OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit Processor: Intel® Core i7 CPU 920 @ 2.67GHz, Intel64 Family 6 Model 26 Stepping 5 Processor Count: 8 RAM: 6135 Mb Graphics Card: NVIDIA GeForce GTX 580, 1536 Mb Hard Drives: C: Total - 125367 MB, Free - 17926 MB; D: Total - 485001 MB, Free - 202038 MB; F: Total - 95385 MB, Free - 51863 MB; Motherboard: ASUSTeK Computer INC., Rampage II Extreme Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated and Enabled I can take hard drive f out if it would help things. nod32 gives Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean Customer built pc. I used to work in a IT dept of a call center but its all self taught. Im not the smartest but i do understand i dont know it all hehe or i wouldn't need help it all started when wife got a Virus called System restore so i followed the guide at http://www.bleepingcomputer.com/viru...system-restore started on the 8th but could have been 7th not sure. but my TDSSKiller log was ran on the 8th. i can rerun this if you think i should. I think i have removed everything with the system restore virus but this part but im not sure. symptoms 1. on start up iexplore.exe will open and run but on the taskbar i dont see it open or cant never see the page so i close it in task manager. it will run ad's in the background so. 1a. i use peerblock to keep those sites from doin things while i am doin scan's and such so i dont know if this will effect the out come. 2. search's are redirected when clicked. 3. load time of pages has slowed down like the network cant get the page too fast. but opening and closing programs seems to be about the same in speed. 4. nod32 gives Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean 4a. nod32 is the only one out of about 5 that i have ran that see's this file. I have ran multi virus programs and such superantispyware will show some cookies up each time it scans but i lost the free trail to it last night i think. i have removed AVG and kaspersky trails as i switch from one to the other at this time i do have adaware and nod32 on the pc also maleware bytes still on the pc. i havn't removed superantispyware yet. I dont know if this will effect the outcome for combofix but i totally over looked where i need to put it on the desktop so i ran it from the firefox download folder it was saved. if this needs to be rescaned from the desktop i can redo this. but i will include that with my post here as i see it needed everywhere i read about it. -------------------------- combofix log let me know if i need to do it from the desktop in the future im sure i will. ComboFix 11-11-25.01 - Dustin 11/25/2011 0:41.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4159 [GMT -5:00] Running from: c:\users\Dustin\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 ))))))))))))))))))))))))))))))) . . 2011-11-25 06:18 . 2011-11-25 06:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F6F1FED-D398-40B9-B443-AE4EB60D1F90}\offreg.dll 2011-11-25 06:13 . 2011-11-25 06:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-11-25 06:13 . 2011-11-25 06:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-25 06:13 . 2011-11-25 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-25 02:52 . 2011-11-25 02:52 -------- d-----w- c:\program files\ESET 2011-11-24 09:56 . 2011-11-24 09:56 88 --sh--r- c:\programdata\D1E4B4E609.sys 2011-11-23 02:41 . 2011-11-23 02:42 -------- d-----w- c:\program files (x86)\FileZilla Server 2011-11-21 06:52 . 2011-11-21 06:52 -------- d-----w- c:\windows\system32\ioncube 2011-11-21 02:34 . 2011-11-21 02:34 388096 ----a-r- c:\users\Dustin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-21 02:34 . 2011-11-21 02:34 -------- d-----w- c:\program files (x86)\Trend Micro 2011-11-20 05:09 . 2009-12-14 17:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2011-11-20 05:09 . 2009-12-14 17:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2011-11-17 06:54 . 2011-11-17 05:11 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-17 05:12 . 2011-11-17 05:12 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-11-17 05:06 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-11-17 05:06 . 2011-11-17 05:06 -------- d-----w- c:\programdata\Lavasoft 2011-11-17 05:06 . 2011-11-17 05:06 -------- d-----w- c:\program files (x86)\Lavasoft 2011-11-16 19:19 . 2011-11-16 19:19 -------- d-----w- C:\$AVG 2011-11-16 18:29 . 2011-11-16 18:29 -------- d--h--w- c:\programdata\Common Files 2011-11-16 18:15 . 2011-11-17 00:31 -------- d-----w- c:\programdata\MFAData 2011-11-10 21:34 . 2011-11-05 06:53 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-11-10 21:34 . 2011-11-05 06:53 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll 2011-11-10 21:34 . 2011-11-05 06:53 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll 2011-11-10 21:34 . 2011-11-05 06:53 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll 2011-11-10 21:34 . 2011-11-05 06:53 1989592 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll 2011-11-10 21:34 . 2011-11-05 06:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll 2011-11-10 21:34 . 2011-11-05 03:21 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-11-10 21:34 . 2011-11-05 03:21 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll 2011-11-10 04:31 . 2011-11-10 04:31 -------- d-----w- c:\users\Dustin\AppData\Roaming\SUPERAntiSpyware.com 2011-11-10 04:31 . 2011-11-10 04:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-10 04:31 . 2011-11-10 04:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-11-09 19:43 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 19:43 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 19:43 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 19:43 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 01:51 . 2011-11-09 01:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-08 02:18 . 2011-11-08 02:18 -------- d-----r- c:\program files (x86)\Skype 2011-11-04 22:01 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F6F1FED-D398-40B9-B443-AE4EB60D1F90}\mpengine.dll 2011-11-04 03:46 . 2011-11-04 03:46 -------- d-----w- c:\windows\CheckSur 2011-11-01 04:48 . 2011-11-01 04:48 -------- d-----w- c:\program files (x86)\Safari 2011-10-28 22:24 . 2011-11-11 20:48 -------- d-----w- c:\users\Dustin\AppData\Roaming\mIRC 2011-10-28 22:24 . 2011-10-28 22:24 -------- d-----w- c:\program files (x86)\mIRC 2011-10-28 02:01 . 2011-10-28 02:01 -------- d-----w- c:\users\Dustin\AppData\Roaming\Realtime Soft 2011-10-28 02:01 . 2011-10-28 02:01 -------- d-----w- c:\programdata\Realtime Soft 2011-10-28 02:01 . 2011-10-28 02:01 -------- d-----w- c:\program files\UltraMon 2011-10-28 02:01 . 2011-10-28 02:01 -------- d-----w- c:\program files (x86)\Common Files\Realtime Soft 2011-10-27 02:04 . 2011-10-27 07:08 -------- d-----w- c:\users\Dustin\AppData\Local\ESN Sonar . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-24 09:56 . 2011-02-13 06:39 4598 --sha-w- c:\programdata\KGyGaAvL.sys 2011-11-07 10:28 . 2011-09-24 05:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-11-07 10:28 . 2011-04-25 02:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-11-07 10:17 . 2011-04-25 02:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-10-26 00:15 . 2011-05-19 01:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-25 14:25 . 2011-04-25 02:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2011-10-15 08:53 . 2011-10-26 00:08 7581504 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-10-26 00:08 68928 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-10-26 00:08 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-15 08:53 . 2011-10-26 00:08 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll 2011-10-15 08:53 . 2011-10-26 00:08 2542912 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-10-26 00:08 24796992 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-10-26 00:08 24742720 ----a-w- c:\windows\system32\nvoglv64.dll 2011-10-15 08:53 . 2011-10-26 00:08 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2011-10-15 08:53 . 2011-10-26 00:08 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-26 00:08 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-26 00:08 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2011-10-15 08:53 . 2011-10-26 00:08 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2011-10-15 08:53 . 2011-10-26 00:08 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-10-15 08:53 . 2011-10-26 00:08 1533248 ----a-w- c:\windows\system32\nvdispco64.dll 2011-10-15 08:53 . 2011-10-26 00:08 1454400 ----a-w- c:\windows\system32\nvgenco64.dll 2011-10-15 08:53 . 2011-10-26 00:08 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-15 08:53 . 2011-08-06 13:11 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-10-15 08:53 . 2011-08-06 13:11 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-10-15 08:53 . 2011-08-06 13:11 2808128 ----a-w- c:\windows\system32\nvapi64.dll 2011-10-15 08:53 . 2011-08-06 13:11 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-10-15 08:53 . 2011-08-06 13:11 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-10-15 08:53 . 2011-01-08 00:50 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-10-15 08:53 . 2011-01-08 00:50 10406208 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-01-08 00:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll 2011-10-15 08:53 . 2011-01-08 00:49 222528 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-01-08 00:49 1640768 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2010-07-09 20:27 137536 ----a-w- c:\windows\system32\nvshext.dll 2011-10-15 04:54 . 2011-10-15 04:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2011-09-01 05:24 . 2011-10-13 07:00 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-13 07:00 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-13 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-13 07:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-13 07:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-13 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-17_04.00.07 ))))))))))))))))))))))))))))))))))))))))) . - 2011-11-17 03:07 . 2011-11-17 03:07 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat + 2011-11-25 06:18 . 2011-11-25 06:16 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat - 2011-11-17 03:07 . 2011-11-17 03:07 16384 c:\windows\temp\History\History.IE5\index.dat + 2011-11-25 06:18 . 2011-11-25 06:16 16384 c:\windows\temp\History\History.IE5\index.dat - 2011-11-17 03:07 . 2011-11-17 03:07 16384 c:\windows\temp\Cookies\index.dat + 2011-11-25 06:18 . 2011-11-25 06:16 16384 c:\windows\temp\Cookies\index.dat + 2010-10-13 01:20 . 2011-11-25 06:18 92234 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-11-25 06:18 39470 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-10-13 00:52 . 2011-11-25 06:18 25532 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-39059309-325787191-288141660-1001_UserData.bin + 2011-11-17 05:06 . 2011-11-03 17:06 69376 c:\windows\system32\DRVSTORE\lbd_483F0BF7A3AD4ED71EB7FC6065CFD6B9C37DEB69\L bd.sys - 2009-07-14 05:30 . 2011-11-16 18:28 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2011-11-25 02:53 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 04:46 . 2011-11-20 11:10 92448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\Cache\cache.dat + 2011-11-25 02:52 . 2011-11-25 02:52 10134 c:\windows\Installer\{10E5F3FF-AD93-40C5-A0F5-13B9185DBB12}\callmsi.exe + 2011-11-23 09:44 . 2011-11-23 09:44 9560 c:\windows\system32\NetworkList\Icons\{98BF7480-CD53-4388-A1E5-2B6A8E05A5ED}_48.bin + 2011-11-23 09:44 . 2011-11-23 09:44 4280 c:\windows\system32\NetworkList\Icons\{98BF7480-CD53-4388-A1E5-2B6A8E05A5ED}_32.bin + 2011-11-23 09:44 . 2011-11-23 09:44 2456 c:\windows\system32\NetworkList\Icons\{98BF7480-CD53-4388-A1E5-2B6A8E05A5ED}_24.bin + 2011-11-25 06:16 . 2011-11-25 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-17 02:46 . 2011-11-17 02:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-17 02:46 . 2011-11-17 02:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-11-25 06:16 . 2011-11-25 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:36 . 2011-11-25 02:47 669534 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-25 02:47 125616 c:\windows\system32\perfc009.dat + 2011-11-21 06:52 . 2011-11-20 05:46 545792 c:\windows\system32\ioncube\ioncube_loader_win_5.3.dll + 2011-11-21 06:52 . 2011-11-20 05:46 448512 c:\windows\system32\ioncube\ioncube_loader_win_5.2.dll + 2011-11-21 06:52 . 2011-11-20 05:46 440832 c:\windows\system32\ioncube\ioncube_loader_win_5.1.dll - 2009-07-14 05:30 . 2011-11-16 18:28 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2011-11-25 02:53 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2011-11-16 18:28 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:30 . 2011-11-25 02:53 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-09-01 20:29 . 2009-09-01 20:29 157712 c:\windows\system32\drivers\kl1.sys + 2011-08-04 14:20 . 2011-08-04 14:20 137144 c:\windows\system32\drivers\epfwwfpr.sys + 2011-08-04 14:20 . 2011-08-04 14:20 146432 c:\windows\system32\drivers\ehdrv.sys + 2011-08-09 19:24 . 2011-08-09 19:24 202576 c:\windows\system32\drivers\eamonm.sys - 2009-07-14 05:01 . 2011-11-17 00:36 348112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-11-25 06:15 348112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-11-25 02:52 . 2011-11-25 02:52 105624 c:\windows\Installer\{10E5F3FF-AD93-40C5-A0F5-13B9185DBB12}\egui.exe + 2009-07-14 04:45 . 2011-11-20 04:30 7150424 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2011-11-16 18:36 7150424 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat + 2011-04-24 07:06 . 2011-11-24 07:53 5579660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-39059309-325787191-288141660-1001-12288.dat - 2011-04-24 07:06 . 2011-11-17 00:36 5579660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-39059309-325787191-288141660-1001-12288.dat + 2011-11-21 02:29 . 2011-11-21 02:29 1402880 c:\windows\Installer\21bfb.msi + 2011-04-22 09:12 . 2011-11-25 06:15 12137064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-39059309-325787191-288141660-1001-8192.dat + 2011-11-03 17:08 . 2011-11-03 17:08 15544320 c:\windows\Installer\80bb99.msi + 2011-11-25 02:51 . 2011-11-25 02:51 57035776 c:\windows\Installer\1ee4a.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntd rv] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] R3 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-14 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-14 79360] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 PCPitstop Scheduling;PCPitstop Scheduling;d:\programs\PCPitstopScheduleService.exe [2009-09-09 90296] S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [x] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-17 17152] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER . Contents of the 'Scheduled Tasks' folder . 2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 06:55] . 2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 06:55] . 2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-39059309-325787191-288141660-1001Core.job - c:\users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-14 06:55] . 2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-39059309-325787191-288141660-1001UA.job - c:\users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-14 06:55] . 2011-11-25 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65f9d942-7001-48b4-aef6-fe3b848deb51.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2011-11-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9cd972a8-0bc5-4eff-859b-2c5ad42063c2.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_Dlls"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\w2kzzu7o.default\ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties . - - - - ORPHANS REMOVED - - - - . WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-39059309-325787191-288141660-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:31,13,57,39,65,8a,f8,01,67,a2,5c,ff,ed,97,4d,ed,2e,e1,35,6a,34,29, e0, 91,78,f3,f1,11,07,a7,f1,a0,33,0d,52,03,ab,9d,8c,62,e5,b8,9e,c8,68,52,bc,6e, \ "??"=hex:3a,c9,c7,fc,42,6f,da,f1,19,0e,d5,bc,c5,21,93,da . [HKEY_USERS\S-1-5-21-39059309-325787191-288141660-1001\Software\SecuROM\License information*] "datasecu"=hex:50,d5,68,2d,5a,b1,9b,cf,8d,f6,a6,5f,32,a0,58,54,23,4f,a1,e7, 6d, ed,7e,35,55,3d,2d,ed,79,17,04,e4,1d,2e,8b,80,41,46,c8,b8,75,6d,1d,a8,d3,1d, \ "rkeysecu"=hex:99,68,e4,28,e4,04,d5,40,17,3a,08,6e,7c,7b,35,53 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_Ac tiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\FileZilla Server\FileZilla Server.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe d:\programs\Asus\AsCmd.exe d:\programs\Asus\AsShare.exe c:\program files (x86)\Internet Explorer\iexplore.exe c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2011-11-25 01:37:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-25 06:37 ComboFix2.txt 2011-11-17 04:19 . Pre-Run: 18,336,628,736 bytes free Post-Run: 18,723,151,872 bytes free . - - End Of File - - E109322CA7DDAEE4272CECF49908A70C ------------------------- mbrcheck gave me this and it says MBR code faked. i hope this might help as well. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: ASUSTeK Computer INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: System manufacturer System Product Name: System Product Name Logical Drives Mask: 0x00000efd Kernel Drivers (total 181): 0x03209000 \SystemRoot\system32\ntoskrnl.exe 0x037F2000 \SystemRoot\system32\hal.dll 0x00BB2000 \SystemRoot\system32\kdcom.dll 0x00C9A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CE9000 \SystemRoot\system32\PSHED.dll 0x00CFD000 \SystemRoot\system32\CLFS.SYS 0x00EBE000 \SystemRoot\system32\CI.dll 0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x01060000 \SystemRoot\System32\Drivers\sptd.sys 0x011BD000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x011C6000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x01000000 \SystemRoot\system32\drivers\ACPI.sys 0x011F5000 \SystemRoot\system32\drivers\msisadrv.sys 0x00F7E000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00F8B000 \SystemRoot\system32\drivers\pci.sys 0x00FBE000 \SystemRoot\System32\drivers\partmgr.sys 0x00FD3000 \SystemRoot\system32\drivers\volmgr.sys 0x00D5B000 \SystemRoot\System32\drivers\volmgrx.sys 0x01057000 \SystemRoot\system32\drivers\pciide.sys 0x00FE8000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x0105E000 \SystemRoot\system32\DRIVERS\AiCharger.sys 0x00DB7000 \SystemRoot\System32\drivers\mountmgr.sys 0x00EB3000 \SystemRoot\system32\drivers\atapi.sys 0x00DD1000 \SystemRoot\system32\drivers\ataport.SYS 0x00C00000 \SystemRoot\system32\DRIVERS\jraid.sys 0x00C1D000 \SystemRoot\system32\drivers\amdxata.sys 0x00C28000 \SystemRoot\system32\drivers\fltmgr.sys 0x00C74000 \SystemRoot\system32\drivers\fileinfo.sys 0x012B7000 \SystemRoot\system32\DRIVERS\Lbd.sys 0x01413000 \SystemRoot\System32\Drivers\Ntfs.sys 0x012CC000 \SystemRoot\System32\Drivers\msrpc.sys 0x015B6000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0132A000 \SystemRoot\System32\Drivers\cng.sys 0x015D1000 \SystemRoot\System32\drivers\pcw.sys 0x015E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01675000 \SystemRoot\system32\drivers\ndis.sys 0x01768000 \SystemRoot\system32\drivers\NETIO.SYS 0x017C8000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01807000 \SystemRoot\System32\drivers\tcpip.sys 0x01A0B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01A55000 \SystemRoot\system32\drivers\volsnap.sys 0x01AA1000 \SystemRoot\System32\Drivers\spldr.sys 0x01AA9000 \SystemRoot\System32\drivers\rdyboost.sys 0x01AE3000 \SystemRoot\System32\Drivers\mup.sys 0x01AF5000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01AFE000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01B38000 \SystemRoot\system32\DRIVERS\disk.sys 0x01B4E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01BB4000 \SystemRoot\system32\drivers\cdrom.sys 0x01BDE000 \SystemRoot\System32\Drivers\Null.SYS 0x01BE7000 \SystemRoot\System32\Drivers\Beep.SYS 0x01600000 \SystemRoot\system32\DRIVERS\ehdrv.sys 0x01BEE000 \SystemRoot\System32\drivers\vga.sys 0x01627000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x0164C000 \SystemRoot\System32\drivers\watchdog.sys 0x0165C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01665000 \SystemRoot\system32\drivers\rdpencdd.sys 0x017F3000 \SystemRoot\system32\drivers\rdprefmp.sys 0x015EC000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01400000 \SystemRoot\System32\Drivers\Npfs.SYS 0x0139C000 \SystemRoot\system32\DRIVERS\tdx.sys 0x013BE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x01200000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04AC7000 \SystemRoot\system32\DRIVERS\kl1.sys 0x04A00000 \SystemRoot\system32\drivers\afd.sys 0x04A89000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x04A92000 \SystemRoot\system32\DRIVERS\pacer.sys 0x01245000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x04AB8000 \SystemRoot\system32\DRIVERS\netbios.sys 0x0125B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x01276000 \SystemRoot\system32\drivers\termdd.sys 0x04FF0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x0128A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x044EB000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x0453C000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04548000 \SystemRoot\system32\drivers\mssmbios.sys 0x04553000 \SystemRoot\System32\drivers\discache.sys 0x04562000 \SystemRoot\System32\Drivers\dfsc.sys 0x04580000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x04591000 \SystemRoot\SysWow64\drivers\AsUpIO.sys 0x04597000 \SystemRoot\SysWow64\drivers\AsIO.sys 0x0459D000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x045C3000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0F2B2000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0FF29000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x03EE3000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys 0x03E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03E6A000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x03E77000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03ECD000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0FF2B000 \SystemRoot\system32\DRIVERS\yk62x64.sys 0x0503E000 \SystemRoot\system32\DRIVERS\hcw89.sys 0x051BC000 \SystemRoot\system32\DRIVERS\ks.sys 0x05000000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x05004000 \SystemRoot\system32\drivers\ksthunk.sys 0x0500A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x05207000 \SystemRoot\system32\DRIVERS\netr28x.sys 0x05357000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x05364000 \SystemRoot\system32\drivers\1394ohci.sys 0x053A2000 \SystemRoot\system32\DRIVERS\fdc.sys 0x053AF000 \SystemRoot\system32\DRIVERS\ASACPI.sys 0x053B7000 \SystemRoot\system32\drivers\i8042prt.sys 0x053D5000 \SystemRoot\system32\drivers\kbdclass.sys 0x053E4000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0FF90000 \SystemRoot\System32\Drivers\ay6idbub.SYS 0x053F3000 \SystemRoot\system32\drivers\wmiacpi.sys 0x05017000 \SystemRoot\system32\drivers\CompositeBus.sys 0x05027000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03FD7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x0FFD4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0F200000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0F22F000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0F24A000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x0F26B000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x053FC000 \SystemRoot\system32\drivers\swenum.sys 0x0F285000 \SystemRoot\system32\DRIVERS\circlass.sys 0x0F297000 \SystemRoot\system32\drivers\umbus.sys 0x04400000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0FFE0000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x0FFEB000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0445A000 \SystemRoot\system32\drivers\nvhda64v.sys 0x04487000 \SystemRoot\system32\drivers\portcls.sys 0x044C4000 \SystemRoot\system32\drivers\drmk.sys 0x06C68000 \SystemRoot\system32\drivers\ADIHdAud.sys 0x06CE1000 \SystemRoot\system32\drivers\MCfilt64.sys 0x06CEF000 \SystemRoot\system32\DRIVERS\hidir.sys 0x06D00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x06D19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x06D22000 \SystemRoot\system32\drivers\kbdhid.sys 0x06D30000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x06D3D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x06D58000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x06D5A000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x07403000 \SystemRoot\system32\DRIVERS\lvuvc64.sys 0x06D77000 \SystemRoot\system32\drivers\usbaudio.sys 0x06D92000 \SystemRoot\system32\DRIVERS\lvrs64.sys 0x06DE4000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x06DF2000 \SystemRoot\System32\Drivers\crashdmp.sys 0x06C00000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x06C0C000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x06C15000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00050000 \SystemRoot\System32\win32k.sys 0x06C28000 \SystemRoot\System32\drivers\Dxapi.sys 0x06C34000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00430000 \SystemRoot\System32\TSDDD.dll 0x00690000 \SystemRoot\System32\cdd.dll 0x06C42000 \SystemRoot\system32\drivers\luafv.sys 0x02A8D000 \SystemRoot\system32\DRIVERS\eamonm.sys 0x02B6F000 \SystemRoot\system32\drivers\WudfPf.sys 0x02B90000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02BA5000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x02A00000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x02A13000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x02A2B000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x09271000 \SystemRoot\system32\drivers\HTTP.sys 0x0933A000 \SystemRoot\system32\DRIVERS\bowser.sys 0x09358000 \SystemRoot\System32\drivers\mpsdrv.sys 0x09370000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0939D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x09200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x09224000 \??\C:\Windows\system32\drivers\cpuz134_x64.sys 0x0922D000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys 0x0981C000 \SystemRoot\system32\drivers\peauth.sys 0x098C2000 \SystemRoot\System32\Drivers\secdrv.SYS 0x098CD000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x098FE000 \SystemRoot\System32\drivers\tcpipreg.sys 0x09910000 \??\C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys 0x09919000 \SystemRoot\System32\DRIVERS\srv2.sys 0x09E15000 \SystemRoot\System32\DRIVERS\srv.sys 0x09EAD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x09EED000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 0x09F65000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x00880000 \SystemRoot\System32\ATMFD.DLL 0x09F70000 \??\C:\Program Files\PeerBlock\pbfilter.sys 0x09F7B000 \SystemRoot\System32\Drivers\fastfat.SYS 0x09EF4000 \SystemRoot\system32\DRIVERS\udfs.sys 0x77120000 \Windows\System32\ntdll.dll 0x482E0000 \Windows\System32\smss.exe 0xFF440000 \Windows\System32\apisetschema.dll Processes (total 70): 0 System Idle Process 4 System 312 C:\Windows\System32\smss.exe 468 csrss.exe 532 C:\Windows\System32\wininit.exe 560 csrss.exe 592 C:\Windows\System32\services.exe 612 C:\Windows\System32\lsass.exe 620 C:\Windows\System32\lsm.exe 728 C:\Windows\System32\svchost.exe 800 C:\Windows\System32\nvvsvc.exe 824 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 868 C:\Windows\System32\svchost.exe 932 C:\Windows\System32\svchost.exe 964 C:\Windows\System32\svchost.exe 996 C:\Windows\System32\svchost.exe 156 C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 272 C:\Windows\System32\winlogon.exe 1076 C:\Windows\System32\svchost.exe 1188 C:\Windows\System32\svchost.exe 1312 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1324 C:\Windows\System32\nvvsvc.exe 1348 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe 1640 C:\Windows\System32\spoolsv.exe 1676 C:\Windows\System32\svchost.exe 1772 C:\Program Files\SUPERAntiSpyware\SASCore64.exe 1792 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1820 C:\Program Files\Bonjour\mDNSResponder.exe 1896 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe 1928 C:\Windows\System32\svchost.exe 1952 C:\Program Files (x86)\FileZilla Server\FileZilla server.exe 1996 C:\Program Files\Microsoft LifeCam\MSCamS64.exe 1288 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 1516 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 1596 C:\Windows\System32\svchost.exe 2056 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe 2640 unsecapp.exe 2708 WmiPrvSE.exe 2912 C:\Windows\System32\svchost.exe 2976 WUDFHost.exe 3240 C:\Windows\System32\taskhost.exe 3316 C:\Windows\System32\taskeng.exe 3392 C:\Windows\System32\dwm.exe 3476 C:\Windows\explorer.exe 3496 C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe 3532 D:\Programs\Asus\AsCmd.exe 3896 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe 3960 D:\Programs\Asus\AsShare.exe 4052 C:\Windows\System32\SearchIndexer.exe 3692 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 744 C:\Program Files\Windows Media Player\wmpnetwk.exe 1808 C:\Windows\System32\svchost.exe 4464 C:\Windows\System32\taskmgr.exe 4700 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe 4940 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 3604 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 1648 C:\Windows\System32\svchost.exe 3308 C:\Windows\SysWOW64\PnkBstrA.exe 3744 C:\Program Files\PeerBlock\peerblock.exe 5240 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 4436 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe 1200 C:\Program Files (x86)\Internet Explorer\iexplore.exe 2884 C:\Program Files (x86)\Internet Explorer\iexplore.exe 3416 C:\Windows\System32\SearchProtocolHost.exe 4776 C:\Windows\System32\SearchFilterHost.exe 1084 C:\Windows\System32\SearchProtocolHost.exe 1500 C:\Windows\System32\audiodg.exe 5368 C:\Users\Dustin\Downloads\MBRCheck.exe 2784 C:\Windows\System32\conhost.exe 3176 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`a246f000 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: WDCWD6401AALS-00L3B2, Rev: 01.03B01 PhysicalDrive1 Model Number: ST3100011A, Rev: 3.02 Size Device Name MBR Status -------------------------------------------- 596 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 93 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0... Enter filename to dump to: Attach.txt hijackthis.log DDS.txt TDSSKiller.2.6.16.0_08.11.2011_20.24.08_log.txt