Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

'Google' redirect virus

Started by -Tom , Jul 04 2011 07:20 AM

  • This topic is locked This topic is locked

#1
-Tom
Posted 04 July 2011 - 07:20 AM

-Tom

    Member

  • Member
  • PipPip
  • 11 posts
Dear Geek(s),

I've contracted what seems to be a malware/virus/trojan that is constantly redirecting my searches from Google.com.
I've only recently been experiencing these redirects, and I have not personally downloaded anything of a suspicious nature.
HOWEVER, this is a shared family laptop and another person in my family may have downloaded something which has caused this.

I have followed the instructions to post an OTL log file, and await your response.

Thanks in advance,

-Tom


OTL logfile created on: 7/4/2011 10:55:04 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Loo\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 52.23% Memory free
7.73 Gb Paging File | 4.63 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 144.21 Gb Free Space | 31.97% Space Free | Partition Type: NTFS

Computer Name: LOO-PC | User Name: Loo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/04 22:54:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Loo\Downloads\OTL.com
PRC - [2011/06/23 14:58:56 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/10 22:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 22:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/14 05:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/14 05:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/01/14 05:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/18 07:37:16 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 07:34:12 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/21 22:52:32 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/02/21 22:52:32 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/02/21 22:52:00 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2009/12/24 08:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/24 08:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/06/25 07:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/10 00:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 23:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 23:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/02/06 02:06:18 | 000,291,840 | ---- | M] () -- C:\Users\Loo\My Documents\Setups\TwoFingerScroll.exe


========== Modules (SafeList) ==========

MOD - [2011/07/04 22:54:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Loo\Downloads\OTL.com
MOD - [2011/05/10 22:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 15:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/08/05 20:22:30 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/05 20:21:42 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr71.dll
MOD - [2007/03/22 11:33:00 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp71.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 22:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/05/05 03:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/24 16:12:30 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/18 07:29:08 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/03/18 07:27:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/02/03 16:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 09:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/10 00:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/01/14 05:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/11/23 08:37:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/07 14:11:08 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/07/11 13:41:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 07:37:16 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 07:34:12 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/02/21 22:52:00 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2009/12/24 08:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 23:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 21:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/11 16:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/30 16:26:29 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2010/07/07 17:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/03/24 16:42:50 | 006,654,976 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/24 15:23:52 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/18 07:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/18 07:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/18 07:33:06 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/03/18 07:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/18 07:27:14 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/03/10 00:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/18 04:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/18 04:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/03 16:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 16:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 16:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/18 01:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 18:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/03 16:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/03 16:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/03 16:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/03 16:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/16 04:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 06:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/25 10:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2006/11/02 02:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpr...F-ECEC0E19F272}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig#t_0"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.5a5.3
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://vshare.toolba...spx?srch=ku&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://wpad.rmit.edu.au/wpad.dat"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/07/04 13:01:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/04 00:09:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/04 13:01:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/04 13:01:14 | 000,000,000 | ---D | M]

[2010/08/09 22:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loo\AppData\Roaming\Mozilla\Extensions
[2011/07/04 22:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loo\AppData\Roaming\Mozilla\Firefox\Profiles\gcz1pdmb.default\extensions
[2011/07/04 13:01:43 | 000,000,000 | ---D | M] (New Tab JumpStart) -- C:\Users\Loo\AppData\Roaming\Mozilla\Firefox\Profiles\gcz1pdmb.default\extensions\[email protected]
[2011/01/07 10:45:20 | 000,002,376 | ---- | M] () -- C:\Users\Loo\AppData\Roaming\Mozilla\Firefox\Profiles\gcz1pdmb.default\searchplugins\search.xml
[2011/05/20 15:44:48 | 000,001,583 | ---- | M] () -- C:\Users\Loo\AppData\Roaming\Mozilla\Firefox\Profiles\gcz1pdmb.default\searchplugins\web-search.xml
[2010/08/09 22:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/04 00:09:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/07/04 13:01:37 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/07/23 10:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 10:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 10:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 10:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/03 23:32:39 | 000,000,834 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110511084337.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110511084337.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Burn4Free DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Burn4Free DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TwoFingerScroll] C:\Users\Loo\My Documents\Setups\TwoFingerScroll.exe ()
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 22:49:05 | 000,000,000 | ---D | C] -- C:\Users\Loo\Desktop\GooredFix Backups
[2011/07/04 18:42:15 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2011/07/04 18:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/04 18:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/07/04 04:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/07/04 01:02:10 | 000,000,000 | ---D | C] -- C:\Users\Loo\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/04 01:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/04 01:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/07/04 01:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/04 01:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/04 00:10:31 | 000,287,576 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2011/07/04 00:10:31 | 000,022,360 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2011/07/04 00:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/07/04 00:10:28 | 000,031,064 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2011/07/04 00:10:27 | 000,600,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/07/04 00:10:27 | 000,053,592 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2011/07/04 00:10:26 | 000,253,888 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/07/04 00:10:26 | 000,064,344 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 00:09:44 | 000,040,112 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011/07/04 00:09:41 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2011/07/04 00:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/04 00:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/03 23:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/07/03 21:28:36 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/07/03 20:50:19 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/07/03 20:50:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/03 20:44:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/03 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Loo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/03 20:13:03 | 000,000,000 | ---D | C] -- C:\Users\Loo\Documents\RegRun2
[2011/07/03 20:13:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2011/07/03 20:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2011/07/03 15:55:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2011/06/29 19:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/06/29 19:01:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/29 19:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/29 19:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/29 19:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/29 19:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/06/18 23:45:11 | 000,000,000 | ---D | C] -- C:\Users\Loo\AppData\Roaming\Mael
[2011/06/18 23:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HxD
[2011/06/10 19:15:57 | 000,000,000 | ---D | C] -- C:\Users\Loo\Desktop\V
[2011/06/10 13:08:24 | 000,000,000 | ---D | C] -- C:\Users\Loo\Desktop\FAKES

========== Files - Modified Within 30 Days ==========

[2011/07/04 22:48:02 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2153083774-268930708-2958730653-1001UA.job
[2011/07/04 18:42:15 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\windows\SysNative\bootdelete.exe
[2011/07/04 18:42:15 | 000,000,268 | ---- | M] () -- C:\windows\SysNative\bootdelete.lst
[2011/07/04 18:33:57 | 000,023,112 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro35.sys
[2011/07/04 18:33:52 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/07/04 18:25:24 | 000,730,320 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/07/04 18:25:24 | 000,627,082 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/07/04 18:25:24 | 000,107,366 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/07/04 12:32:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/07/04 04:20:54 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 04:20:54 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 04:12:08 | 002,288,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/07/04 04:11:43 | 3113,136,128 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 02:08:02 | 000,076,742 | ---- | M] () -- C:\Users\Loo\Desktop\duma.jpg
[2011/07/04 01:02:02 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/04 00:10:31 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/04 00:10:26 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/07/03 23:48:02 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2153083774-268930708-2958730653-1001Core.job
[2011/07/03 23:38:18 | 000,000,480 | ---- | M] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/07/03 23:32:39 | 000,000,834 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/07/03 22:50:41 | 000,001,260 | ---- | M] () -- C:\Users\Loo\Desktop\Spybot - Search & Destroy.lnk
[2011/07/03 22:34:41 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/03 04:32:19 | 000,000,040 | ---- | M] () -- C:\ProgramData\~40689400
[2011/06/29 19:00:51 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/26 16:45:56 | 000,256,000 | ---- | M] () -- C:\windows\PEV.exe
[2011/06/20 20:54:23 | 000,090,712 | ---- | M] () -- C:\Users\Loo\Desktop\SS
[2011/06/13 22:12:53 | 000,058,762 | ---- | M] () -- C:\Users\Loo\Desktop\[bleep].jpg
[2011/06/10 19:10:06 | 000,025,450 | ---- | M] () -- C:\Users\Loo\Desktop\VENDORRAGE2.png
[2011/06/10 19:06:20 | 000,154,714 | ---- | M] () -- C:\Users\Loo\Desktop\VENDORRAGE.png
[2011/06/10 19:06:20 | 000,154,714 | ---- | M] () -- C:\Users\Loo\Desktop\VENDORRAGE - Copy.png
[2011/06/06 19:32:02 | 000,159,021 | ---- | M] () -- C:\Users\Loo\Desktop\IMG_4994.JPG

========== Files Created - No Company Name ==========

[2011/07/04 18:42:15 | 000,000,268 | ---- | C] () -- C:\windows\SysNative\bootdelete.lst
[2011/07/04 18:33:57 | 000,023,112 | ---- | C] () -- C:\windows\SysNative\drivers\hitmanpro35.sys
[2011/07/04 18:33:52 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/07/04 02:08:01 | 000,076,742 | ---- | C] () -- C:\Users\Loo\Desktop\duma.jpg
[2011/07/04 01:02:02 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/04 00:10:31 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/04 00:10:26 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2011/07/03 23:38:18 | 000,000,480 | ---- | C] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/07/03 22:50:41 | 000,001,260 | ---- | C] () -- C:\Users\Loo\Desktop\Spybot - Search & Destroy.lnk
[2011/07/03 20:51:21 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/07/03 04:19:58 | 000,000,040 | ---- | C] () -- C:\ProgramData\~40689400
[2011/06/29 19:00:51 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/20 20:54:21 | 000,090,712 | ---- | C] () -- C:\Users\Loo\Desktop\SS
[2011/06/13 22:12:53 | 000,058,762 | ---- | C] () -- C:\Users\Loo\Desktop\[bleep].jpg
[2011/06/10 19:15:17 | 000,154,714 | ---- | C] () -- C:\Users\Loo\Desktop\VENDORRAGE - Copy.png
[2011/06/10 19:10:06 | 000,025,450 | ---- | C] () -- C:\Users\Loo\Desktop\VENDORRAGE2.png
[2011/06/10 19:06:19 | 000,154,714 | ---- | C] () -- C:\Users\Loo\Desktop\VENDORRAGE.png
[2011/06/06 20:35:14 | 000,159,021 | ---- | C] () -- C:\Users\Loo\Desktop\IMG_4994.JPG
[2011/02/03 00:58:02 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/28 01:43:53 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2010/09/09 13:06:48 | 000,004,608 | ---- | C] () -- C:\Users\Loo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/30 16:27:04 | 000,000,014 | ---- | C] () -- C:\windows\SysWow64\systeminfo.dll
[2010/07/20 16:42:12 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/07/11 16:08:49 | 000,001,035 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/07/11 16:03:46 | 000,000,193 | ---- | C] () -- C:\windows\Prelaunch.ini
[2010/07/11 16:03:46 | 000,000,147 | ---- | C] () -- C:\windows\WisPriority.ini
[2010/07/11 16:03:46 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2010/07/11 16:03:46 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2010/07/11 16:03:46 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2010/07/11 16:03:46 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2010/07/11 16:03:46 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2010/07/11 13:52:12 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/07/11 13:42:56 | 000,000,074 | RHS- | C] () -- C:\windows\CT4CET.bin
[2010/02/21 22:53:28 | 000,089,416 | ---- | C] () -- C:\windows\SysWow64\FAIEExtension.dll
[2010/02/21 22:52:36 | 000,059,208 | ---- | C] () -- C:\windows\SysWow64\FAib.dll
[2010/02/21 22:51:24 | 000,247,624 | ---- | C] () -- C:\windows\SysWow64\FACrashRpt.dll
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/14 07:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/14 07:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/14 07:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/07/04 21:56:58 | 000,000,000 | ---D | M] -- C:\Users\Loo\AppData\Roaming\go
[2010/12/26 01:45:22 | 000,000,000 | ---D | M] -- C:\Users\Loo\AppData\Roaming\Leadertech
[2011/07/04 13:01:41 | 000,000,000 | ---D | M] -- C:\Users\Loo\AppData\Roaming\Mael
[2010/11/07 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\Loo\AppData\Roaming\Need for Speed World
[2011/07/04 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\Loo\AppData\Roaming\uTorrent
[2011/06/27 03:42:26 | 000,032,650 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
ali.B
Posted 07 July 2011 - 04:49 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi :)

Sorry for the delay

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
-Tom
Posted 07 July 2011 - 08:24 PM

-Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
That's alright. :)

Here's the report:

2011/07/08 12:20:27.0029 1180 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/08 12:20:29.0031 1180 ================================================================================
2011/07/08 12:20:29.0031 1180 SystemInfo:
2011/07/08 12:20:29.0031 1180
2011/07/08 12:20:29.0031 1180 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/08 12:20:29.0031 1180 Product type: Workstation
2011/07/08 12:20:29.0031 1180 ComputerName: LOO-PC
2011/07/08 12:20:29.0032 1180 UserName: Loo
2011/07/08 12:20:29.0032 1180 Windows directory: C:\windows
2011/07/08 12:20:29.0032 1180 System windows directory: C:\windows
2011/07/08 12:20:29.0032 1180 Running under WOW64
2011/07/08 12:20:29.0032 1180 Processor architecture: Intel x64
2011/07/08 12:20:29.0032 1180 Number of processors: 4
2011/07/08 12:20:29.0032 1180 Page size: 0x1000
2011/07/08 12:20:29.0032 1180 Boot type: Normal boot
2011/07/08 12:20:29.0032 1180 ================================================================================
2011/07/08 12:20:29.0660 1180 Initialize success
2011/07/08 12:20:39.0796 6596 ================================================================================
2011/07/08 12:20:39.0796 6596 Scan started
2011/07/08 12:20:39.0796 6596 Mode: Manual;
2011/07/08 12:20:39.0796 6596 ================================================================================
2011/07/08 12:20:40.0679 6596 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\windows\system32\DRIVERS\1394ohci.sys
2011/07/08 12:20:40.0790 6596 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2011/07/08 12:20:40.0842 6596 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2011/07/08 12:20:40.0893 6596 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/08 12:20:40.0969 6596 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/08 12:20:41.0043 6596 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/08 12:20:41.0154 6596 AF15BDA (0517e1670a58213e3f206066cd209273) C:\windows\system32\DRIVERS\AF15BDA.sys
2011/07/08 12:20:41.0301 6596 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
2011/07/08 12:20:41.0325 6596 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2011/07/08 12:20:41.0392 6596 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2011/07/08 12:20:41.0469 6596 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2011/07/08 12:20:41.0515 6596 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/08 12:20:41.0737 6596 amdkmdag (d212e021f43891fbd0669dd8457d455c) C:\windows\system32\DRIVERS\atikmdag.sys
2011/07/08 12:20:41.0953 6596 amdkmdap (1c2421393cdc5a97269109fb352ddf1a) C:\windows\system32\DRIVERS\atikmpag.sys
2011/07/08 12:20:42.0056 6596 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/08 12:20:42.0133 6596 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
2011/07/08 12:20:42.0233 6596 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/08 12:20:42.0299 6596 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
2011/07/08 12:20:42.0379 6596 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2011/07/08 12:20:42.0444 6596 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/07/08 12:20:42.0474 6596 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/08 12:20:42.0532 6596 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\windows\system32\drivers\aswFsBlk.sys
2011/07/08 12:20:42.0632 6596 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\windows\system32\drivers\aswMonFlt.sys
2011/07/08 12:20:42.0705 6596 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\windows\system32\drivers\aswRdr.sys
2011/07/08 12:20:42.0789 6596 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\windows\system32\drivers\aswSnx.sys
2011/07/08 12:20:42.0908 6596 aswSP (af07b4bef920f90205148f3a05e2974c) C:\windows\system32\drivers\aswSP.sys
2011/07/08 12:20:42.0988 6596 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\windows\system32\drivers\aswTdi.sys
2011/07/08 12:20:43.0060 6596 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/08 12:20:43.0109 6596 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2011/07/08 12:20:43.0171 6596 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\windows\system32\drivers\AtiHdmi.sys
2011/07/08 12:20:43.0291 6596 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/07/08 12:20:43.0341 6596 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/07/08 12:20:43.0411 6596 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\windows\system32\drivers\BCM42RLY.sys
2011/07/08 12:20:43.0522 6596 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\windows\system32\DRIVERS\bcmwl664.sys
2011/07/08 12:20:43.0630 6596 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\windows\system32\DRIVERS\bcmvwl64.sys
2011/07/08 12:20:43.0705 6596 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/07/08 12:20:43.0758 6596 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/08 12:20:43.0839 6596 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
2011/07/08 12:20:43.0942 6596 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/08 12:20:43.0988 6596 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/08 12:20:44.0029 6596 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/07/08 12:20:44.0070 6596 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/08 12:20:44.0105 6596 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/08 12:20:44.0138 6596 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/08 12:20:44.0189 6596 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
2011/07/08 12:20:44.0233 6596 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/08 12:20:44.0270 6596 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
2011/07/08 12:20:44.0310 6596 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\windows\system32\Drivers\BTHport.sys
2011/07/08 12:20:44.0373 6596 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\windows\system32\Drivers\BTHUSB.sys
2011/07/08 12:20:44.0441 6596 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\windows\system32\drivers\btwaudio.sys
2011/07/08 12:20:44.0536 6596 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\windows\system32\DRIVERS\btwavdt.sys
2011/07/08 12:20:44.0637 6596 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/07/08 12:20:44.0702 6596 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\windows\system32\DRIVERS\btwrchid.sys
2011/07/08 12:20:44.0813 6596 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/08 12:20:44.0871 6596 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2011/07/08 12:20:44.0947 6596 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\windows\system32\drivers\cfwids.sys
2011/07/08 12:20:44.0994 6596 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/07/08 12:20:45.0045 6596 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/07/08 12:20:45.0147 6596 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/08 12:20:45.0191 6596 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2011/07/08 12:20:45.0228 6596 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2011/07/08 12:20:45.0278 6596 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/08 12:20:45.0317 6596 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/07/08 12:20:45.0363 6596 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/08 12:20:45.0428 6596 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\windows\system32\DRIVERS\CtClsFlt.sys
2011/07/08 12:20:45.0544 6596 dc3d (76e02db615a03801d698199a2bc4a06a) C:\windows\system32\DRIVERS\dc3d.sys
2011/07/08 12:20:45.0659 6596 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
2011/07/08 12:20:45.0804 6596 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/07/08 12:20:45.0878 6596 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/07/08 12:20:45.0934 6596 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/07/08 12:20:45.0997 6596 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/08 12:20:46.0221 6596 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/07/08 12:20:46.0413 6596 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/08 12:20:46.0481 6596 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2011/07/08 12:20:46.0535 6596 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/07/08 12:20:46.0585 6596 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\windows\system32\DRIVERS\facap.sys
2011/07/08 12:20:46.0672 6596 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/07/08 12:20:46.0708 6596 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/07/08 12:20:46.0750 6596 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/07/08 12:20:46.0777 6596 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/07/08 12:20:46.0836 6596 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/08 12:20:46.0880 6596 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2011/07/08 12:20:46.0940 6596 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/07/08 12:20:46.0985 6596 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/08 12:20:47.0029 6596 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/08 12:20:47.0065 6596 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/08 12:20:47.0133 6596 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/08 12:20:47.0219 6596 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/07/08 12:20:47.0267 6596 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2011/07/08 12:20:47.0335 6596 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/07/08 12:20:47.0397 6596 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
2011/07/08 12:20:47.0461 6596 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/08 12:20:47.0494 6596 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/08 12:20:47.0524 6596 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/07/08 12:20:47.0579 6596 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2011/07/08 12:20:47.0634 6596 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/07/08 12:20:47.0682 6596 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2011/07/08 12:20:47.0726 6596 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2011/07/08 12:20:47.0765 6596 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2011/07/08 12:20:47.0826 6596 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\windows\system32\DRIVERS\iaStor.sys
2011/07/08 12:20:47.0900 6596 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
2011/07/08 12:20:48.0117 6596 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/07/08 12:20:48.0290 6596 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/08 12:20:48.0346 6596 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2011/07/08 12:20:48.0405 6596 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/08 12:20:48.0438 6596 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/07/08 12:20:48.0475 6596 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/07/08 12:20:48.0501 6596 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/07/08 12:20:48.0563 6596 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/07/08 12:20:48.0617 6596 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2011/07/08 12:20:48.0660 6596 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2011/07/08 12:20:48.0725 6596 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2011/07/08 12:20:48.0767 6596 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2011/07/08 12:20:48.0820 6596 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2011/07/08 12:20:48.0869 6596 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/08 12:20:48.0954 6596 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/07/08 12:20:49.0013 6596 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/08 12:20:49.0086 6596 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/08 12:20:49.0121 6596 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/08 12:20:49.0149 6596 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/08 12:20:49.0186 6596 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/08 12:20:49.0233 6596 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/07/08 12:20:49.0326 6596 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/07/08 12:20:49.0374 6596 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/08 12:20:49.0480 6596 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\windows\system32\drivers\mfeapfk.sys
2011/07/08 12:20:49.0533 6596 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\windows\system32\drivers\mfeavfk.sys
2011/07/08 12:20:49.0702 6596 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\windows\system32\drivers\mfefirek.sys
2011/07/08 12:20:49.0852 6596 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\windows\system32\drivers\mfehidk.sys
2011/07/08 12:20:49.0989 6596 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\windows\system32\DRIVERS\mfenlfk.sys
2011/07/08 12:20:50.0064 6596 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\windows\system32\drivers\mferkdet.sys
2011/07/08 12:20:50.0144 6596 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\windows\system32\drivers\mfewfpk.sys
2011/07/08 12:20:50.0238 6596 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/07/08 12:20:50.0291 6596 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/07/08 12:20:50.0327 6596 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/07/08 12:20:50.0378 6596 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/08 12:20:50.0410 6596 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2011/07/08 12:20:50.0438 6596 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2011/07/08 12:20:50.0473 6596 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/07/08 12:20:50.0515 6596 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2011/07/08 12:20:50.0566 6596 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/08 12:20:50.0709 6596 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/08 12:20:50.0796 6596 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/08 12:20:50.0878 6596 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\windows\system32\DRIVERS\msahci.sys
2011/07/08 12:20:50.0961 6596 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2011/07/08 12:20:51.0000 6596 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/07/08 12:20:51.0029 6596 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/08 12:20:51.0101 6596 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2011/07/08 12:20:51.0146 6596 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/08 12:20:51.0188 6596 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/08 12:20:51.0232 6596 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/07/08 12:20:51.0271 6596 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2011/07/08 12:20:51.0317 6596 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2011/07/08 12:20:51.0346 6596 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/07/08 12:20:51.0380 6596 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/08 12:20:51.0419 6596 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/07/08 12:20:51.0490 6596 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/08 12:20:51.0547 6596 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2011/07/08 12:20:51.0614 6596 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/08 12:20:51.0662 6596 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/08 12:20:51.0703 6596 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/08 12:20:51.0743 6596 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/08 12:20:51.0789 6596 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2011/07/08 12:20:51.0820 6596 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/07/08 12:20:51.0855 6596 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2011/07/08 12:20:51.0916 6596 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/08 12:20:51.0971 6596 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/07/08 12:20:52.0001 6596 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/07/08 12:20:52.0079 6596 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
2011/07/08 12:20:52.0230 6596 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/07/08 12:20:52.0291 6596 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
2011/07/08 12:20:52.0435 6596 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
2011/07/08 12:20:52.0565 6596 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2011/07/08 12:20:52.0629 6596 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2011/07/08 12:20:52.0701 6596 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/07/08 12:20:52.0738 6596 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2011/07/08 12:20:52.0776 6596 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2011/07/08 12:20:52.0815 6596 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2011/07/08 12:20:52.0862 6596 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/08 12:20:52.0902 6596 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/07/08 12:20:52.0949 6596 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/07/08 12:20:53.0080 6596 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/08 12:20:53.0112 6596 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/07/08 12:20:53.0167 6596 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2011/07/08 12:20:53.0207 6596 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
2011/07/08 12:20:53.0337 6596 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/08 12:20:53.0435 6596 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/08 12:20:53.0477 6596 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/07/08 12:20:53.0511 6596 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/08 12:20:53.0551 6596 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/08 12:20:53.0586 6596 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/08 12:20:53.0620 6596 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/08 12:20:53.0658 6596 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/08 12:20:53.0700 6596 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/08 12:20:53.0752 6596 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/08 12:20:53.0799 6596 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/08 12:20:53.0821 6596 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/07/08 12:20:53.0850 6596 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/07/08 12:20:53.0881 6596 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2011/07/08 12:20:53.0938 6596 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2011/07/08 12:20:54.0004 6596 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
2011/07/08 12:20:54.0072 6596 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/08 12:20:54.0130 6596 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\windows\system32\Drivers\RtsUStor.sys
2011/07/08 12:20:54.0282 6596 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/07/08 12:20:54.0478 6596 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/07/08 12:20:54.0555 6596 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/07/08 12:20:54.0688 6596 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2011/07/08 12:20:54.0759 6596 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/08 12:20:54.0826 6596 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/07/08 12:20:54.0878 6596 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/07/08 12:20:54.0931 6596 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/07/08 12:20:54.0969 6596 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/08 12:20:55.0021 6596 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
2011/07/08 12:20:55.0051 6596 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/07/08 12:20:55.0086 6596 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/07/08 12:20:55.0120 6596 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/08 12:20:55.0176 6596 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/08 12:20:55.0204 6596 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/08 12:20:55.0252 6596 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/07/08 12:20:55.0310 6596 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/07/08 12:20:55.0379 6596 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
2011/07/08 12:20:55.0528 6596 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
2011/07/08 12:20:55.0661 6596 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/08 12:20:55.0830 6596 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/08 12:20:55.0897 6596 STHDA (caf5a9708671b14b9670260735b22c4e) C:\windows\system32\DRIVERS\stwrt64.sys
2011/07/08 12:20:56.0049 6596 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2011/07/08 12:20:56.0111 6596 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\windows\system32\DRIVERS\SynTP.sys
2011/07/08 12:20:56.0383 6596 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\windows\system32\drivers\tcpip.sys
2011/07/08 12:20:56.0617 6596 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/08 12:20:56.0674 6596 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2011/07/08 12:20:56.0710 6596 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/07/08 12:20:56.0745 6596 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/07/08 12:20:56.0785 6596 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2011/07/08 12:20:56.0816 6596 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2011/07/08 12:20:56.0875 6596 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/08 12:20:56.0917 6596 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/08 12:20:56.0959 6596 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/08 12:20:57.0012 6596 udfs (31ba4a33afab6a69ea092b18017f737f) C:\windows\system32\DRIVERS\udfs.sys
2011/07/08 12:20:57.0156 6596 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/07/08 12:20:57.0195 6596 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2011/07/08 12:20:57.0229 6596 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/07/08 12:20:57.0330 6596 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys
2011/07/08 12:20:57.0418 6596 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
2011/07/08 12:20:57.0470 6596 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/08 12:20:57.0561 6596 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2011/07/08 12:20:57.0597 6596 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
2011/07/08 12:20:57.0711 6596 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/08 12:20:57.0840 6596 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
2011/07/08 12:20:57.0980 6596 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/08 12:20:58.0046 6596 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/07/08 12:20:58.0164 6596 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
2011/07/08 12:20:58.0277 6596 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
2011/07/08 12:20:58.0390 6596 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
2011/07/08 12:20:58.0467 6596 VaneFltr (81a9f455bf2c9180348949f7c8d93e66) C:\windows\system32\drivers\Lachesis.sys
2011/07/08 12:20:58.0599 6596 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/07/08 12:20:58.0653 6596 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/08 12:20:58.0684 6596 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/07/08 12:20:58.0723 6596 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2011/07/08 12:20:58.0778 6596 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2011/07/08 12:20:58.0814 6596 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2011/07/08 12:20:58.0852 6596 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2011/07/08 12:20:58.0914 6596 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/08 12:20:58.0979 6596 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/08 12:20:59.0023 6596 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/07/08 12:20:59.0050 6596 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/07/08 12:20:59.0086 6596 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
2011/07/08 12:20:59.0133 6596 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/08 12:20:59.0171 6596 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/08 12:20:59.0187 6596 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/08 12:20:59.0249 6596 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/07/08 12:20:59.0293 6596 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/07/08 12:20:59.0411 6596 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/08 12:20:59.0488 6596 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
2011/07/08 12:20:59.0637 6596 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/07/08 12:20:59.0768 6596 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\windows\system32\DRIVERS\WinUsb.sys
2011/07/08 12:20:59.0934 6596 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/07/08 12:21:00.0025 6596 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/08 12:21:00.0118 6596 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\windows\system32\drivers\WudfPf.sys
2011/07/08 12:21:00.0268 6596 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/07/08 12:21:00.0428 6596 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
2011/07/08 12:21:00.0522 6596 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0
2011/07/08 12:21:00.0539 6596 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
2011/07/08 12:21:00.0561 6596 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
2011/07/08 12:21:00.0566 6596 ================================================================================
2011/07/08 12:21:00.0566 6596 Scan finished
2011/07/08 12:21:00.0566 6596 ================================================================================
2011/07/08 12:21:00.0576 2176 Detected object count: 0
2011/07/08 12:21:00.0576 2176 Actual detected object count: 0
  • 0

#4
ali.B
Posted 08 July 2011 - 03:45 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#5
-Tom
Posted 08 July 2011 - 09:25 AM

-Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi Ali!

Here we go:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-08 21:48:32
-----------------------------
21:48:32.646 OS Version: Windows x64 6.1.7600
21:48:32.647 Number of processors: 4 586 0x2502
21:48:32.648 ComputerName: LOO-PC UserName: Loo
21:48:35.498 Initialize success
21:48:35.695 AVAST engine defs: 11070800
21:51:42.675 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:51:42.682 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
21:51:42.704 Disk 0 MBR read successfully
21:51:42.706 Disk 0 MBR scan
21:51:42.709 Disk 0 unknown MBR code
21:51:42.711 Disk 0 MBR hidden
21:51:42.714 Service scanning
21:51:43.983 Disk 0 trace - called modules:
21:51:44.015 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004c65254]<<
21:51:44.018 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c51060]
21:51:44.021 3 CLASSPNP.SYS[fffff88000e4043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800496c050]
21:51:44.025 \Driver\iaStor[0xfffffa80048f47e0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004c65254
21:51:53.235 AVAST engine scan C:\windows
22:15:59.756 File: C:\windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
22:16:03.323 File: C:\windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
22:16:03.894 File: C:\windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
22:16:04.642 File: C:\windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
22:16:05.098 File: C:\windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
22:16:05.650 File: C:\windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
22:16:25.630 File: C:\windows\System32\drivers\wimmount.sys **SUSPICIOUS**
23:11:57.562 AVAST engine scan C:\Users\Loo
23:27:13.107 AVAST engine scan C:\ProgramData
23:40:56.418 Scan finished successfully
01:21:19.862 Disk 0 MBR has been saved successfully to "C:\Users\Loo\Documents\MBR.dat"
01:21:19.884 The log file has been saved successfully to "C:\Users\Loo\Documents\aswMBR.txt"
  • 0

#6
ali.B
Posted 08 July 2011 - 01:00 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#7
-Tom
Posted 09 July 2011 - 12:01 PM

-Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello

ComboFix 11-07-09.01 - Loo 07/10/2011 2:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3959.1972 [GMT 10:00]
Running from: c:\users\Loo\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
---- Previous Run -------
.
c:\programdata\40689400.exe
c:\programdata\ntvjEpyTyB.exe
c:\users\Loo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
c:\users\Loo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Uninstall Windows 7 Repair.lnk
c:\users\Loo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Windows 7 Repair.lnk
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2011-06-09 to 2011-07-09 )))))))))))))))))))))))))))))))
.
.
2011-07-09 17:28 . 2011-07-09 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-04 08:42 . 2011-07-04 08:42 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-04 08:33 . 2011-07-04 08:33 23112 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-04 08:33 . 2011-07-04 08:33 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-07-04 08:30 . 2011-07-04 08:42 -------- d-----w- c:\programdata\Hitman Pro
2011-07-03 15:02 . 2011-07-03 15:02 -------- d-----w- c:\users\Loo\AppData\Roaming\SUPERAntiSpyware.com
2011-07-03 15:02 . 2011-07-03 15:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-03 15:02 . 2011-07-03 15:02 -------- d-----w- c:\programdata\!SASCORE
2011-07-03 15:01 . 2011-07-03 15:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-03 14:10 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-03 14:10 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-03 14:10 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-03 14:10 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-03 14:10 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-03 14:10 . 2011-05-10 12:10 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-03 14:10 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-03 14:09 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-07-03 14:09 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-03 14:08 . 2011-07-03 14:09 -------- d-----w- c:\programdata\AVAST Software
2011-07-03 14:08 . 2011-07-03 14:09 -------- d-----w- c:\program files\AVAST Software
2011-07-03 13:24 . 2011-07-03 13:55 -------- d-----w- c:\programdata\STOPzilla!
2011-07-03 12:38 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-03 12:38 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-07-03 12:38 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-07-03 12:38 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-07-03 12:38 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-07-03 12:25 . 2011-07-03 12:25 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\Markup.dll
2011-07-03 10:12 . 2011-07-04 02:59 -------- d-----w- c:\program files (x86)\UnHackMe
2011-07-03 05:55 . 2011-07-04 03:00 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-06-29 09:20 . 2011-05-04 04:52 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-06-29 09:01 . 2011-07-04 03:00 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-06-29 09:00 . 2011-07-04 03:01 -------- d-----w- c:\program files\iPod
2011-06-29 09:00 . 2011-07-04 03:01 -------- d-----w- c:\program files\iTunes
2011-06-29 09:00 . 2011-07-04 03:01 -------- d-----w- c:\program files (x86)\iTunes
2011-06-18 13:45 . 2011-07-04 03:01 -------- d-----w- c:\users\Loo\AppData\Roaming\Mael
2011-06-18 13:30 . 2011-07-04 03:01 -------- d-----w- c:\program files (x86)\HxD
2011-06-16 04:37 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-16 04:37 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-16 04:37 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 04:37 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 04:37 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 04:37 . 2010-12-18 06:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 04:37 . 2010-12-18 05:31 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-16 04:37 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 04:37 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-16 04:36 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 04:33 . 2011-04-22 20:18 1197056 ----a-w- c:\windows\system32\wininet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-09 14:01 . 2010-09-19 12:28 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-07-09 05:14 . 2010-09-20 08:08 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-06-21 15:16 . 2010-09-19 12:27 336192 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-22 20:18 . 2011-05-24 22:49 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-14 04:01 . 2010-07-11 03:44 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 04:01 . 2010-01-05 23:04 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 04:01 . 2010-01-05 23:04 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 04:01 . 2010-01-05 23:04 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 04:01 . 2010-01-05 23:04 530304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 04:01 . 2010-01-05 23:04 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 04:01 . 2010-01-05 23:04 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 04:01 . 2010-01-05 23:04 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 04:01 . 2010-01-05 23:04 121376 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TwoFingerScroll"="c:\users\Loo\Documents\Setups\TwoFingerScroll.exe" [2009-02-05 291840]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-24 102400]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-02-21 95560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-25 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-02-21 12:51 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-09 355440]
R4 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-02-21 2409800]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-09 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-09 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153083774-268930708-2958730653-1001Core.job
- c:\users\Loo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-19 09:15]
.
2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153083774-268930708-2958730653-1001UA.job
- c:\users\Loo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-19 09:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF10961.cfxxe" [X]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/burn4free/{2843B081-DDC2-4665-A95F-ECEC0E19F272}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Loo\AppData\Roaming\Mozilla\Firefox\Profiles\gcz1pdmb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig#t_0
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: New Tab JumpStart: [email protected] - %profile%\extensions\[email protected]
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: [email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2011-07-10 03:55:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-09 17:55
.
Pre-Run: 150,223,331,328 bytes free
Post-Run: 151,583,596,544 bytes free
.
- - End Of File - - 2941B335A3CFDD2FAF4702BD66D3E1E4
  • 0

#8
ali.B
Posted 09 July 2011 - 02:18 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
still getting redirected ?
  • 0

#9
-Tom
Posted 10 July 2011 - 12:34 AM

-Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Yes. Whenever I click on a link in Google, it redirects me to some 'ad' website which doesn't finish fully loading, then it redirects again onto a website which begins with:

http ://64.111.211.164/[random string of letters and numbers here]

I'm fairly sure that part of the URL stays the same with each redirection.

Edited by -Tom, 10 July 2011 - 12:36 AM.

  • 0

#10
ali.B
Posted 10 July 2011 - 02:25 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Rootkit Unhooker:
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
  • 0

Advertisements

#11
-Tom
Posted 10 July 2011 - 03:03 AM

-Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello!

It refuses to run and displays this error message:

Sorry, but unhandled exception has occured
Program will be terminated
Exception code: 0xC0000005
Instruction address: 0x00402EAA
Attempt to read at address: 0xFFFFFFFF

Error log generated, please report to developers
  • 0

#12
ali.B
Posted 10 July 2011 - 11:52 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#13
-Tom
Posted 11 July 2011 - 02:37 AM

-Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi!

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron N5010
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 181):
0x03414000 \SystemRoot\system32\ntoskrnl.exe
0x039F0000 \SystemRoot\system32\hal.dll
0x00BAD000 \SystemRoot\system32\kdcom.dll
0x00CC9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0D000 \SystemRoot\system32\PSHED.dll
0x00D21000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E0E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC1000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F18000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F21000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F2B000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F5E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F6B000 \SystemRoot\System32\drivers\partmgr.sys
0x00F80000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F89000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F95000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAA000 \SystemRoot\System32\drivers\mountmgr.sys
0x01090000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01298000 \SystemRoot\system32\DRIVERS\atapi.sys
0x012A1000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x012CB000 \SystemRoot\system32\DRIVERS\msahci.sys
0x012D6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x012E6000 \SystemRoot\system32\drivers\amdxata.sys
0x012F1000 \SystemRoot\system32\drivers\fltmgr.sys
0x0133D000 \SystemRoot\system32\drivers\fileinfo.sys
0x01351000 \SystemRoot\system32\drivers\mfehidk.sys
0x013D1000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01451000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016D1000 \SystemRoot\System32\Drivers\cng.sys
0x01744000 \SystemRoot\System32\drivers\pcw.sys
0x01755000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01867000 \SystemRoot\system32\drivers\ndis.sys
0x01959000 \SystemRoot\system32\drivers\NETIO.SYS
0x019B9000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A03000 \SystemRoot\System32\drivers\tcpip.sys
0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0175F000 \SystemRoot\system32\drivers\mfewfpk.sys
0x0184A000 \SystemRoot\system32\drivers\TDI.SYS
0x017A3000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01857000 \SystemRoot\System32\Drivers\spldr.sys
0x01600000 \SystemRoot\System32\drivers\rdyboost.sys
0x019E4000 \SystemRoot\System32\Drivers\mup.sys
0x019F6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0163A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01674000 \SystemRoot\system32\DRIVERS\disk.sys
0x0168A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x042FC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04326000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x043BE000 \SystemRoot\System32\Drivers\Null.SYS
0x043C7000 \SystemRoot\System32\Drivers\Beep.SYS
0x043CE000 \SystemRoot\System32\drivers\vga.sys
0x04000000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04025000 \SystemRoot\System32\drivers\watchdog.sys
0x04035000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0403E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04047000 \SystemRoot\system32\drivers\rdprefmp.sys
0x04050000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0405B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0406C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0408A000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x0409A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02EDC000 \SystemRoot\system32\drivers\afd.sys
0x02F65000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x02F6F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F78000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F9E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02FB4000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x02FC5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02FD4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02E00000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E14000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x02E1E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02E28000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E79000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E85000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E90000 \SystemRoot\System32\drivers\discache.sys
0x02E9F000 \SystemRoot\System32\Drivers\dfsc.sys
0x02EBD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0445E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x044AB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x044D1000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04AB9000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04507000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05163000 \SystemRoot\System32\drivers\dxgmms1.sys
0x051A9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x051CD000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x051DE000 \SystemRoot\system32\drivers\usbehci.sys
0x04A00000 \SystemRoot\system32\drivers\USBPORT.SYS
0x052E7000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x055D6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05251000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0526F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x052BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x052C0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x052CF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x055E3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x055F0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x055F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04A56000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04A6C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04400000 \SystemRoot\system32\DRIVERS\ks.sys
0x0141A000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x052DE000 \SystemRoot\system32\drivers\ksthunk.sys
0x04443000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x043DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02ECE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0105E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x013DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00FC4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00FE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02FEF000 \SystemRoot\system32\DRIVERS\bcmvwl64.sys
0x052E4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00DDB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x09602000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0965C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x09671000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x09693000 \SystemRoot\system32\drivers\portcls.sys
0x096D0000 \SystemRoot\system32\drivers\drmk.sys
0x096F2000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x09771000 \SystemRoot\system32\drivers\mfeavfk.sys
0x046D6000 \SystemRoot\system32\drivers\mfefirek.sys
0x04740000 \SystemRoot\System32\Drivers\crashdmp.sys
0x040DF000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0474E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x04761000 \SystemRoot\System32\drivers\Dxapi.sys
0x0476D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0478A000 \SystemRoot\system32\drivers\Lachesis.sys
0x04792000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x047A0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x047B9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x047C2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x047CF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x047DD000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x04600000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0462E000 \SystemRoot\system32\DRIVERS\AF15BDA.sys
0x046AA000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x046AE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x00990000 \SystemRoot\System32\ATMFD.DLL
0x0979E000 \SystemRoot\system32\drivers\luafv.sys
0x097C1000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x046BC000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x05200000 \SystemRoot\system32\drivers\WudfPf.sys
0x05221000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03C8E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03CE1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03CF4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03D0C000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x03D16000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03D4C000 \SystemRoot\system32\drivers\MSPQM.sys
0x03D4E000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0x064F7000 \SystemRoot\system32\drivers\HTTP.sys
0x065BF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x065DD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0642D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0647B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03D50000 \SystemRoot\system32\drivers\peauth.sys
0x0649E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x064A9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x064D6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03C00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06EB1000 \SystemRoot\System32\DRIVERS\srv.sys
0x06F46000 \SystemRoot\system32\drivers\cfwids.sys
0x06F54000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06F85000 \SystemRoot\system32\drivers\mfeapfk.sys
0x06FA1000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x06E71000 \??\C:\windows\system32\drivers\EagleX64.sys
0x06E00000 \SystemRoot\system32\DRIVERS\facap.sys
0x06E39000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x771E0000 \Windows\System32\ntdll.dll
0x47BD0000 \Windows\System32\smss.exe
0xFF500000 \Windows\System32\apisetschema.dll
0xFF650000 \Windows\System32\autochk.exe

Processes (total 92):
0 System Idle Process
4 System
376 C:\Windows\System32\smss.exe
552 csrss.exe
620 C:\Windows\System32\wininit.exe
644 csrss.exe
688 C:\Windows\System32\services.exe
704 C:\Windows\System32\lsass.exe
716 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\atiesrxx.exe
384 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\svchost.exe
812 C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
1036 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\stacsv64.exe
1268 C:\Windows\System32\svchost.exe
1320 C:\Program Files\Dell\DellDock\DockLogin.exe
1396 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\atieclxx.exe
1628 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
1636 C:\Windows\System32\wlanext.exe
1644 C:\Windows\System32\conhost.exe
1736 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
1744 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
2096 C:\Windows\System32\spoolsv.exe
2128 C:\Windows\System32\svchost.exe
2244 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2268 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
2304 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2380 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2404 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2440 C:\Windows\System32\svchost.exe
2520 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
2552 C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
2628 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2688 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2728 C:\Windows\System32\svchost.exe
2764 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2912 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
2988 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
2316 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
3840 C:\Windows\System32\svchost.exe
3864 WUDFHost.exe
4948 C:\Windows\System32\taskhost.exe
3240 C:\Windows\System32\dwm.exe
3708 C:\Windows\explorer.exe
3300 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
4408 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
4476 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
4452 C:\Program Files\IDT\WDM\sttray64.exe
4740 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4772 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
5028 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5064 C:\Users\Loo\Documents\Setups\TwoFingerScroll.exe
4116 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
4300 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3884 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4328 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
4984 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
776 C:\Program Files\mcafee.com\agent\mcagent.exe
936 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
120 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
2536 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4392 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4000 C:\Windows\System32\SearchIndexer.exe
5424 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5484 C:\Program Files\Windows Media Player\wmpnetwk.exe
4284 C:\Windows\System32\svchost.exe
3836 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
260 C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
2576 C:\Program Files (x86)\iTunes\iTunesHelper.exe
416 C:\Program Files\AVAST Software\Avast\AvastUI.exe
5912 C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
3740 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
4308 C:\Program Files\iPod\bin\iPodService.exe
6340 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
5756 C:\Windows\System32\wuauclt.exe
3796 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
6800 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
6000 C:\Windows\System32\audiodg.exe
6756 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5688 C:\Windows\ehome\ehrecvr.exe
4556 C:\Program Files (x86)\Skype\Phone\Skype.exe
4928 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
1060 mcGlidHost.exe
6036 C:\PROGRA~1\INTERN~1\iexplore.exe
6016 C:\PROGRA~1\INTERN~1\iexplore.exe
7768 C:\Users\Loo\Downloads\MBRCheck.exe
7488 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`afd00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: D005SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
  • 0

#14
ali.B
Posted 11 July 2011 - 05:30 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the MBRFix icon.
  • A command prompt will be presented. Type the following commands and press Enter after each line:

    MBRFix /drive 0 fixmbr /win7
  • Reboot your system.

When you are back into normal mode do the following again:

Double click on MBRCheck.exe that you previously downloaded

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#15
-Tom
Posted 13 July 2011 - 11:57 PM

-Tom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry for my lack of reply.
I'm still in the process of purchasing a blank CD.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP