calvin
2011/03/02 21:53:53.0531 4100 Windows directory: C:\Windows
2011/03/02 21:53:53.0531 4100 System windows directory: C:\Windows
2011/03/02 21:53:53.0531 4100 Running under WOW64
2011/03/02 21:53:53.0531 4100 Processor architecture: Intel x64
2011/03/02 21:53:53.0531 4100 Number of processors: 2
2011/03/02 21:53:53.0531 4100 Page size: 0x1000
2011/03/02 21:53:53.0531 4100 Boot type: Normal boot
2011/03/02 21:53:53.0531 4100 ================================================================================
2011/03/02 21:53:54.0139 4100 Initialize success
2011/03/02 21:53:59.0771 3528 ================================================================================
2011/03/02 21:53:59.0771 3528 Scan started
2011/03/02 21:53:59.0771 3528 Mode: Manual;
2011/03/02 21:53:59.0771 3528 ================================================================================
2011/03/02 21:54:01.0222 3528 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/03/02 21:54:01.0268 3528 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/03/02 21:54:01.0315 3528 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/03/02 21:54:01.0378 3528 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/02 21:54:01.0424 3528 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/02 21:54:01.0471 3528 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/02 21:54:01.0549 3528 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/03/02 21:54:01.0596 3528 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/03/02 21:54:01.0627 3528 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/03/02 21:54:01.0658 3528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/03/02 21:54:01.0690 3528 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/02 21:54:01.0736 3528 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/02 21:54:01.0768 3528 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/03/02 21:54:01.0814 3528 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/02 21:54:01.0861 3528 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/03/02 21:54:01.0908 3528 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/03/02 21:54:01.0955 3528 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/02 21:54:02.0002 3528 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/02 21:54:02.0064 3528 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
2011/03/02 21:54:02.0111 3528 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
2011/03/02 21:54:02.0158 3528 aswRdr (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
2011/03/02 21:54:02.0220 3528 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
2011/03/02 21:54:02.0267 3528 aswSP (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
2011/03/02 21:54:02.0345 3528 aswTdi (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
2011/03/02 21:54:02.0485 3528 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/02 21:54:02.0548 3528 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/03/02 21:54:02.0641 3528 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/02 21:54:02.0688 3528 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/02 21:54:02.0735 3528 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/02 21:54:02.0782 3528 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/02 21:54:02.0828 3528 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/02 21:54:02.0875 3528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/02 21:54:02.0906 3528 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/02 21:54:02.0953 3528 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/02 21:54:03.0000 3528 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/02 21:54:03.0047 3528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/02 21:54:03.0078 3528 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/02 21:54:03.0125 3528 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/02 21:54:03.0390 3528 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/02 21:54:03.0452 3528 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/03/02 21:54:03.0499 3528 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/02 21:54:03.0546 3528 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/02 21:54:03.0593 3528 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/02 21:54:03.0640 3528 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/03/02 21:54:03.0702 3528 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/03/02 21:54:03.0749 3528 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/02 21:54:03.0796 3528 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/03/02 21:54:03.0842 3528 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/02 21:54:03.0905 3528 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/03/02 21:54:03.0983 3528 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/03/02 21:54:04.0045 3528 dgderdrv (867fa8b9e9e3078f68c4089904bbf4b0) C:\Windows\system32\drivers\dgderdrv.sys
2011/03/02 21:54:04.0076 3528 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/02 21:54:04.0123 3528 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/02 21:54:04.0170 3528 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/02 21:54:04.0248 3528 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/02 21:54:04.0357 3528 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/02 21:54:04.0466 3528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/02 21:54:04.0529 3528 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/03/02 21:54:04.0591 3528 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/02 21:54:04.0638 3528 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/02 21:54:04.0685 3528 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/02 21:54:04.0732 3528 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/02 21:54:04.0763 3528 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/02 21:54:04.0794 3528 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/02 21:54:04.0856 3528 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/03/02 21:54:04.0903 3528 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/02 21:54:04.0934 3528 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/02 21:54:04.0981 3528 FTSER2K (cc4801e9eeeeff877229db0796cdf5a6) C:\Windows\system32\drivers\ftser2k.sys
2011/03/02 21:54:05.0044 3528 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/02 21:54:05.0075 3528 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/02 21:54:05.0106 3528 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
2011/03/02 21:54:05.0137 3528 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/03/02 21:54:05.0200 3528 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/02 21:54:05.0278 3528 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/03/02 21:54:05.0340 3528 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/03/02 21:54:05.0371 3528 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/02 21:54:05.0402 3528 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/02 21:54:05.0434 3528 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/02 21:54:05.0512 3528 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/03/02 21:54:05.0574 3528 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/03/02 21:54:05.0636 3528 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/03/02 21:54:05.0699 3528 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
2011/03/02 21:54:05.0777 3528 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/03/02 21:54:05.0870 3528 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/02 21:54:05.0902 3528 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/03/02 21:54:05.0948 3528 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/03/02 21:54:05.0995 3528 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/02 21:54:06.0104 3528 IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys
2011/03/02 21:54:06.0182 3528 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/03/02 21:54:06.0229 3528 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/02 21:54:06.0292 3528 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/02 21:54:06.0338 3528 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/03/02 21:54:06.0385 3528 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/02 21:54:06.0432 3528 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/02 21:54:06.0463 3528 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/03/02 21:54:06.0526 3528 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/03/02 21:54:06.0588 3528 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/03/02 21:54:06.0650 3528 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/03/02 21:54:06.0760 3528 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/02 21:54:06.0791 3528 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/02 21:54:06.0822 3528 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/02 21:54:06.0900 3528 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/02 21:54:06.0962 3528 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/02 21:54:07.0009 3528 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/02 21:54:07.0056 3528 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/02 21:54:07.0103 3528 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/02 21:54:07.0165 3528 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/02 21:54:07.0228 3528 MBAMProtector (3d3c4b63f11f63f50253e734f0ace9f2) C:\Windows\system32\drivers\mbam.sys
2011/03/02 21:54:07.0321 3528 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/02 21:54:07.0368 3528 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/02 21:54:07.0446 3528 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/02 21:54:07.0508 3528 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/02 21:54:07.0571 3528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/03/02 21:54:07.0649 3528 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/02 21:54:07.0711 3528 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/03/02 21:54:07.0774 3528 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/03/02 21:54:07.0820 3528 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/02 21:54:07.0914 3528 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/03/02 21:54:07.0992 3528 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/02 21:54:08.0039 3528 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/02 21:54:08.0086 3528 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/02 21:54:08.0132 3528 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/03/02 21:54:08.0179 3528 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/03/02 21:54:08.0242 3528 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/02 21:54:08.0273 3528 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/02 21:54:08.0320 3528 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/03/02 21:54:08.0398 3528 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/02 21:54:08.0444 3528 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/02 21:54:08.0476 3528 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/02 21:54:08.0554 3528 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/03/02 21:54:08.0616 3528 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/03/02 21:54:08.0647 3528 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/02 21:54:08.0694 3528 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/02 21:54:08.0741 3528 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/02 21:54:08.0834 3528 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/02 21:54:08.0928 3528 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/03/02 21:54:08.0990 3528 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/02 21:54:09.0037 3528 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/02 21:54:09.0068 3528 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/02 21:54:09.0115 3528 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/02 21:54:09.0178 3528 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/03/02 21:54:09.0224 3528 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/02 21:54:09.0271 3528 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/02 21:54:09.0365 3528 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/02 21:54:09.0521 3528 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
2011/03/02 21:54:09.0568 3528 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/02 21:54:09.0599 3528 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/02 21:54:09.0692 3528 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/03/02 21:54:09.0770 3528 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/02 21:54:10.0098 3528 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/02 21:54:10.0441 3528 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/03/02 21:54:10.0488 3528 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/03/02 21:54:10.0582 3528 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/03/02 21:54:10.0628 3528 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/03/02 21:54:10.0738 3528 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/02 21:54:10.0800 3528 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/03/02 21:54:10.0909 3528 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
2011/03/02 21:54:10.0987 3528 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/03/02 21:54:11.0034 3528 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/03/02 21:54:11.0081 3528 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/03/02 21:54:11.0143 3528 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/02 21:54:11.0190 3528 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/02 21:54:11.0237 3528 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/02 21:54:11.0424 3528 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/02 21:54:11.0486 3528 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/02 21:54:11.0549 3528 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/02 21:54:11.0627 3528 qcusbser (006c1d1587d16947cbecd1ad6effa94b) C:\Windows\system32\DRIVERS\qcusbser.sys
2011/03/02 21:54:11.0720 3528 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/02 21:54:11.0798 3528 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/02 21:54:11.0845 3528 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/02 21:54:11.0939 3528 R5BaseSmc (3957dd188127b036a7125004c05768a5) C:\Windows\system32\DRIVERS\smccard.sys
2011/03/02 21:54:12.0017 3528 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/02 21:54:12.0079 3528 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/02 21:54:12.0142 3528 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/02 21:54:12.0188 3528 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/02 21:54:12.0220 3528 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/02 21:54:12.0266 3528 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/02 21:54:12.0313 3528 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/02 21:54:12.0360 3528 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/02 21:54:12.0438 3528 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/03/02 21:54:12.0485 3528 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/02 21:54:12.0516 3528 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/02 21:54:12.0610 3528 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/03/02 21:54:12.0672 3528 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/03/02 21:54:12.0734 3528 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/03/02 21:54:12.0812 3528 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/02 21:54:12.0906 3528 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/03/02 21:54:12.0984 3528 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/03/02 21:54:13.0046 3528 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/03/02 21:54:13.0140 3528 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
2011/03/02 21:54:13.0202 3528 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/02 21:54:13.0249 3528 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/02 21:54:13.0327 3528 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
2011/03/02 21:54:13.0374 3528 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/02 21:54:13.0405 3528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/02 21:54:13.0452 3528 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/02 21:54:13.0530 3528 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/03/02 21:54:13.0561 3528 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/02 21:54:13.0608 3528 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/02 21:54:13.0655 3528 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/02 21:54:13.0717 3528 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/02 21:54:13.0764 3528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/02 21:54:13.0811 3528 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/02 21:54:13.0951 3528 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/02 21:54:14.0045 3528 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/03/02 21:54:14.0138 3528 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
2011/03/02 21:54:14.0201 3528 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/02 21:54:14.0263 3528 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/02 21:54:14.0341 3528 ssadbus (866f8212ef7e75bac8bca03331e30cb4) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/03/02 21:54:14.0419 3528 ssadmdfl (73e2ba39e7eb024dc686412e2e924a74) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/03/02 21:54:14.0466 3528 ssadmdm (74b032d6c1e36ae2f790752fde8ce055) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/03/02 21:54:14.0560 3528 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/02 21:54:14.0684 3528 StkCMini (d2fbe517d8fe03552e9c6cf91c1540d2) C:\Windows\system32\Drivers\StkCMini.sys
2011/03/02 21:54:14.0794 3528 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/03/02 21:54:14.0840 3528 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/03/02 21:54:14.0872 3528 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/03/02 21:54:15.0028 3528 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/03/02 21:54:15.0074 3528 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/02 21:54:15.0137 3528 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/02 21:54:15.0168 3528 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/02 21:54:15.0184 3528 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/02 21:54:15.0215 3528 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/02 21:54:15.0246 3528 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/03/02 21:54:15.0293 3528 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/03/02 21:54:15.0371 3528 token (4d2cd0979a5f4c0c536a31073b25f39f) C:\Windows\system32\DRIVERS\eps2kt1.sys
2011/03/02 21:54:15.0433 3528 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/02 21:54:15.0496 3528 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/03/02 21:54:15.0527 3528 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/02 21:54:15.0558 3528 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/02 21:54:15.0589 3528 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/02 21:54:15.0620 3528 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/02 21:54:15.0667 3528 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/03/02 21:54:15.0683 3528 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/02 21:54:15.0745 3528 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/03/02 21:54:15.0792 3528 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/03/02 21:54:15.0839 3528 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/03/02 21:54:15.0854 3528 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/02 21:54:15.0886 3528 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/03/02 21:54:15.0917 3528 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/02 21:54:15.0932 3528 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/02 21:54:15.0964 3528 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/02 21:54:16.0026 3528 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
2011/03/02 21:54:16.0042 3528 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/02 21:54:16.0073 3528 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/03/02 21:54:16.0135 3528 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/03/02 21:54:16.0198 3528 VBoxDrv (55e98518b8bf10bd3475607804e3b325) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/03/02 21:54:16.0229 3528 VBoxNetAdp (f06b5dba15aa87541f1ed6cc17251913) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/03/02 21:54:16.0244 3528 VBoxNetFlt (08267d8e073e0d056c154fb71de772d0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/03/02 21:54:16.0291 3528 VBoxUSB (a7c910562c07b5232d9a387274f708e8) C:\Windows\system32\Drivers\VBoxUSB.sys
2011/03/02 21:54:16.0322 3528 VBoxUSBMon (4aaf4085761676489b316162f99554d9) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/03/02 21:54:16.0354 3528 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/03/02 21:54:16.0385 3528 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/02 21:54:16.0416 3528 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/02 21:54:16.0478 3528 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/03/02 21:54:16.0494 3528 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/03/02 21:54:16.0556 3528 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/03/02 21:54:16.0603 3528 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/03/02 21:54:16.0650 3528 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
2011/03/02 21:54:16.0666 3528 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/03/02 21:54:16.0744 3528 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/03/02 21:54:16.0775 3528 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/03/02 21:54:16.0806 3528 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/03/02 21:54:16.0853 3528 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/03/02 21:54:16.0884 3528 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/03/02 21:54:16.0931 3528 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
2011/03/02 21:54:16.0962 3528 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/02 21:54:16.0993 3528 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/03/02 21:54:17.0024 3528 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/02 21:54:17.0071 3528 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/02 21:54:17.0102 3528 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/02 21:54:17.0165 3528 wceusbsh (6d2d5cb1c8d85109a9c8bf290398c24c) C:\Windows\system32\DRIVERS\wceusbsh.sys
2011/03/02 21:54:17.0212 3528 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/02 21:54:17.0243 3528 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/02 21:54:17.0290 3528 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/02 21:54:17.0305 3528 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/02 21:54:17.0368 3528 WINUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/03/02 21:54:17.0399 3528 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/02 21:54:17.0446 3528 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/02 21:54:17.0508 3528 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/03/02 21:54:17.0539 3528 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/02 21:54:17.0695 3528 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
2011/03/02 21:54:17.0742 3528 \HardDisk0 - detected Trojan-Clicker.Win32.Wistler.a (0)
2011/03/02 21:54:17.0789 3528 \HardDisk1 - detected Trojan-Clicker.Win32.Wistler.a (0)
2011/03/02 21:54:17.0789 3528 ================================================================================
2011/03/02 21:54:17.0789 3528 Scan finished
2011/03/02 21:54:17.0789 3528 ================================================================================
2011/03/02 21:54:17.0789 4272 Detected object count: 2
2011/03/02 21:54:36.0150 4272 \HardDisk0 - will be cured after reboot
2011/03/02 21:54:36.0150 4272 Trojan-Clicker.Win32.Wistler.a(\HardDisk0) - User select action: Cure
2011/03/02 21:54:36.0150 4272 \HardDisk1 - processing error
2011/03/02 21:54:45.0260 4272 \HardDisk1 - will be restored after reboot
2011/03/02 21:54:45.0260 4272 Trojan-Clicker.Win32.Wistler.a(\HardDisk1) - User select action: Cure Restore
2011/03/02 21:54:53.0482 2056 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 02 March 2011 - 07:49 PM

Please rerun mbrcheck for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 vinokirk

vinokirk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 03 March 2011 - 04:21 AM

I'm no professional, but this looks good to me :)


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P35C-DS3R
Logical Drives Mask: 0x000000ac

Kernel Drivers (total 210):
0x03254000 \SystemRoot\system32\ntoskrnl.exe
0x0320B000 \SystemRoot\system32\hal.dll
0x00BA6000 \SystemRoot\system32\kdcom.dll
0x00C33000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C82000 \SystemRoot\system32\PSHED.dll
0x00C96000 \SystemRoot\system32\CLFS.SYS
0x00CF4000 \SystemRoot\system32\CI.dll
0x00E2D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE0000 \SystemRoot\system32\drivers\ACPI.sys
0x00F37000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F40000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F4A000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F57000 \SystemRoot\system32\drivers\pci.sys
0x00F8A000 \SystemRoot\System32\drivers\partmgr.sys
0x00F9F000 \SystemRoot\system32\drivers\volmgr.sys
0x0108E000 \SystemRoot\System32\drivers\volmgrx.sys
0x010EA000 \SystemRoot\system32\drivers\pciide.sys
0x010F1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x01101000 \SystemRoot\System32\drivers\mountmgr.sys
0x0111B000 \SystemRoot\system32\drivers\vmbus.sys
0x01157000 \SystemRoot\system32\drivers\winhv.sys
0x0116B000 \SystemRoot\system32\drivers\atapi.sys
0x01174000 \SystemRoot\system32\drivers\ataport.SYS
0x0119E000 \SystemRoot\system32\drivers\amdxata.sys
0x011A9000 \SystemRoot\system32\drivers\fltmgr.sys
0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
0x01235000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01014000 \SystemRoot\System32\Drivers\msrpc.sys
0x013D8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014F6000 \SystemRoot\System32\Drivers\cng.sys
0x01568000 \SystemRoot\System32\drivers\pcw.sys
0x01579000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01400000 \SystemRoot\system32\drivers\ndis.sys
0x01583000 \SystemRoot\system32\drivers\NETIO.SYS
0x01200000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01661000 \SystemRoot\System32\drivers\tcpip.sys
0x01865000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018AF000 \SystemRoot\system32\drivers\vmstorfl.sys
0x018BF000 \SystemRoot\system32\drivers\volsnap.sys
0x0190B000 \SystemRoot\System32\Drivers\spldr.sys
0x01913000 \SystemRoot\SysWOW64\speedfan.sys
0x0191A000 \SystemRoot\System32\drivers\rdyboost.sys
0x01954000 \SystemRoot\System32\Drivers\mup.sys
0x01966000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0196F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019A9000 \SystemRoot\system32\DRIVERS\disk.sys
0x019BF000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01628000 \SystemRoot\system32\drivers\cdrom.sys
0x02C28000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x02CA8000 \SystemRoot\System32\Drivers\Null.SYS
0x02CB1000 \SystemRoot\System32\Drivers\Beep.SYS
0x02CB8000 \SystemRoot\System32\drivers\vga.sys
0x02CC6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02CEB000 \SystemRoot\System32\drivers\watchdog.sys
0x02CFB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02D04000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02D0D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02D16000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02D21000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02D32000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02D54000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D61000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02D71000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03E4B000 \SystemRoot\system32\drivers\afd.sys
0x03ED4000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03EDE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03EE7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F0D000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x03F21000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03F30000 \SystemRoot\system32\DRIVERS\serial.sys
0x03F4D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03F68000 \SystemRoot\system32\drivers\vpcvmm.sys
0x03FBF000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x03FCB000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x03E00000 \SystemRoot\system32\drivers\termdd.sys
0x03E14000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03C7A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03CCB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03CD7000 \SystemRoot\system32\drivers\mssmbios.sys
0x03CE2000 \SystemRoot\System32\drivers\discache.sys
0x03CF1000 \SystemRoot\system32\drivers\csc.sys
0x03D74000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D92000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03DA3000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C26000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F083000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FD15000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0422B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0431F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04365000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04372000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x043C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x043D9000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0FD17000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04200000 \SystemRoot\system32\DRIVERS\serenum.sys
0x0420C000 \SystemRoot\system32\DRIVERS\parport.sys
0x0FD6D000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0FD7D000 \SystemRoot\system32\DRIVERS\vncmirror.sys
0x0FD84000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0FD9A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0FDBE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0FDCA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0F000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0F01B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0F03C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0F056000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0F061000 \SystemRoot\system32\drivers\kbdclass.sys
0x0F070000 \SystemRoot\system32\drivers\mouclass.sys
0x03C3C000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x0FDF9000 \SystemRoot\system32\DRIVERS\smccard.sys
0x03C48000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x03C54000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x02DB6000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x04229000 \SystemRoot\system32\drivers\swenum.sys
0x00FB4000 \SystemRoot\system32\drivers\ks.sys
0x03C62000 \SystemRoot\system32\drivers\umbus.sys
0x03E26000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x03DEE000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x043FD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x00DB4000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x04424000 \SystemRoot\system32\drivers\usbhub.sys
0x0447E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05025000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05247000 \SystemRoot\system32\drivers\portcls.sys
0x05284000 \SystemRoot\system32\drivers\drmk.sys
0x052A6000 \SystemRoot\system32\drivers\ksthunk.sys
0x052AC000 \SystemRoot\system32\drivers\usbccgp.sys
0x052C9000 \SystemRoot\System32\Drivers\usbvideo.sys
0x052F7000 \SystemRoot\system32\drivers\hidusb.sys
0x05305000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x0531E000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x05327000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x05342000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0534F000 \SystemRoot\system32\drivers\kbdhid.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x0535D000 \SystemRoot\System32\drivers\Dxapi.sys
0x05369000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05377000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05383000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0538C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0539F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x053AD000 \SystemRoot\system32\drivers\luafv.sys
0x04493000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x053D0000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x053D9000 \SystemRoot\system32\drivers\WudfPf.sys
0x05000000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x044CD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x044E5000 \SystemRoot\system32\drivers\HTTP.sys
0x045AE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x045CC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05C65000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05CB2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05CD6000 \SystemRoot\system32\drivers\npf.sys
0x05CE5000 \SystemRoot\system32\drivers\peauth.sys
0x05D8B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05D96000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05DC7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05C00000 \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
0x06207000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06272000 \SystemRoot\System32\DRIVERS\srv.sys
0x0630B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0633C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x06347000 \??\C:\Windows\system32\drivers\mbam.sys
0x06351000 \SystemRoot\system32\drivers\spsys.sys
0x063C2000 \??\C:\Program Files\PeerBlock\pbfilter.sys
0x77AC0000 \Windows\System32\ntdll.dll
0x47620000 \Windows\System32\smss.exe
0xFFDE0000 \Windows\System32\apisetschema.dll
0xFF130000 \Windows\System32\autochk.exe
0xFFDA0000 \Windows\System32\imm32.dll
0xFFBC0000 \Windows\System32\setupapi.dll
0xFFB20000 \Windows\System32\comdlg32.dll
0xFFAA0000 \Windows\System32\difxapi.dll
0xFF920000 \Windows\System32\urlmon.dll
0xFF910000 \Windows\System32\nsi.dll
0xFF870000 \Windows\System32\clbcatq.dll
0xFEAE0000 \Windows\System32\shell32.dll
0xFEA00000 \Windows\System32\oleaut32.dll
0xFE980000 \Windows\System32\shlwapi.dll
0x77C90000 \Windows\System32\normaliz.dll
0xFE850000 \Windows\System32\wininet.dll
0xFE7E0000 \Windows\System32\gdi32.dll
0xFE7C0000 \Windows\System32\imagehlp.dll
0x77C80000 \Windows\System32\psapi.dll
0x779C0000 \Windows\System32\user32.dll
0xFE5B0000 \Windows\System32\ole32.dll
0xFE4D0000 \Windows\System32\advapi32.dll
0xFE4C0000 \Windows\System32\lpk.dll
0xFE4A0000 \Windows\System32\sechost.dll
0xFE450000 \Windows\System32\ws2_32.dll
0xFE320000 \Windows\System32\rpcrt4.dll
0xFE0C0000 \Windows\System32\iertutil.dll
0xFDFB0000 \Windows\System32\msctf.dll
0xFDF10000 \Windows\System32\msvcrt.dll
0xFDE40000 \Windows\System32\usp10.dll
0xFDDE0000 \Windows\System32\Wldap32.dll
0x778A0000 \Windows\System32\kernel32.dll
0xFDC70000 \Windows\System32\crypt32.dll
0xFDC50000 \Windows\System32\devobj.dll
0xFDBB0000 \Windows\System32\comctl32.dll
0xFDB40000 \Windows\System32\KernelBase.dll
0xFDB00000 \Windows\System32\wintrust.dll
0xFDAC0000 \Windows\System32\cfgmgr32.dll
0xFDAB0000 \Windows\System32\msasn1.dll
0x76E90000 \Windows\SysWOW64\normaliz.dll

Processes (total 63):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
476 csrss.exe
536 C:\Windows\System32\wininit.exe
548 csrss.exe
584 C:\Windows\System32\services.exe
608 C:\Windows\System32\lsass.exe
616 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\winlogon.exe
756 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\nvvsvc.exe
872 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
368 C:\Windows\System32\svchost.exe
772 C:\Windows\System32\audiodg.exe
1052 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\nvvsvc.exe
1284 C:\Windows\System32\svchost.exe
1348 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1604 C:\Windows\System32\spoolsv.exe
1636 C:\Windows\System32\svchost.exe
1668 C:\Windows\System32\taskeng.exe
1796 C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
1864 C:\Windows\System32\svchost.exe
1172 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1152 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2080 C:\Windows\System32\StkCSrv.exe
2120 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
2204 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2644 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2788 WUDFHost.exe
2432 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
652 C:\Windows\System32\svchost.exe
348 C:\Windows\System32\sppsvc.exe
1840 C:\Program Files\Windows Media Player\wmpnetwk.exe
2304 C:\Windows\System32\SearchIndexer.exe
3060 WmiPrvSE.exe
2928 C:\Windows\System32\taskhost.exe
2428 C:\Windows\System32\dwm.exe
2464 C:\Windows\explorer.exe
2968 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1888 C:\Program Files\PeerBlock\peerblock.exe
2884 C:\Program Files\Windows Sidebar\sidebar.exe
1688 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3196 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3944 taskhost.exe
3680 C:\Windows\System32\svchost.exe
3288 WmiPrvSE.exe
3800 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
3768 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
3352 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
4036 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
4088 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
3340 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
3528 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
1384 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
3756 C:\Users\Calvin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
3752 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
4832 C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
4896 F:\My Downloads\MBRCheck.exe
4328 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: SAMSUNGHD753LJ, Rev: 1AA01109
PhysicalDrive0 Model Number: SAMSUNGHD154UI, Rev: 1AG01118

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1397 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 03 March 2011 - 06:14 PM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 vinokirk

vinokirk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 04 March 2011 - 06:20 AM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5950

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

04/03/2011 11:17:19
mbam-log-2011-03-04 (11-17-19).txt

Scan type: Quick scan
Objects scanned: 176813
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:18:34, on 04/03/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Calvin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Calvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 82.192.86.132 oron.com www.oron.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~2\VISUAL~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~2\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~2\VISUAL~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://www.facebook.com/fbplugin/win32/axfbootloader.cab?1265709343046
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 ATV Service (StkSSrv) - Unknown owner - C:\Windows\System32\StkCSrv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11109 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 04 March 2011 - 11:26 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded startup entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brakets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • copy and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:09 PM

Posted 07 March 2011 - 07:59 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users