Redirect Trojan or Malware

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Redirect Trojan or Malware

Post by squidly on Mon 04 Oct 2010, 3:11 am

I visited a snopes.com forum on Friday and got a warning from my anti-virus and closed the window. Since then I have been getting redirected to various different sites including a fake virus software site. I am also unable to log in here using a regular login - it gets stuck on [You must be registered and logged in to see this link.] and won't take me to the login page. I was able to login using facebook which is how I am here.

I have run Spybot and it found nothing. I ran Malwarebytes and it found and corrected 18 items but they appeared to be cookies except for one that said "porn pop-up" and another that didn't have any identifying info. I am not convinced I am clean though as I still have the same login problem, though no redirects have happened today - yet.

I updated Windows, Adobe Reader and Java and ran the OTL scan per the instructions.

OTL logfile created on: 10/3/2010 1:17:06 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sigrid\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.80 Gb Total Space | 374.15 Gb Free Space | 82.63% Space Free | Partition Type: NTFS
Drive D: | 12.76 Gb Total Space | 2.13 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIGRID-PC
Current User Name: Sigrid
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/03 01:15:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sigrid\Downloads\OTL.com
PRC - [2010/09/24 14:32:16 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/24 14:32:04 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/09/24 14:31:45 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/09/24 14:31:39 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/09/23 16:40:26 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/23 16:40:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/07/23 23:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/05/29 17:58:46 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/10/03 01:15:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sigrid\Downloads\OTL.com
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2010/09/24 14:31:45 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/24 14:31:39 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/24 14:32:54 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/09/24 14:32:49 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/09/24 14:32:49 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/07/28 21:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/09 22:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/25 04:33:15 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 14:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 08:13:00 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.51
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 04:53:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/22 21:44:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/25 14:43:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/23 16:40:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/23 16:40:27 | 000,000,000 | ---D | M]

[2009/12/31 13:24:47 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Mozilla\Extensions
[2010/06/24 10:36:23 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\vv0qp2cb.default\extensions
[2010/08/05 09:12:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/05 09:12:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKCU..\Run: [EPSON Stylus CX4800 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIADA.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.237 213.109.72.202 1.1.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPCam_Menu - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {484D1C33-4786-C3DF-62F4-62F7D885DA16} - Microsoft Windows Media Player 12.0
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/03 01:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/03 01:02:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2010/10/03 01:02:20 | 000,000,000 | ---D | C] -- C:\Intel
[2010/10/03 00:58:51 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/10/03 00:58:24 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/10/03 00:58:23 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/10/03 00:58:23 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/10/03 00:58:23 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/10/03 00:58:23 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/10/03 00:58:23 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/10/03 00:58:23 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/10/03 00:58:23 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/10/03 00:58:23 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/10/03 00:58:23 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/10/03 00:58:23 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/10/03 00:58:23 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/10/03 00:58:23 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/10/03 00:58:23 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/10/03 00:58:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/10/03 00:58:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/10/03 00:58:21 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/10/03 00:58:19 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/10/03 00:58:18 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/10/03 00:58:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/10/03 00:58:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/10/03 00:58:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/10/03 00:58:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/10/03 00:58:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/10/03 00:58:02 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/03 00:58:02 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/03 00:58:02 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/03 00:58:02 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/03 00:58:02 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/03 00:58:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/03 00:58:01 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/10/03 00:58:01 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/10/03 00:58:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/03 00:50:53 | 000,468,480 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/10/03 00:50:53 | 000,183,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/10/03 00:50:53 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/10/03 00:50:53 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/10/03 00:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/02 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\AppData\Roaming\Malwarebytes
[2010/10/02 18:19:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/02 18:19:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/02 18:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/02 18:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/28 12:52:01 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\Documents\Employment
[2010/09/25 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\AppData\Local\Apps
[2010/09/24 14:32:55 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/24 14:32:53 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/24 14:32:49 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/24 14:32:48 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/24 14:32:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/09/16 13:22:47 | 000,000,000 | ---D | C] -- C:\aa2e676dc6ddaeeacdfc95
[2010/09/16 13:22:23 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/11 15:02:16 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMAEA.DLL
[2010/09/11 15:02:16 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBAEA.DLL
[40 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/03 01:20:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 01:20:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 01:17:51 | 002,359,296 | -HS- | M] () -- C:\Users\Sigrid\NTUSER.DAT
[2010/10/03 01:12:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/03 01:12:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/03 01:11:54 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/03 01:10:38 | 004,648,539 | -H-- | M] () -- C:\Users\Sigrid\AppData\Local\IconCache.db
[2010/10/03 01:08:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/03 01:07:13 | 000,737,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/03 01:07:13 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/03 01:07:13 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/03 00:50:49 | 000,468,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/10/03 00:50:49 | 000,183,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/10/03 00:50:49 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/10/03 00:50:49 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/10/02 19:05:19 | 065,578,899 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/02 18:19:33 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/02 18:14:21 | 000,022,934 | ---- | M] () -- C:\Users\Sigrid\Documents\Spybot - Search & Destroy scan report.pdf
[2010/10/01 17:40:45 | 000,018,238 | ---- | M] () -- C:\Users\Sigrid\.recently-used.xbel
[2010/10/01 17:33:42 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/10/01 17:31:33 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/09/24 14:32:56 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/24 14:32:56 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/24 14:32:54 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/24 14:32:49 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/24 14:32:49 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/24 14:32:48 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/21 17:14:59 | 000,003,054 | ---- | M] () -- C:\Users\Sigrid\AppData\Roaming\wklnhst.dat
[2010/09/21 16:22:26 | 000,120,542 | ---- | M] () -- C:\Users\Sigrid\Documents\mango salsa.pdf
[2010/09/19 21:25:57 | 000,013,824 | ---- | M] () -- C:\Users\Sigrid\Documents\David 071410 final.xlr
[2010/09/19 21:24:50 | 000,013,824 | ---- | M] () -- C:\Users\Sigrid\Documents\Discover 2010 edit.xlr
[2010/09/14 23:29:06 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSigrid.job
[2010/09/12 22:04:11 | 000,000,000 | ---- | M] () -- C:\Users\Sigrid\AppData\Local\prvlcl.dat
[2010/09/11 01:18:29 | 000,107,599 | ---- | M] () -- C:\Users\Sigrid\Documents\DH Murrine.pdf
[2010/09/05 00:58:36 | 001,116,675 | ---- | M] () -- C:\Users\Sigrid\Documents\Honestly - Lampwork Etc.pdf
[2010/09/03 17:57:14 | 000,000,714 | ---- | M] () -- C:\Users\Sigrid\Documents\Cabochon_Adventure_Part_2 printed.pdf
[2010/09/03 17:57:06 | 017,749,378 | ---- | M] () -- C:\Users\Sigrid\Documents\Cabochon_Adventure_Part_1 printed.pdf
[40 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/03 01:08:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/02 18:19:33 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/02 18:14:19 | 000,022,934 | ---- | C] () -- C:\Users\Sigrid\Documents\Spybot - Search & Destroy scan report.pdf
[2010/10/01 17:40:45 | 000,018,238 | ---- | C] () -- C:\Users\Sigrid\.recently-used.xbel
[2010/09/24 14:32:56 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/24 14:32:48 | 065,578,899 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/24 14:32:48 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/21 16:22:25 | 000,120,542 | ---- | C] () -- C:\Users\Sigrid\Documents\mango salsa.pdf
[2010/09/19 21:25:10 | 000,013,824 | ---- | C] () -- C:\Users\Sigrid\Documents\David 071410 final.xlr
[2010/09/11 01:18:28 | 000,107,599 | ---- | C] () -- C:\Users\Sigrid\Documents\DH Murrine.pdf
[2010/09/05 00:58:35 | 001,116,675 | ---- | C] () -- C:\Users\Sigrid\Documents\Honestly - Lampwork Etc.pdf
[2010/09/03 17:57:13 | 000,000,714 | ---- | C] () -- C:\Users\Sigrid\Documents\Cabochon_Adventure_Part_2 printed.pdf
[2010/09/03 17:56:46 | 017,749,378 | ---- | C] () -- C:\Users\Sigrid\Documents\Cabochon_Adventure_Part_1 printed.pdf
[2010/07/28 20:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/28 20:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/17 12:11:47 | 000,033,792 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 12:33:20 | 000,000,000 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\prvlcl.dat
[2010/03/01 22:36:54 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLea.DAT
[2010/01/30 20:13:22 | 003,898,974 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\tmpDSC_0651.0
[2010/01/30 20:13:22 | 000,586,506 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\tmpDSC_0651.JPG
[2010/01/06 15:07:27 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/12/31 23:36:40 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/12/31 23:36:39 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2009/12/31 21:35:55 | 000,003,054 | ---- | C] () -- C:\Users\Sigrid\AppData\Roaming\wklnhst.dat
[2009/12/31 20:39:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\People
[2009/12/31 20:39:15 | 000,000,268 | RH-- | C] () -- C:\Users\Sigrid\AppData\Roaming\PDEs
[2009/12/31 20:39:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/12/31 20:34:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PageLibraries
[2009/12/31 20:34:21 | 000,000,268 | RH-- | C] () -- C:\Users\Sigrid\AppData\Roaming\Organs
[2009/12/31 20:34:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/31 11:37:29 | 000,000,000 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\QSwitch.txt
[2009/12/31 11:37:29 | 000,000,000 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\DSwitch.txt
[2009/12/31 11:37:29 | 000,000,000 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\AtStart.txt
[2009/12/31 11:37:27 | 000,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/25 05:10:03 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/08/25 05:09:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/08/25 05:09:40 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/08/25 05:09:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/08/25 05:08:38 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/08/09 04:42:48 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/09 04:38:18 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/09 04:36:08 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/09 04:35:20 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/15 20:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/03 01:11:54 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/03 01:12:06 | 4193,452,032 | -HS- | M] () -- C:\pagefile.sys

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Mon 04 Oct 2010, 3:11 am


< %PROGRAMFILES%\*. >
[2010/06/17 12:18:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\3ivx
[2010/08/06 16:12:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2009/12/31 18:18:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/03/04 11:38:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2010/06/21 20:10:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/08/23 10:14:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2009/08/09 04:43:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/03/16 20:54:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DeductionPro 2009
[2010/05/19 20:29:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson
[2010/08/27 12:44:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Flip Video
[2010/08/04 14:43:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0
[2010/08/23 10:13:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Handbrake
[2009/08/25 04:56:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2010/08/23 10:14:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2009/08/09 03:49:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2010/02/16 20:49:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HRBlock2009
[2010/06/17 12:01:21 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/08/09 03:40:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2010/10/03 01:10:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/06/21 20:14:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/08/05 09:12:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009/08/09 05:26:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JunoPreloader
[2010/01/05 12:32:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech
[2010/10/02 18:19:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/04 11:55:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2009/08/09 03:51:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/10/03 01:11:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/08/04 11:56:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/08/13 14:37:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/10/03 01:03:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/09/23 16:40:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/08/09 05:15:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN
[2010/01/01 11:36:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/06/17 12:01:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\muvee Technologies
[2009/08/09 05:27:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NetZeroPreloader
[2010/05/14 17:08:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nikon
[2009/12/31 11:33:04 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2010/08/25 23:24:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\pdf995
[2010/06/21 20:12:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/04/22 21:44:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2009/08/25 04:32:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/08/12 15:25:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/08/09 04:01:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2009/07/14 00:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/08/04 11:58:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2009/08/09 03:04:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/13 10:34:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/01/01 23:02:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 01:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 01:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/12/31 11:33:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< %appdata%\*.* >
[2009/12/31 20:34:21 | 000,000,268 | RH-- | M] () -- C:\Users\Sigrid\AppData\Roaming\Organs
[2009/12/31 20:39:15 | 000,000,268 | RH-- | M] () -- C:\Users\Sigrid\AppData\Roaming\PDEs
[2010/09/21 17:14:59 | 000,003,054 | ---- | M] () -- C:\Users\Sigrid\AppData\Roaming\wklnhst.dat


< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 21:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: EVENTLOG.DLL >
[2007/05/18 00:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 20:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 20:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Mon 04 Oct 2010, 4:41 am

I just got a redirect

[You must be registered and logged in to see this link.] .ultrasat.information-seeking.com

and I had a tab pop up with this address - happened several time yesterday too

[You must be registered and logged in to see this link.] gugle.com/

but it returns a time out response.

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Mon 04 Oct 2010, 5:47 am

I keep getting a [You must be registered and logged in to see this link.] website trying to load also.

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Mon 04 Oct 2010, 10:38 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Mon 04 Oct 2010, 11:05 am

I got a server error when I clicked your link

Server not found

Firefox can't find the server at data-cdn.mbamupdates.com.

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Tue 05 Oct 2010, 8:03 am

I think we determined what the problem is/was. I got a redirect when I was using my Iphone on my home wireless today and I had read an article yesterday about routers being hacked, so we reset and resecured the router and it appears to have fixed the problem.

Oh and your link works now too. Buttface hackers.

Thanks!

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Tue 05 Oct 2010, 10:14 am

Hello.
Please run MBAM anyway, I want to make sure whatever is, is gone.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Tue 05 Oct 2010, 11:00 am

Good point - here are the scan results:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4742

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/4/2010 7:56:10 PM
mbam-log-2010-10-04 (19-56-10).txt

Scan type: Quick scan
Objects scanned: 138659
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Wed 06 Oct 2010, 8:28 am

Hello.

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Wed 06 Oct 2010, 11:42 am

May I ask why I need to do that? I am not having any problems. I don't understand why I need to run that? Is there something in what I posted that makes you think I have a virus?

Thanks!

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Wed 06 Oct 2010, 11:44 am

It's just a check. Because you have an x64 system, we can't run some of our usual tools, MBAM and OTL can only go so deep, but there is an infection that can go deeper than those 2 tools can see.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Wed 06 Oct 2010, 2:38 pm

Ok - thanks for the explanation. Here is the output from Bootkit Remover

Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
Boot sector MD5 is: 3aae49ba6111fc7a7115b21442ced328

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix


Done;
Press any key to quit...

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Thu 07 Oct 2010, 8:21 am

Hello.
Please make sure Bootkit_remover is located on your Desktop.

Now open a new notepad file.
Input this into the notepad file:

@echo off
start bootkit_remover.exe fix \\.\PhysicalDrive0
exit

Save this as fix.bat, save it to your desktop.
Double click fix.bat and the black cmd window will open and close, this is normal.

Post the new bootkit remover log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Thu 07 Oct 2010, 11:05 am

I am getting an error when trying to run it - a popup window opens and tells me "Windows can not find 'bootkit_remover.exe'. Make sure you typed the name correctly and then try again.

I copied and pasted it from your post and I have not changed the installation of bootkit remover on my desktop.

The first time I tried to run it, I forgot to right click and run as administrator and it opened the black window and tried to run but gave an error. When I ran as administrator, the window opened but didn't get any further.

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Fri 08 Oct 2010, 8:56 am

Actually try running this first.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Fri 08 Oct 2010, 11:09 am

2010/10/07 20:08:28.0390 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/07 20:08:28.0390 ================================================================================
2010/10/07 20:08:28.0391 SystemInfo:
2010/10/07 20:08:28.0391
2010/10/07 20:08:28.0391 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/07 20:08:28.0391 Product type: Workstation
2010/10/07 20:08:28.0391 ComputerName: SIGRID-PC
2010/10/07 20:08:28.0391 UserName: Sigrid
2010/10/07 20:08:28.0391 Windows directory: C:\Windows
2010/10/07 20:08:28.0391 System windows directory: C:\Windows
2010/10/07 20:08:28.0391 Running under WOW64
2010/10/07 20:08:28.0391 Processor architecture: Intel x64
2010/10/07 20:08:28.0391 Number of processors: 2
2010/10/07 20:08:28.0391 Page size: 0x1000
2010/10/07 20:08:28.0391 Boot type: Normal boot
2010/10/07 20:08:28.0391 ================================================================================
2010/10/07 20:08:28.0392 Utility is running under WOW64
2010/10/07 20:08:28.0782 Initialize success
2010/10/07 20:08:42.0566 ================================================================================
2010/10/07 20:08:42.0566 Scan started
2010/10/07 20:08:42.0566 Mode: Manual;
2010/10/07 20:08:42.0566 ================================================================================
2010/10/07 20:08:43.0297 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/07 20:08:43.0433 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
2010/10/07 20:08:43.0577 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/07 20:08:43.0684 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/07 20:08:43.0779 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/07 20:08:43.0934 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/07 20:08:44.0066 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/07 20:08:44.0207 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/10/07 20:08:44.0373 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2010/10/07 20:08:44.0532 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/07 20:08:44.0683 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/07 20:08:44.0739 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/07 20:08:44.0830 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/07 20:08:44.0908 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/07 20:08:45.0017 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/07 20:08:45.0143 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/07 20:08:45.0179 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/07 20:08:45.0300 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/10/07 20:08:45.0490 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/10/07 20:08:45.0717 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/07 20:08:45.0802 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/07 20:08:45.0876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/07 20:08:46.0051 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/10/07 20:08:46.0365 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
2010/10/07 20:08:46.0521 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\system32\Drivers\avgmfx64.sys
2010/10/07 20:08:46.0676 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\system32\Drivers\avgtdia.sys
2010/10/07 20:08:46.0924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/10/07 20:08:47.0072 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/10/07 20:08:47.0245 BCM43XX (f99c7ae4bb91bd1506b3572f944307bb) C:\Windows\system32\DRIVERS\bcmwl664.sys
2010/10/07 20:08:47.0388 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/10/07 20:08:47.0517 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/07 20:08:47.0649 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/07 20:08:47.0775 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/07 20:08:47.0814 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/07 20:08:47.0912 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/10/07 20:08:47.0952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/07 20:08:48.0061 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/07 20:08:48.0112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/07 20:08:48.0226 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/07 20:08:48.0299 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/07 20:08:48.0415 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/07 20:08:48.0554 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/07 20:08:48.0615 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/10/07 20:08:48.0785 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/07 20:08:48.0828 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/07 20:08:48.0921 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/10/07 20:08:49.0073 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/07 20:08:49.0182 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/07 20:08:49.0292 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/07 20:08:49.0440 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/10/07 20:08:49.0483 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/10/07 20:08:49.0598 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/10/07 20:08:49.0710 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/10/07 20:08:49.0799 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/07 20:08:49.0974 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/10/07 20:08:50.0177 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/07 20:08:50.0321 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
2010/10/07 20:08:50.0454 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/07 20:08:50.0550 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/10/07 20:08:50.0627 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/10/07 20:08:50.0837 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/07 20:08:50.0942 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/10/07 20:08:51.0008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/10/07 20:08:51.0118 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/07 20:08:51.0231 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/10/07 20:08:51.0305 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/10/07 20:08:51.0376 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/07 20:08:51.0475 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/07 20:08:51.0549 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/07 20:08:51.0762 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/07 20:08:51.0844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/07 20:08:51.0997 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/10/07 20:08:52.0233 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/07 20:08:52.0277 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/07 20:08:52.0360 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/07 20:08:52.0453 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/07 20:08:52.0575 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/07 20:08:52.0734 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
2010/10/07 20:08:52.0817 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/10/07 20:08:52.0948 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/07 20:08:53.0100 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/10/07 20:08:53.0163 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/07 20:08:53.0282 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/07 20:08:53.0414 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/07 20:08:53.0714 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
2010/10/07 20:08:54.0014 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/07 20:08:54.0167 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
2010/10/07 20:08:54.0212 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/07 20:08:54.0334 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/07 20:08:54.0420 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/07 20:08:54.0483 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/07 20:08:54.0549 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/10/07 20:08:54.0640 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/10/07 20:08:54.0708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/07 20:08:54.0760 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/07 20:08:54.0862 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/07 20:08:54.0919 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/07 20:08:55.0002 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/07 20:08:55.0084 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/07 20:08:55.0207 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/10/07 20:08:55.0380 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/07 20:08:55.0488 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/07 20:08:55.0560 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/07 20:08:55.0677 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/07 20:08:55.0737 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/07 20:08:55.0852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/10/07 20:08:55.0916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/07 20:08:56.0012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/07 20:08:56.0146 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/10/07 20:08:56.0184 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/07 20:08:56.0311 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/07 20:08:56.0397 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/07 20:08:56.0477 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/10/07 20:08:56.0574 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/07 20:08:56.0625 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/07 20:08:56.0708 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/07 20:08:56.0782 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/07 20:08:56.0861 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/07 20:08:56.0936 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/07 20:08:57.0013 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/07 20:08:57.0069 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/07 20:08:57.0165 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/10/07 20:08:57.0205 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/07 20:08:57.0305 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/07 20:08:57.0437 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/07 20:08:57.0469 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/07 20:08:57.0524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/10/07 20:08:57.0596 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/10/07 20:08:57.0681 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/07 20:08:57.0728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/10/07 20:08:57.0799 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/07 20:08:57.0880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/10/07 20:08:58.0015 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/07 20:08:58.0147 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/10/07 20:08:58.0250 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/07 20:08:58.0358 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/07 20:08:58.0453 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/07 20:08:58.0517 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/07 20:08:58.0578 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/10/07 20:08:58.0649 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/07 20:08:58.0715 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/07 20:08:58.0968 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2010/10/07 20:08:59.0127 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/07 20:08:59.0226 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/10/07 20:08:59.0282 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/07 20:08:59.0371 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/10/07 20:08:59.0446 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/10/07 20:08:59.0555 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/07 20:08:59.0608 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/07 20:08:59.0712 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/07 20:08:59.0772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/07 20:08:59.0849 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/10/07 20:08:59.0922 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/10/07 20:09:00.0003 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/10/07 20:09:00.0055 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/07 20:09:00.0129 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/07 20:09:00.0185 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/10/07 20:09:00.0249 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/10/07 20:09:00.0423 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/07 20:09:00.0487 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/10/07 20:09:00.0592 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/07 20:09:00.0724 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/07 20:09:00.0871 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/07 20:09:00.0965 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/07 20:09:01.0035 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/07 20:09:01.0129 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/07 20:09:01.0215 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/07 20:09:01.0300 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/07 20:09:01.0376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/07 20:09:01.0436 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/07 20:09:01.0505 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/07 20:09:01.0563 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/07 20:09:01.0809 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/07 20:09:01.0849 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/07 20:09:01.0935 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/10/07 20:09:02.0042 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/10/07 20:09:02.0168 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/07 20:09:02.0347 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/10/07 20:09:02.0520 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/07 20:09:02.0667 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/07 20:09:02.0803 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/07 20:09:02.0942 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/10/07 20:09:03.0031 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/07 20:09:03.0093 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/10/07 20:09:03.0193 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/07 20:09:03.0301 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/07 20:09:03.0354 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/07 20:09:03.0437 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/07 20:09:03.0494 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/07 20:09:03.0588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/07 20:09:03.0643 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/07 20:09:03.0747 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/10/07 20:09:03.0838 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/10/07 20:09:03.0955 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
2010/10/07 20:09:04.0061 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/07 20:09:04.0131 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2010/10/07 20:09:04.0256 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2010/10/07 20:09:04.0368 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2010/10/07 20:09:04.0442 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/07 20:09:04.0573 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/07 20:09:04.0643 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
2010/10/07 20:09:04.0798 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/07 20:09:04.0956 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
2010/10/07 20:09:05.0197 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/10/07 20:09:05.0397 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/07 20:09:05.0494 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/07 20:09:05.0585 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/10/07 20:09:05.0665 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/10/07 20:09:05.0760 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/07 20:09:05.0836 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/07 20:09:05.0907 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/07 20:09:06.0027 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/07 20:09:06.0091 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/07 20:09:06.0177 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/07 20:09:06.0323 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/07 20:09:06.0446 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/07 20:09:06.0495 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/07 20:09:06.0632 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2010/10/07 20:09:06.0754 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/07 20:09:06.0945 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/07 20:09:07.0007 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/07 20:09:07.0111 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/07 20:09:07.0184 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/07 20:09:07.0299 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/07 20:09:07.0403 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/07 20:09:07.0483 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/07 20:09:07.0540 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/07 20:09:07.0649 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2010/10/07 20:09:07.0795 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/07 20:09:07.0908 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/07 20:09:07.0938 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/10/07 20:09:08.0025 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/07 20:09:08.0084 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/07 20:09:08.0182 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/07 20:09:08.0277 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/10/07 20:09:08.0364 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/07 20:09:08.0462 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/07 20:09:08.0546 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/10/07 20:09:08.0578 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/10/07 20:09:08.0686 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2010/10/07 20:09:08.0756 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/07 20:09:08.0884 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/07 20:09:08.0920 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/07 20:09:09.0051 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/10/07 20:09:09.0125 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/07 20:09:09.0314 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/07 20:09:09.0359 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/10/07 20:09:09.0508 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/10/07 20:09:09.0611 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/07 20:09:09.0710 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/07 20:09:09.0791 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/10/07 20:09:09.0863 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/07 20:09:09.0993 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2010/10/07 20:09:10.0050 ================================================================================
2010/10/07 20:09:10.0051 Scan finished
2010/10/07 20:09:10.0051 ================================================================================

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Sat 09 Oct 2010, 7:36 am

Hello.
Lets try this the long way.

Go to Start, in the little search box, search for "cmd", when it finds the command prompt, right click cmd.exe > Run as administrator.

When it comes up showing C:\Users\Sigrid>, type in "cd Desktop", and hit enter.

Now when it shows C:\Users\Sigrid\Desktop>, type in "bootkit_remover.exe fix \\.\PhysicalDrive0"

Hit enter, this should start Bootkit Remover, please allow it to run and post the new log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Sat 09 Oct 2010, 11:24 am

When I run the Command prompt as administrator, it comes up in the c:\Windows\System32 directory.

So I manually changed to the C:\Users\Sigrid\Desktop prompt and typed in the command - I got a prompt asking me if I wanted to reboot immediately after the program ran. I said yes, but got this when it ran
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>cd..

C:\Windows>cd..

C:\>cd users\sigrid\desktop

C:\Users\Sigrid\Desktop>bootkit_remover.exe fix \\.\PhysicalDrive0
Bootkit Remover
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000
Restoring boot code at \\.\PhysicalDrive0...
ATA_Write(): DeviceIoControl() ERROR 1
ERROR: Can't write first sector of the disk.

Done;
Press any key to quit...


squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Mon 11 Oct 2010, 9:10 am

bump

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Tue 12 Oct 2010, 8:37 am

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Tue 12 Oct 2010, 12:26 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 235):
0x02C1D000 \SystemRoot\system32\ntoskrnl.exe
0x031F9000 \SystemRoot\system32\hal.dll
0x00B9F000 \SystemRoot\system32\kdcom.dll
0x00C8B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CCF000 \SystemRoot\system32\PSHED.dll
0x00CE3000 \SystemRoot\system32\CLFS.SYS
0x00E2E000 \SystemRoot\system32\CI.dll
0x00EEE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F92000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA1000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D41000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E13000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E20000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00D74000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00D9E000 \SystemRoot\System32\drivers\partmgr.sys
0x00DB3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00DBC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DC8000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF8000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00C5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C6C000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00C73000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00C7A000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DDD000 \SystemRoot\System32\drivers\mountmgr.sys
0x01069000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x0108F000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x010B8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x010E8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x010EF000 \SystemRoot\system32\DRIVERS\viaide.sys
0x0128A000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x013A8000 \SystemRoot\system32\DRIVERS\atapi.sys
0x013B1000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013DB000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01200000 \SystemRoot\system32\DRIVERS\storport.sys
0x01262000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0126D000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x010F7000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01172000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x011C8000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01000000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x0101E000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01492000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0149D000 \SystemRoot\system32\DRIVERS\arc.sys
0x014B6000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x014D1000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01558000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01569000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01588000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x0159B000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x015BA000 \SystemRoot\system32\DRIVERS\megasas.sys
0x016EB000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x0178F000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x0179F000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01831000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01600000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019D5000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019E3000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01800000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x0165F000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01689000 \SystemRoot\system32\drivers\fltmgr.sys
0x0180A000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A23000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01400000 \SystemRoot\System32\Drivers\msrpc.sys
0x01BC6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C28000 \SystemRoot\System32\Drivers\cng.sys
0x01C9B000 \SystemRoot\System32\drivers\pcw.sys
0x01CAC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01CB6000 \SystemRoot\system32\drivers\ndis.sys
0x01E68000 \SystemRoot\system32\drivers\NETIO.SYS
0x01EC8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02003000 \SystemRoot\System32\drivers\tcpip.sys
0x01EF3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01F3D000 \SystemRoot\system32\DRIVERS\wd.sys
0x01F45000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01F91000 \SystemRoot\System32\Drivers\spldr.sys
0x01F99000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01FB6000 \SystemRoot\System32\drivers\rdyboost.sys
0x01E00000 \SystemRoot\System32\Drivers\mup.sys
0x01E12000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01E1B000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01E25000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01DA8000 \SystemRoot\system32\DRIVERS\disk.sys
0x017CA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01E5F000 \SystemRoot\System32\Drivers\Null.SYS
0x01DE8000 \SystemRoot\System32\Drivers\Beep.SYS
0x01DEF000 \SystemRoot\System32\drivers\vga.sys
0x01C00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BE0000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01A00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01A09000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01A12000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0181E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0145E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x016D5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x034A8000 \SystemRoot\System32\Drivers\avgtdia.sys
0x034F9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0353E000 \SystemRoot\system32\drivers\afd.sys
0x035C8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x035D1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03416000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03442000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0345D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04235000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04286000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04292000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0429D000 \SystemRoot\System32\drivers\discache.sys
0x042AC000 \SystemRoot\System32\Drivers\dfsc.sys
0x042CA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042DB000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x042E3000 \SystemRoot\System32\Drivers\avgldx64.sys
0x0432A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04350000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04366000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x044CA000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04CB5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04DA9000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04DEF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04C56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04C67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x050E1000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x05389000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x053D3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x053F1000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x05000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0500F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05058000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0505A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05069000 \SystemRoot\system32\DRIVERS\enecir.sys
0x05086000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x05093000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0509C000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x050A8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x050B8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04C8B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x050CE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04BC9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04400000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0441B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0443C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x050DA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04456000 \SystemRoot\system32\DRIVERS\ks.sys
0x04499000 \SystemRoot\system32\DRIVERS\circlass.sys
0x044AB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0436B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x043C5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06292000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0630D000 \SystemRoot\system32\DRIVERS\portcls.sys
0x0634A000 \SystemRoot\system32\DRIVERS\drmk.sys
0x0636C000 \SystemRoot\system32\drivers\ksthunk.sys
0x06372000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x06399000 \SystemRoot\system32\DRIVERS\hidir.sys
0x063AA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x063C3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x063CC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x063DA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x063E7000 \SystemRoot\System32\drivers\Dxapi.sys
0x06200000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0620E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0621A000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x06225000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06238000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06255000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x00850000 \SystemRoot\System32\ATMFD.DLL
0x05396000 \SystemRoot\system32\drivers\luafv.sys
0x043DA000 \SystemRoot\system32\drivers\WudfPf.sys
0x053B9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02E61000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02EB4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02EC7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02EDF000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02EE9000 \SystemRoot\system32\drivers\HTTP.sys
0x02FB1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02FCF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02E00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x032F3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03341000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03200000 \SystemRoot\system32\drivers\peauth.sys
0x032A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x032B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x032DE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03364000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04E94000 \SystemRoot\System32\DRIVERS\srv.sys
0x04E00000 \SystemRoot\System32\Drivers\fastfat.SYS
0x00770000 \SystemRoot\System32\cdd.dll
0x04FB2000 \SystemRoot\system32\drivers\MSPQM.sys
0x04FB4000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0x04F5B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77B30000 \Windows\System32\ntdll.dll
0x48460000 \Windows\System32\smss.exe
0xFFE50000 \Windows\System32\apisetschema.dll
0xFF230000 \Windows\System32\autochk.exe
0xFFDA0000 \Windows\System32\comdlg32.dll
0xFFD90000 \Windows\System32\nsi.dll
0xFFC60000 \Windows\System32\rpcrt4.dll
0xFFB80000 \Windows\System32\advapi32.dll
0xFF970000 \Windows\System32\ole32.dll
0xFF960000 \Windows\System32\lpk.dll
0xFF880000 \Windows\System32\oleaut32.dll
0xFEAF0000 \Windows\System32\shell32.dll
0xFE890000 \Windows\System32\iertutil.dll
0xFE7F0000 \Windows\System32\clbcatq.dll
0xFE610000 \Windows\System32\setupapi.dll
0xFE5E0000 \Windows\System32\imm32.dll
0xFE4D0000 \Windows\System32\msctf.dll
0xFE350000 \Windows\System32\urlmon.dll
0xFE280000 \Windows\System32\usp10.dll
0xFE230000 \Windows\System32\ws2_32.dll
0x77D00000 \Windows\System32\normaliz.dll
0xFE210000 \Windows\System32\imagehlp.dll
0xFE190000 \Windows\System32\shlwapi.dll
0xFE060000 \Windows\System32\wininet.dll
0x77CF0000 \Windows\System32\psapi.dll
0xFE010000 \Windows\System32\Wldap32.dll
0xFDF90000 \Windows\System32\difxapi.dll
0x77A30000 \Windows\System32\user32.dll
0xFDF20000 \Windows\System32\gdi32.dll
0xFDE80000 \Windows\System32\msvcrt.dll
0x77910000 \Windows\System32\kernel32.dll
0xFDE60000 \Windows\System32\sechost.dll
0xFDDC0000 \Windows\System32\comctl32.dll
0xFDD80000 \Windows\System32\cfgmgr32.dll
0xFDC10000 \Windows\System32\crypt32.dll
0xFDBF0000 \Windows\System32\devobj.dll
0xFDB80000 \Windows\System32\KernelBase.dll
0xFDB40000 \Windows\System32\wintrust.dll
0xFDB30000 \Windows\System32\msasn1.dll
0x77CE0000 \Windows\SysWOW64\normaliz.dll

Processes (total 86):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
384 csrss.exe
436 C:\Windows\System32\wininit.exe
448 csrss.exe
456 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
468 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
564 C:\Windows\System32\services.exe
580 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\lsm.exe
624 C:\Windows\System32\winlogon.exe
660 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
312 C:\Windows\System32\svchost.exe
556 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
1340 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\hpservice.exe
1512 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\wlanext.exe
1632 C:\Windows\System32\conhost.exe
1772 C:\Windows\System32\svchost.exe
1856 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
1900 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1924 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1952 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2004 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
1496 C:\Windows\System32\svchost.exe
1116 C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2024 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2228 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2292 C:\Windows\System32\svchost.exe
2356 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
2468 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2592 unsecapp.exe
2736 WmiPrvSE.exe
2844 C:\Windows\System32\taskhost.exe
2916 C:\Windows\System32\dwm.exe
2980 C:\Windows\explorer.exe
2120 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3328 C:\Windows\System32\igfxtray.exe
3380 C:\Windows\System32\hkcmd.exe
3388 C:\Windows\System32\igfxpers.exe
3404 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3416 C:\Program Files\IDT\WDM\sttray64.exe
3432 C:\Program Files\Java\jre6\bin\jusched.exe
3440 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3492 C:\Windows\System32\igfxsrvc.exe
3704 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3756 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3768 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
3780 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3788 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3280 C:\Program Files\iPod\bin\iPodService.exe
2776 C:\Windows\System32\SearchIndexer.exe
3480 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3648 WmiPrvSE.exe
1088 C:\Program Files\Windows Media Player\wmpnetwk.exe
4152 C:\Windows\System32\svchost.exe
4308 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
2996 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1220 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3208 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
4664 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2608 C:\Windows\System32\svchost.exe
3560 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4796 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
5948 C:\Windows\System32\spoolsv.exe
4440 C:\Windows\System32\rundll32.exe
4104 C:\Windows\System32\spool\drivers\x64\3\E_IATIAEA.EXE
5360 C:\Windows\System32\taskhost.exe
7040 C:\Program Files (x86)\iTunes\iTunes.exe
6344 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
6320 C:\Windows\System32\conhost.exe
6596 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
6904 C:\Windows\System32\conhost.exe
6956 C:\Windows\SysWOW64\dllhost.exe
4348 C:\Windows\System32\SearchProtocolHost.exe
6176 C:\Windows\System32\SearchFilterHost.exe
6916 C:\Windows\System32\audiodg.exe
2628 C:\Users\Sigrid\Desktop\MBRCheck.exe
6400 C:\Windows\System32\conhost.exe
5072 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`3fe00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMJA2500BHG2, Rev: 8919

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 263078AC856058B74BD330CBEEF0EB1B30D826B5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Wed 13 Oct 2010, 10:34 am

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.

  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:



  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the [URL="http://www.dewassoc.com/kbase/hard_drives/master_boot_record.htm"]Master Boot Record (MBR)[/URL] is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

  • Invalid Partition Table
  • Missing Operating System
  • Error loading operating system


If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the [URL="http://www.bleepingcomputer.com/tutorials/tutorial117.html#what"]XP Recovery Console[/URL] before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

  • [URL="http://support.microsoft.com/kb/307654"]How to use the Recovery Console[/URL]
  • [URL="http://helpdeskgeek.com/how-to/fix-mbr-xp-vista/"]How to fix MBR in Windows XP and Vista[/URL]


If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Wed 13 Oct 2010, 11:47 am

I do not have Windows CDs, but I do have the recovery disks that came with the computer. (HP)

Also, my hard drive has a recovery partition on it - will fixing the MBR damage the recovery drive (D)?

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Thu 14 Oct 2010, 8:07 am

Hello.
Did you run the MBRCheck fix? if so, please post the given log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Sponsored content Today at 2:54 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum