Redirect Trojan or Malware

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Redirect Trojan or Malware

Post by squidly on Mon 04 Oct 2010, 3:11 am

First topic message reminder :

I visited a snopes.com forum on Friday and got a warning from my anti-virus and closed the window. Since then I have been getting redirected to various different sites including a fake virus software site. I am also unable to log in here using a regular login - it gets stuck on [You must be registered and logged in to see this link.] and won't take me to the login page. I was able to login using facebook which is how I am here.

I have run Spybot and it found nothing. I ran Malwarebytes and it found and corrected 18 items but they appeared to be cookies except for one that said "porn pop-up" and another that didn't have any identifying info. I am not convinced I am clean though as I still have the same login problem, though no redirects have happened today - yet.

I updated Windows, Adobe Reader and Java and ran the OTL scan per the instructions.

OTL logfile created on: 10/3/2010 1:17:06 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sigrid\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.80 Gb Total Space | 374.15 Gb Free Space | 82.63% Space Free | Partition Type: NTFS
Drive D: | 12.76 Gb Total Space | 2.13 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIGRID-PC
Current User Name: Sigrid
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/03 01:15:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sigrid\Downloads\OTL.com
PRC - [2010/09/24 14:32:16 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/24 14:32:04 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/09/24 14:31:45 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/09/24 14:31:39 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/09/23 16:40:26 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/23 16:40:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/07/23 23:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/05/29 17:58:46 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/10/03 01:15:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sigrid\Downloads\OTL.com
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2010/09/24 14:31:45 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/24 14:31:39 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/24 14:32:54 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/09/24 14:32:49 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/09/24 14:32:49 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/07/28 21:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/09 22:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/25 04:33:15 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 14:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 17:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 08:13:00 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.51
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 04:53:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/22 21:44:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/25 14:43:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/23 16:40:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/23 16:40:27 | 000,000,000 | ---D | M]

[2009/12/31 13:24:47 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Mozilla\Extensions
[2010/06/24 10:36:23 | 000,000,000 | ---D | M] -- C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\vv0qp2cb.default\extensions
[2010/08/05 09:12:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/05 09:12:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKCU..\Run: [EPSON Stylus CX4800 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIADA.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.66.237 213.109.72.202 1.1.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HPCam_Menu - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {484D1C33-4786-C3DF-62F4-62F7D885DA16} - Microsoft Windows Media Player 12.0
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.3IV2 - C:\Windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/03 01:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/03 01:02:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2010/10/03 01:02:20 | 000,000,000 | ---D | C] -- C:\Intel
[2010/10/03 00:58:51 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/10/03 00:58:24 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/10/03 00:58:23 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/10/03 00:58:23 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/10/03 00:58:23 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/10/03 00:58:23 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/10/03 00:58:23 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/10/03 00:58:23 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/10/03 00:58:23 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/10/03 00:58:23 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/10/03 00:58:23 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/10/03 00:58:23 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/10/03 00:58:23 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/10/03 00:58:23 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/10/03 00:58:23 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/10/03 00:58:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/10/03 00:58:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/10/03 00:58:21 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/10/03 00:58:19 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/10/03 00:58:18 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/10/03 00:58:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/10/03 00:58:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/10/03 00:58:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/10/03 00:58:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/10/03 00:58:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/10/03 00:58:02 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/03 00:58:02 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/03 00:58:02 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/03 00:58:02 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/03 00:58:02 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/03 00:58:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/03 00:58:01 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/10/03 00:58:01 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/10/03 00:58:01 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/03 00:50:53 | 000,468,480 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/10/03 00:50:53 | 000,183,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/10/03 00:50:53 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/10/03 00:50:53 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/10/03 00:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/02 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\AppData\Roaming\Malwarebytes
[2010/10/02 18:19:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/02 18:19:30 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/02 18:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/02 18:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/28 12:52:01 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\Documents\Employment
[2010/09/25 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\Sigrid\AppData\Local\Apps
[2010/09/24 14:32:55 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/24 14:32:53 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/24 14:32:49 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/24 14:32:48 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/24 14:32:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/09/16 13:22:47 | 000,000,000 | ---D | C] -- C:\aa2e676dc6ddaeeacdfc95
[2010/09/16 13:22:23 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/11 15:02:16 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMAEA.DLL
[2010/09/11 15:02:16 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBAEA.DLL
[40 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/03 01:20:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 01:20:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 01:17:51 | 002,359,296 | -HS- | M] () -- C:\Users\Sigrid\NTUSER.DAT
[2010/10/03 01:12:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/03 01:12:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/03 01:11:54 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/03 01:10:38 | 004,648,539 | -H-- | M] () -- C:\Users\Sigrid\AppData\Local\IconCache.db
[2010/10/03 01:08:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/03 01:07:13 | 000,737,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/03 01:07:13 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/03 01:07:13 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/03 00:50:49 | 000,468,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/10/03 00:50:49 | 000,183,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/10/03 00:50:49 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/10/03 00:50:49 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/10/02 19:05:19 | 065,578,899 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/02 18:19:33 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/02 18:14:21 | 000,022,934 | ---- | M] () -- C:\Users\Sigrid\Documents\Spybot - Search & Destroy scan report.pdf
[2010/10/01 17:40:45 | 000,018,238 | ---- | M] () -- C:\Users\Sigrid\.recently-used.xbel
[2010/10/01 17:33:42 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/10/01 17:31:33 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/09/24 14:32:56 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/09/24 14:32:56 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/24 14:32:54 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/09/24 14:32:49 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/09/24 14:32:49 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/09/24 14:32:48 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/21 17:14:59 | 000,003,054 | ---- | M] () -- C:\Users\Sigrid\AppData\Roaming\wklnhst.dat
[2010/09/21 16:22:26 | 000,120,542 | ---- | M] () -- C:\Users\Sigrid\Documents\mango salsa.pdf
[2010/09/19 21:25:57 | 000,013,824 | ---- | M] () -- C:\Users\Sigrid\Documents\David 071410 final.xlr
[2010/09/19 21:24:50 | 000,013,824 | ---- | M] () -- C:\Users\Sigrid\Documents\Discover 2010 edit.xlr
[2010/09/14 23:29:06 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSigrid.job
[2010/09/12 22:04:11 | 000,000,000 | ---- | M] () -- C:\Users\Sigrid\AppData\Local\prvlcl.dat
[2010/09/11 01:18:29 | 000,107,599 | ---- | M] () -- C:\Users\Sigrid\Documents\DH Murrine.pdf
[2010/09/05 00:58:36 | 001,116,675 | ---- | M] () -- C:\Users\Sigrid\Documents\Honestly - Lampwork Etc.pdf
[2010/09/03 17:57:14 | 000,000,714 | ---- | M] () -- C:\Users\Sigrid\Documents\Cabochon_Adventure_Part_2 printed.pdf
[2010/09/03 17:57:06 | 017,749,378 | ---- | M] () -- C:\Users\Sigrid\Documents\Cabochon_Adventure_Part_1 printed.pdf
[40 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/03 01:08:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/02 18:19:33 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/02 18:14:19 | 000,022,934 | ---- | C] () -- C:\Users\Sigrid\Documents\Spybot - Search & Destroy scan report.pdf
[2010/10/01 17:40:45 | 000,018,238 | ---- | C] () -- C:\Users\Sigrid\.recently-used.xbel
[2010/09/24 14:32:56 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/24 14:32:48 | 065,578,899 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/24 14:32:48 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/09/21 16:22:25 | 000,120,542 | ---- | C] () -- C:\Users\Sigrid\Documents\mango salsa.pdf
[2010/09/19 21:25:10 | 000,013,824 | ---- | C] () -- C:\Users\Sigrid\Documents\David 071410 final.xlr
[2010/09/11 01:18:28 | 000,107,599 | ---- | C] () -- C:\Users\Sigrid\Documents\DH Murrine.pdf
[2010/09/05 00:58:35 | 001,116,675 | ---- | C] () -- C:\Users\Sigrid\Documents\Honestly - Lampwork Etc.pdf
[2010/09/03 17:57:13 | 000,000,714 | ---- | C] () -- C:\Users\Sigrid\Documents\Cabochon_Adventure_Part_2 printed.pdf
[2010/09/03 17:56:46 | 017,749,378 | ---- | C] () -- C:\Users\Sigrid\Documents\Cabochon_Adventure_Part_1 printed.pdf
[2010/07/28 20:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/28 20:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/17 12:11:47 | 000,033,792 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/02 12:33:20 | 000,000,000 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\prvlcl.dat
[2010/03/01 22:36:54 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLea.DAT
[2010/01/30 20:13:22 | 003,898,974 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\tmpDSC_0651.0
[2010/01/30 20:13:22 | 000,586,506 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\tmpDSC_0651.JPG
[2010/01/06 15:07:27 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/12/31 23:36:40 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv
[2009/12/31 23:36:39 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2009/12/31 21:35:55 | 000,003,054 | ---- | C] () -- C:\Users\Sigrid\AppData\Roaming\wklnhst.dat
[2009/12/31 20:39:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\People
[2009/12/31 20:39:15 | 000,000,268 | RH-- | C] () -- C:\Users\Sigrid\AppData\Roaming\PDEs
[2009/12/31 20:39:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/12/31 20:34:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PageLibraries
[2009/12/31 20:34:21 | 000,000,268 | RH-- | C] () -- C:\Users\Sigrid\AppData\Roaming\Organs
[2009/12/31 20:34:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/31 11:37:29 | 000,000,000 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\QSwitch.txt
[2009/12/31 11:37:29 | 000,000,000 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\DSwitch.txt
[2009/12/31 11:37:29 | 000,000,000 | ---- | C] () -- C:\Users\Sigrid\AppData\Local\AtStart.txt
[2009/12/31 11:37:27 | 000,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/25 05:10:03 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/08/25 05:09:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/08/25 05:09:40 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/08/25 05:09:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/08/25 05:08:38 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/08/09 04:42:48 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/09 04:38:18 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/09 04:36:08 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/09 04:35:20 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/15 20:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/03 01:11:54 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/03 01:12:06 | 4193,452,032 | -HS- | M] () -- C:\pagefile.sys

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down


Re: Redirect Trojan or Malware

Post by squidly on Thu 14 Oct 2010, 11:50 am

Not yet, as I do not have the Windows CDs and need to know if the Recovery Disks I have are adequate.

And because I need to know if running the fix will damage the partition on my hard drive as mentioned in my last post.

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Fri 15 Oct 2010, 10:25 am

Hello.
Don't worry, the partition wont be damaged. The recovery disks may help if something goes wrong.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Fri 15 Oct 2010, 1:23 pm

I did the fix and I have rebooted successfully:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`3fe00000 (NTFS)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 263078AC856058B74BD330CBEEF0EB1B30D826B5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
Press ENTER to exit...

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Sat 16 Oct 2010, 9:50 am

Okay good, now run MBRCheck again, but normally this time, just double click and post the new log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Sun 17 Oct 2010, 11:24 am



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 234):
0x02C17000 \SystemRoot\system32\ntoskrnl.exe
0x031F3000 \SystemRoot\system32\hal.dll
0x00BCF000 \SystemRoot\system32\kdcom.dll
0x00CE1000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D25000 \SystemRoot\system32\PSHED.dll
0x00D39000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EDC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F80000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F8F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FE6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FEF000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E49000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E73000 \SystemRoot\System32\drivers\partmgr.sys
0x00E88000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E91000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E9D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D97000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EB2000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00EBA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00ECA000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00ED1000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00DF3000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x010F3000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x01119000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x01142000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01172000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01179000 \SystemRoot\system32\DRIVERS\viaide.sys
0x012E2000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x01200000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01209000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01233000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01250000 \SystemRoot\system32\DRIVERS\storport.sys
0x012B2000 \SystemRoot\system32\DRIVERS\msahci.sys
0x012BD000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01181000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01000000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01056000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01085000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x010A3000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x012D4000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01424000 \SystemRoot\system32\DRIVERS\arc.sys
0x0143D000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01458000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x014DF000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x014F0000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x0150F000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01522000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x01541000 \SystemRoot\system32\DRIVERS\megasas.sys
0x0154D000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01400000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x016C9000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01810000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x016F4000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019B4000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019C2000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019DA000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01753000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x0177D000 \SystemRoot\system32\drivers\fltmgr.sys
0x019E4000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A28000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01600000 \SystemRoot\System32\Drivers\msrpc.sys
0x01BCB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C6E000 \SystemRoot\System32\Drivers\cng.sys
0x01CE1000 \SystemRoot\System32\drivers\pcw.sys
0x01CF2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01CFC000 \SystemRoot\system32\drivers\ndis.sys
0x01C00000 \SystemRoot\system32\drivers\NETIO.SYS
0x0165E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01E00000 \SystemRoot\System32\drivers\tcpip.sys
0x020A2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x020EC000 \SystemRoot\system32\DRIVERS\wd.sys
0x020F4000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x02140000 \SystemRoot\System32\Drivers\spldr.sys
0x02148000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x02165000 \SystemRoot\System32\drivers\rdyboost.sys
0x0219F000 \SystemRoot\System32\Drivers\mup.sys
0x021B1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x021BA000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x021C4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x02000000 \SystemRoot\system32\DRIVERS\disk.sys
0x0204E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02078000 \SystemRoot\System32\Drivers\Null.SYS
0x02081000 \SystemRoot\System32\Drivers\Beep.SYS
0x02088000 \SystemRoot\System32\drivers\vga.sys
0x01A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01DEE000 \SystemRoot\System32\drivers\watchdog.sys
0x02096000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01C60000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BE5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01BEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01689000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0169A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01800000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03413000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03458000 \SystemRoot\system32\drivers\afd.sys
0x034E2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x034EB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03511000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03527000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03553000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0356E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03582000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x035D3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x035DF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x035EA000 \SystemRoot\System32\drivers\discache.sys
0x017C9000 \SystemRoot\System32\Drivers\dfsc.sys
0x03400000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042DA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04300000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04316000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04410000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04C73000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04D67000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04DAD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04C56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04DBA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05075000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0531D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05367000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05385000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x05391000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x053A0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x053E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x053EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05000000 \SystemRoot\system32\DRIVERS\enecir.sys
0x0501D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0502A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05033000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x0503F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0504F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04B0F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05065000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04B33000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04DDE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04B62000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04B83000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05071000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04B9D000 \SystemRoot\system32\DRIVERS\ks.sys
0x04BE0000 \SystemRoot\system32\DRIVERS\circlass.sys
0x0431B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0432D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04387000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04200000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0427B000 \SystemRoot\system32\DRIVERS\portcls.sys
0x042B8000 \SystemRoot\system32\DRIVERS\drmk.sys
0x053FA000 \SystemRoot\system32\drivers\ksthunk.sys
0x0439C000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x043C3000 \SystemRoot\system32\DRIVERS\hidir.sys
0x043D4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04C67000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04BF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04400000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x043ED000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03536000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x03542000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x02016000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x02029000 \SystemRoot\System32\drivers\Dxapi.sys
0x06237000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06254000 \SystemRoot\System32\Drivers\usbvideo.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x00810000 \SystemRoot\System32\ATMFD.DLL
0x06290000 \SystemRoot\system32\drivers\luafv.sys
0x062B3000 \SystemRoot\system32\drivers\WudfPf.sys
0x062D4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x062E9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0633C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0634F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02C77000 \SystemRoot\system32\drivers\HTTP.sys
0x02D3F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02D5D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02D75000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02DA2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02DF0000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02C00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03285000 \SystemRoot\system32\drivers\peauth.sys
0x0332B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03336000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03363000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03375000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06367000 \SystemRoot\System32\DRIVERS\srv.sys
0x03271000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x03200000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x0324F000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x0884D000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x088AE000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x088BA000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x0892B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77B80000 \Windows\System32\ntdll.dll
0x47BC0000 \Windows\System32\smss.exe
0xFFEA0000 \Windows\System32\apisetschema.dll
0xFFD10000 \Windows\System32\autochk.exe
0x77D50000 \Windows\System32\normaliz.dll
0xFFE10000 \Windows\System32\shlwapi.dll
0xFFDE0000 \Windows\System32\imm32.dll
0x77D40000 \Windows\System32\psapi.dll
0xFFD00000 \Windows\System32\oleaut32.dll
0xFFC30000 \Windows\System32\usp10.dll
0xFFB90000 \Windows\System32\msvcrt.dll
0xFFA60000 \Windows\System32\wininet.dll
0xFFA50000 \Windows\System32\lpk.dll
0xFF8D0000 \Windows\System32\urlmon.dll
0xFEB40000 \Windows\System32\shell32.dll
0xFEB20000 \Windows\System32\imagehlp.dll
0xFEA10000 \Windows\System32\msctf.dll
0xFE930000 \Windows\System32\advapi32.dll
0xFE890000 \Windows\System32\comdlg32.dll
0xFE880000 \Windows\System32\nsi.dll
0xFE830000 \Windows\System32\ws2_32.dll
0xFE7C0000 \Windows\System32\gdi32.dll
0xFE770000 \Windows\System32\Wldap32.dll
0xFE640000 \Windows\System32\rpcrt4.dll
0x77A80000 \Windows\System32\user32.dll
0x77960000 \Windows\System32\kernel32.dll
0xFE5C0000 \Windows\System32\difxapi.dll
0xFE360000 \Windows\System32\iertutil.dll
0xFE2C0000 \Windows\System32\clbcatq.dll
0xFE0B0000 \Windows\System32\ole32.dll
0xFE090000 \Windows\System32\sechost.dll
0xFDEB0000 \Windows\System32\setupapi.dll
0xFDE90000 \Windows\System32\devobj.dll
0xFDE50000 \Windows\System32\cfgmgr32.dll
0xFDDE0000 \Windows\System32\KernelBase.dll
0xFDC70000 \Windows\System32\crypt32.dll
0xFDBD0000 \Windows\System32\comctl32.dll
0xFDB90000 \Windows\System32\wintrust.dll
0xFDB80000 \Windows\System32\msasn1.dll

Processes (total 84):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
372 csrss.exe
436 C:\Windows\System32\wininit.exe
456 csrss.exe
516 C:\Windows\System32\services.exe
524 C:\Windows\System32\lsass.exe
532 C:\Windows\System32\lsm.exe
544 C:\Windows\System32\winlogon.exe
656 C:\Windows\System32\svchost.exe
728 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
1040 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\hpservice.exe
1168 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\wlanext.exe
1260 C:\Windows\System32\conhost.exe
1344 C:\Windows\System32\spoolsv.exe
1372 C:\Windows\System32\svchost.exe
1492 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
1560 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1612 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1648 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
1692 C:\Windows\System32\svchost.exe
1720 C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
1828 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1880 C:\Windows\System32\svchost.exe
1976 unsecapp.exe
2072 WmiPrvSE.exe
2336 C:\Windows\System32\taskhost.exe
2388 C:\Windows\System32\taskeng.exe
2412 C:\Windows\System32\dwm.exe
2444 C:\Windows\explorer.exe
2784 C:\Windows\System32\igfxtray.exe
2796 C:\Windows\System32\hkcmd.exe
2808 C:\Windows\System32\igfxpers.exe
2816 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2824 C:\Program Files\IDT\WDM\sttray64.exe
2832 C:\Program Files\Java\jre6\bin\jusched.exe
2840 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2912 C:\Windows\System32\igfxsrvc.exe
2988 C:\Windows\System32\spool\drivers\x64\3\E_IATIAEA.EXE
2212 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1456 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
2056 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2592 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2568 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2752 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
2852 WmiPrvSE.exe
980 C:\Program Files\iPod\bin\iPodService.exe
3108 C:\Windows\System32\SearchIndexer.exe
3120 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
3236 C:\Program Files\Windows Media Player\wmpnetwk.exe
3620 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3772 C:\Windows\System32\svchost.exe
3860 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4036 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
860 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2780 C:\Windows\System32\svchost.exe
2768 C:\Windows\System32\taskhost.exe
4384 avgchsva.exe
4484 avgrsa.exe
4508 avgcsrva.exe
3968 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
576 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
3268 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
3336 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
4940 C:\Windows\System32\conhost.exe
4276 C:\Program Files\Windows Sidebar\sidebar.exe
692 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3508 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
336 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4888 C:\Windows\System32\conhost.exe
3208 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
6008 C:\Windows\System32\audiodg.exe
4856 C:\Windows\System32\SearchProtocolHost.exe
5984 C:\Windows\System32\SearchFilterHost.exe
3276 C:\Users\Sigrid\Desktop\MBRCheck.exe
3884 C:\Windows\System32\conhost.exe
5476 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`3fe00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMJA2500BHG2, Rev: 8919

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 263078AC856058B74BD330CBEEF0EB1B30D826B5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Thu 21 Oct 2010, 8:28 am

So, am I ok now even though I am getting the

"Found non-standard or infected MBR."4
??

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Thu 21 Oct 2010, 10:21 am

Hello.
Do you have the repair discs for your OS?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Thu 21 Oct 2010, 12:38 pm

Yes, I have the recovery disks I made when I got the computer.

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Tue 26 Oct 2010, 3:46 pm

Bump

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Wed 27 Oct 2010, 11:02 am

Hello.
Please reboot your computer, when it starts to boot, start tapping the F8 key to access the advanced boot menu. Is there an option for "Repair your computer"?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Wed 27 Oct 2010, 2:31 pm

yes.

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Sat 30 Oct 2010, 4:10 am

Awesome.
Run that option, it will act like a command prompt.

Type in this command:

bootrec /fixmbr

If you are prompted with a yes/no option, type in yes or Y. Once it is done, type in exit and reboot the machine.

Next, run another MBRCheck and post the new log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Sat 30 Oct 2010, 4:30 am

I'm not sure, but it appears a small "yay!" might be in order....

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 199):
0x02C0D000 \SystemRoot\system32\ntoskrnl.exe
0x031E9000 \SystemRoot\system32\hal.dll
0x00B9B000 \SystemRoot\system32\kdcom.dll
0x00CBF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D03000 \SystemRoot\system32\PSHED.dll
0x00D17000 \SystemRoot\system32\CLFS.SYS
0x00EDF000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F9F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FF6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00EB3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D75000 \SystemRoot\system32\DRIVERS\pci.sys
0x00EBD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00ECA000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00DA8000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00DD2000 \SystemRoot\System32\drivers\partmgr.sys
0x00ED3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00DE7000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00C00000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C15000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C71000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00C79000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00C89000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00C90000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00C97000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00C9F000 \SystemRoot\System32\drivers\mountmgr.sys
0x01090000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x010B6000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x010DF000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0110F000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01116000 \SystemRoot\system32\DRIVERS\viaide.sys
0x0127D000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x0139B000 \SystemRoot\system32\DRIVERS\atapi.sys
0x013A4000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x013CE000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01200000 \SystemRoot\system32\DRIVERS\storport.sys
0x01262000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0111E000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01135000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01000000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01056000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x011B0000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x014B4000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x014FB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01506000 \SystemRoot\system32\DRIVERS\arc.sys
0x0151F000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x0153A000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x015C1000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x015D2000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01400000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01413000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x01432000 \SystemRoot\system32\DRIVERS\megasas.sys
0x016E1000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01785000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01795000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x0183A000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01600000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019DE000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x01800000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01818000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x0165F000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01689000 \SystemRoot\system32\drivers\fltmgr.sys
0x01822000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A25000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0143E000 \SystemRoot\System32\Drivers\msrpc.sys
0x01BC8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C2C000 \SystemRoot\System32\Drivers\cng.sys
0x01C9F000 \SystemRoot\System32\drivers\pcw.sys
0x01CB0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01CBA000 \SystemRoot\system32\drivers\ndis.sys
0x01E55000 \SystemRoot\system32\drivers\NETIO.SYS
0x01EB5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02000000 \SystemRoot\System32\drivers\tcpip.sys
0x01EE0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01F2A000 \SystemRoot\system32\DRIVERS\wd.sys
0x01F32000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01F7E000 \SystemRoot\System32\Drivers\spldr.sys
0x01F86000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01FA3000 \SystemRoot\System32\drivers\rdyboost.sys
0x01FDD000 \SystemRoot\System32\Drivers\mup.sys
0x01FEF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01E00000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01E0A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01DAC000 \SystemRoot\system32\DRIVERS\disk.sys
0x01E44000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01DC2000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x017C0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01C13000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x01C22000 \SystemRoot\System32\Drivers\Null.SYS
0x01E4E000 \SystemRoot\System32\Drivers\Beep.SYS
0x01DF1000 \SystemRoot\System32\drivers\vga.sys
0x01A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BE2000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019EC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019F5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017EA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0149C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011CE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0346D000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x034CE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03513000 \SystemRoot\system32\drivers\afd.sys
0x0359D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x035A6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x035CC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x035E2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0341D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03438000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0421A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0426B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x04277000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04282000 \SystemRoot\System32\drivers\discache.sys
0x04291000 \SystemRoot\System32\Drivers\dfsc.sys
0x042AF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042C0000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x0430F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04335000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0434B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0443B000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04CBF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04DB3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04C00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04C0D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04C63000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04C74000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05075000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x0531D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05367000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05385000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x05391000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x053A0000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x053E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x053EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05000000 \SystemRoot\system32\DRIVERS\enecir.sys
0x0501D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0502A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05033000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x0503F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0504F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04C98000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05065000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04B3A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04B69000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04B84000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04BA5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05071000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04350000 \SystemRoot\system32\DRIVERS\ks.sys
0x04BBF000 \SystemRoot\system32\DRIVERS\circlass.sys
0x04BD1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04393000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04BE3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06290000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0630B000 \SystemRoot\system32\DRIVERS\portcls.sys
0x06348000 \SystemRoot\system32\DRIVERS\drmk.sys
0x0636A000 \SystemRoot\system32\drivers\ksthunk.sys
0x06370000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x06397000 \SystemRoot\system32\DRIVERS\hidir.sys
0x063A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x063C1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x063CA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x063D8000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06200000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0621D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0624B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06259000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06265000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x06270000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x06283000 \SystemRoot\System32\drivers\Dxapi.sys
0x063E5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00570000 \SystemRoot\System32\TSDDD.dll
0x00780000 \SystemRoot\System32\cdd.dll
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x0532A000 \SystemRoot\system32\drivers\luafv.sys
0x04400000 \SystemRoot\system32\drivers\WudfPf.sys
0x0534D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02C9A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02CED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02D00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02D18000 \SystemRoot\system32\drivers\HTTP.sys
0x02DE0000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02C00000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02C1E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02C36000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03041000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0308F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x030B2000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x030BE000 \SystemRoot\system32\drivers\peauth.sys
0x03164000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0316F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0319C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x031AE000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x040F5000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0415C000 \SystemRoot\System32\DRIVERS\srv.sys
0x77180000 \Windows\System32\ntdll.dll
0x484A0000 \Windows\System32\smss.exe
0xFF4A0000 \Windows\System32\apisetschema.dll

Processes (total 79):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
348 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
404 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
548 csrss.exe
612 C:\Windows\System32\wininit.exe
632 csrss.exe
664 C:\Windows\System32\services.exe
704 C:\Windows\System32\lsass.exe
712 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\winlogon.exe
844 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\svchost.exe
396 C:\Windows\System32\svchost.exe
556 C:\Windows\System32\svchost.exe
480 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
860 C:\Windows\System32\audiodg.exe
1152 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\hpservice.exe
1272 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\wlanext.exe
1452 C:\Windows\System32\conhost.exe
1544 C:\Windows\System32\spoolsv.exe
1596 C:\Windows\System32\svchost.exe
1684 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
1712 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1744 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
1780 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1856 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
1896 C:\Windows\System32\svchost.exe
1924 C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2000 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
788 C:\Windows\System32\svchost.exe
1460 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
2080 unsecapp.exe
2172 WmiPrvSE.exe
2372 C:\Windows\System32\taskhost.exe
2456 C:\Windows\System32\dwm.exe
2480 C:\Windows\System32\taskeng.exe
2540 C:\Windows\explorer.exe
2672 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
2700 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
2712 C:\Windows\System32\conhost.exe
2532 C:\Windows\System32\igfxtray.exe
3096 C:\Windows\System32\hkcmd.exe
3108 C:\Windows\System32\igfxpers.exe
3124 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3136 C:\Program Files\IDT\WDM\sttray64.exe
3144 C:\Program Files\Java\jre6\bin\jusched.exe
3184 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3200 C:\Windows\System32\igfxsrvc.exe
3252 C:\Windows\System32\spool\drivers\x64\3\E_IATIAEA.EXE
3392 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3404 C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
3544 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3564 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
3640 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4024 C:\Windows\System32\SearchIndexer.exe
3468 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3372 C:\Program Files\iPod\bin\iPodService.exe
3648 WmiPrvSE.exe
3828 C:\Program Files\Windows Media Player\wmpnetwk.exe
3972 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4028 C:\Windows\System32\conhost.exe
3852 C:\Windows\System32\SearchProtocolHost.exe
3388 C:\Windows\System32\SearchFilterHost.exe
3300 C:\Windows\System32\svchost.exe
4216 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
4444 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
4852 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5000 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
4712 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4188 C:\Users\Sigrid\Desktop\MBRCheck.exe
3332 C:\Windows\System32\conhost.exe
4492 C:\Windows\System32\dllhost.exe
4956 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1616 C:\Windows\System32\sppsvc.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`3fe00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMJA2500BHG2, Rev: 8919

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Sat 30 Oct 2010, 10:46 am

Heh, that killed the bootkit infection.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Sun 31 Oct 2010, 3:09 am

Scan Results were No Threat Found


Contents of log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Belahzur on Sun 31 Oct 2010, 10:01 am

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by squidly on Sun 31 Oct 2010, 12:30 pm

It seems to be fine - I haven't had a redirect since we fixed our router and I haven't noticed any other problems.

Thank you very much for your help!

squidly

Newbie Surfer
Newbie Surfer

Posts : 25
Joined : 2010-10-03
Operating System : Win 7

View user profile

Back to top Go down

Re: Redirect Trojan or Malware

Post by Sponsored content Today at 11:20 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum