Jump to content

tashana

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by tashana

  1. Thanks alot for your help The world needs more people like you. Hope you have a Great new Years.
  2. I forgot to include the severbeach emule servers p2p fake files ip that was being block when i start up ventrilo so here that one is. 64.34.178.178 I ran the ESET OnlineScan but at the end of it all i didnt see this When the scan completes, click List Threats Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Click the Back button. Click the Finish button. I only see the results which scanned over 200k files and said infected 0 and cleaned 0 and the finish i looked for other things to click on but finish was the only thing other than clicking to uninstall when closed check box. But it didn't find anything with this scan.. i use about 4 different browsers so i will install the 32bit java to be sure. hehe.. do the same method as above.
  3. on start up nothing running i will get a few of Time Warner Telcom in my peerblock my ip as the sorce trying to connect to these 2 ips. i also did a scan with hitman pro and it seemed to remove some cookies and most of those time warner's have stoped but not all, i only get a few at start up now so not really sure what it is or if its anything. 64.132.49.139 64.132.49.152 I found out that peerblock is catching severbeach emule servers p2p fake files only when i start my ventrilo server that i talk with a friend from canada with. So im not sure if that is natural for Vent to do this but i cant find much about it only. i uninstalled the java and i installed the Windows x64. i didn't see the Windows x86 Offline there was a Windows x86 but should i do the 32bit one or just keep the 64bit one with 64bit 7? I can redo this if needed. Hitman pro doesn't see anything anymore and adware has been removed. Scan logs for malewarebytes. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8275 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 11/29/2011 11:13:41 PM mbam-log-2011-11-29 (23-13-41).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 453848 Time elapsed: 51 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. I think this is the TDSS file that removed things.. i will add my last scan as well just incase it will be the one that shows nothing found. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Dustin at 17:58:04 on 2011-11-28 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4422 [GMT -5:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\alg.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe D:\Programs\Asus\AsCmd.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe D:\Programs\Asus\AsShare.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\taskmgr.exe C:\Program Files\PeerBlock\peerblock.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll TB: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File uRun: [spyware Doctor] C:\Users\Dustin\Desktop\sdsetup_revwire207.exe -min mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - D:\Programs\OFFICE11\REFIEBAR.DLL DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.64.2.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{98FBB101-8425-4607-803C-FAA5B82C146F} : DhcpNameServer = 192.168.4.1 192.168.1.1 TCP: Interfaces\{F3AEDA78-FAB9-4937-A503-A55E65E46330} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F47BD68F-59AC-41C4-95CB-E7E6EB8F415A} : DhcpNameServer = 192.168.4.1 192.168.137.1 TCP: Interfaces\{F47BD68F-59AC-41C4-95CB-E7E6EB8F415A}\449425452494B45483F5E4564777F627B6 : DhcpNameServer = 192.168.1.1 BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll BHO-X64: Conduit Engine - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll BHO-X64: uTorrentBar - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll TB-X64: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\w2kzzu7o.default\ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\Dustin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Users\Dustin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?] R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-25 2253120] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-27 2337144] R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640] R3 hcw89;hcw89 service;C:\Windows\system32\DRIVERS\hcw89.sys --> C:\Windows\system32\DRIVERS\hcw89.sys [?] R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-17 17152] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUVC64;Logitech Webcam C260(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 MCfilt;MCfilt;C:\Windows\system32\drivers\MCfilt64.sys --> C:\Windows\system32\drivers\MCfilt64.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-2-8 24176] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-8 366152] S3 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-10-14 90112] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-14 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-14 79360] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176] S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [2010-10-13 602624] S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?] S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] S3 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976] S3 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688] S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys --> C:\Windows\system32\DRIVERS\VX6000Xp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;D:\Programs\PCPitstopScheduleService.exe [2010-10-14 90296] . =============== Created Last 30 ================ . 2011-11-28 03:52:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98CFD779-8985-4EDC-A036-40AF2792F904}\offreg.dll 2011-11-26 08:35:57 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll 2011-11-26 00:38:34 -------- d-sh--w- C:\$RECYCLE.BIN 2011-11-25 22:06:01 -------- d-----w- C:\ProgramData\PC Tools 2011-11-25 07:12:42 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{98CFD779-8985-4EDC-A036-40AF2792F904}\mpengine.dll 2011-11-25 05:35:31 -------- d-----w- C:\ComboFix 2011-11-25 02:52:36 -------- d-----w- C:\Program Files\ESET 2011-11-24 09:56:23 88 --sh--r- C:\ProgramData\D1E4B4E609.sys 2011-11-23 02:41:03 -------- d-----w- C:\Program Files (x86)\FileZilla Server 2011-11-21 06:52:46 -------- d-----w- C:\Windows\System32\ioncube 2011-11-21 02:34:26 388096 ----a-r- C:\Users\Dustin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-21 02:34:26 -------- d-----w- C:\Program Files (x86)\Trend Micro 2011-11-20 05:09:14 85048 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys 2011-11-20 05:09:14 66104 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys 2011-11-17 06:54:26 16432 ----a-w- C:\Windows\System32\lsdelete.exe 2011-11-17 05:12:01 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2011-11-17 05:06:46 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys 2011-11-17 05:06:40 -------- d-----w- C:\Program Files (x86)\Lavasoft 2011-11-17 02:03:26 98816 ----a-w- C:\Windows\sed.exe 2011-11-17 02:03:26 518144 ----a-w- C:\Windows\SWREG.exe 2011-11-17 02:03:26 256000 ----a-w- C:\Windows\PEV.exe 2011-11-17 02:03:26 208896 ----a-w- C:\Windows\MBR.exe 2011-11-16 19:19:20 -------- d-----w- C:\$AVG 2011-11-16 18:29:12 -------- d--h--w- C:\ProgramData\Common Files 2011-11-16 18:15:56 -------- d-----w- C:\ProgramData\MFAData 2011-11-10 21:34:55 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-11-10 21:34:53 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll 2011-11-10 21:34:53 801752 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll 2011-11-10 21:34:53 478168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll 2011-11-10 21:34:53 1989592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2011-11-10 21:34:53 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll 2011-11-10 21:34:52 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-11-10 21:34:52 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll 2011-11-10 04:31:43 -------- d-----w- C:\Users\Dustin\AppData\Roaming\SUPERAntiSpyware.com 2011-11-10 04:31:18 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-11-10 04:31:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-11-09 19:43:26 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll 2011-11-09 19:43:26 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll 2011-11-09 19:43:22 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-11-09 19:43:21 3144704 ----a-w- C:\Windows\System32\win32k.sys 2011-11-09 01:51:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-11-08 02:18:39 -------- d-----r- C:\Program Files (x86)\Skype 2011-11-04 03:46:50 -------- d-----w- C:\Windows\CheckSur . ==================== Find3M ==================== . 2011-11-28 08:14:21 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-11-28 08:14:21 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-11-26 08:53:03 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-11-24 09:56:44 4598 --sha-w- C:\ProgramData\KGyGaAvL.sys 2011-10-26 00:15:28 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-25 14:25:02 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-10-15 04:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-08-31 03:05:32 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-08-31 03:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-08-31 03:05:04 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-08-31 03:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll . ============= FINISH: 17:58:30.64 =============== Attach.txt TDSSKiller.2.6.21.0_27.11.2011_07.48.51_log.txt TDSSKiller.2.6.21.0_28.11.2011_02.51.23_log.txt
  5. thanks i was on my way out when i checked here but i will get those logs once i get back and posted. everything seems ok but my peerblock is still blocking a severbeach emule servers p2p fake files. so there still might be something there adware found some cookie's looked like i will try to post some logs when i get home
  6. Thanks you so much for you help but it looks like i fixed it last night when i was up still trying a few things. heres what happened. Reading more into it and seeing it was inside the MBR i ran the aswmbr.exe and i did a fix mbr then i ran mbrcheck to see if it was still faked and it wasn't so i reran tdsskiller and it actully showed up 5 things this time one give me the option to cure the others i had to pick so i deleted them.. now this is where it got tricky but stuff that i have done before. I must have messed the MBR up by doin those step's or it could have been something tdss deleted so i would start the pc up and it would not boot at all black screen with a blinking line. so i tryed the win 7 disk to run the bootrec /fixboot and the other options but wouldn't fix it at all. so i went to my pc at the office where i have my copy of Partition manager by easus and created a bootable usb drive but you can only do this with the paid version not the free trail incase others read this. So i pluged it in and booted to the USB drive and i rebuilt the mbr from there again just to make sure then i had to set the system reserve partition as active applyed the settings and i was all ready to go no tdss comes back clear and nod32 doesn't show anything in the memory running so im running a full scan now. and checkmbr doesn't show faked anymore as well. After the nod32 i will rescan with malewarebytes to finish testing but is there anything else i need to do now. and thank you so much for all the help so far. If anyone else has this and reads this please confirm your reports when you are getting help because you dont want to have the black screen like i did because the avg user will have a hard time figuring it out. because you cant just search for the fix.
  7. well after trying this it doesn't seem to work not sure why but i looked it up to see and not sure but i will post the link in ref.. i installed it made the disk and booted and the screen loads and ask's me to pick a lang once i pick english it goes to a black screen with a bunch off stuff wrote on it but i cant scroll up to see the start but this is about what i could get from it. http://code.google.com/p/xpud/issues/detail?id=131
  8. when i first got the virus this was my malware bytes scan now it comes back with nothing found... Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8111 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 11/7/2011 11:44:34 PM mbam-log-2011-11-07 (23-44-34).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 459519 Time elapsed: 32 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  9. OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit Processor: Intel® Core i7 CPU 920 @ 2.67GHz, Intel64 Family 6 Model 26 Stepping 5 Processor Count: 8 RAM: 6135 Mb Graphics Card: NVIDIA GeForce GTX 580, 1536 Mb Hard Drives: C: Total - 125367 MB, Free - 17926 MB; D: Total - 485001 MB, Free - 202038 MB; F: Total - 95385 MB, Free - 51863 MB; Motherboard: ASUSTeK Computer INC., Rampage II Extreme Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated and Enabled I can take hard drive f out if it would help things. nod32 gives Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean Customer built pc. I used to work in a IT dept of a call center but its all self taught. Im not the smartest but i do understand i dont know it all hehe or i wouldn't need help it all started when wife got a Virus called System restore so i followed the guide at http://www.bleepingcomputer.com/viru...system-restore started on the 8th but could have been 7th not sure. but my TDSSKiller log was ran on the 8th. i can rerun this if you think i should. I think i have removed everything with the system restore virus but this part but im not sure. symptoms 1. on start up iexplore.exe will open and run but on the taskbar i dont see it open or cant never see the page so i close it in task manager. it will run ad's in the background so. 1a. i use peerblock to keep those sites from doin things while i am doin scan's and such so i dont know if this will effect the out come. 2. search's are redirected when clicked. 3. load time of pages has slowed down like the network cant get the page too fast. but opening and closing programs seems to be about the same in speed. 4. nod32 gives Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean 4a. nod32 is the only one out of about 5 that i have ran that see's this file. I have ran multi virus programs and such superantispyware will show some cookies up each time it scans but i lost the free trail to it last night i think. i have removed AVG and kaspersky trails as i switch from one to the other at this time i do have adaware and nod32 on the pc also maleware bytes still on the pc. i havn't removed superantispyware yet. I dont know if this will effect the outcome for combofix but i totally over looked where i need to put it on the desktop so i ran it from the firefox download folder it was saved. if this needs to be rescaned from the desktop i can redo this. but i will include that with my post here as i see it needed everywhere i read about it. -------------------------- combofix log let me know if i need to do it from the desktop in the future im sure i will. ComboFix 11-11-25.01 - Dustin 11/25/2011 0:41.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4159 [GMT -5:00] Running from: c:\users\Dustin\Downloads\ComboFix.exe AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 ))))))))))))))))))))))))))))))) . . 2011-11-25 06:18 . 2011-11-25 06:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F6F1FED-D398-40B9-B443-AE4EB60D1F90}\offreg.dll 2011-11-25 06:13 . 2011-11-25 06:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-11-25 06:13 . 2011-11-25 06:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-11-25 06:13 . 2011-11-25 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-11-25 02:52 . 2011-11-25 02:52 -------- d-----w- c:\program files\ESET 2011-11-24 09:56 . 2011-11-24 09:56 88 --sh--r- c:\programdata\D1E4B4E609.sys 2011-11-23 02:41 . 2011-11-23 02:42 -------- d-----w- c:\program files (x86)\FileZilla Server 2011-11-21 06:52 . 2011-11-21 06:52 -------- d-----w- c:\windows\system32\ioncube 2011-11-21 02:34 . 2011-11-21 02:34 388096 ----a-r- c:\users\Dustin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-21 02:34 . 2011-11-21 02:34 -------- d-----w- c:\program files (x86)\Trend Micro 2011-11-20 05:09 . 2009-12-14 17:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2011-11-20 05:09 . 2009-12-14 17:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2011-11-17 06:54 . 2011-11-17 05:11 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-11-17 05:12 . 2011-11-17 05:12 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-11-17 05:06 . 2011-11-03 17:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-11-17 05:06 . 2011-11-17 05:06 -------- d-----w- c:\programdata\Lavasoft 2011-11-17 05:06 . 2011-11-17 05:06 -------- d-----w- c:\program files (x86)\Lavasoft 2011-11-16 19:19 . 2011-11-16 19:19 -------- d-----w- C:\$AVG 2011-11-16 18:29 . 2011-11-16 18:29 -------- d--h--w- c:\programdata\Common Files 2011-11-16 18:15 . 2011-11-17 00:31 -------- d-----w- c:\programdata\MFAData 2011-11-10 21:34 . 2011-11-05 06:53 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll 2011-11-10 21:34 . 2011-11-05 06:53 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll 2011-11-10 21:34 . 2011-11-05 06:53 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll 2011-11-10 21:34 . 2011-11-05 06:53 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll 2011-11-10 21:34 . 2011-11-05 06:53 1989592 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll 2011-11-10 21:34 . 2011-11-05 06:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll 2011-11-10 21:34 . 2011-11-05 03:21 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2011-11-10 21:34 . 2011-11-05 03:21 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll 2011-11-10 04:31 . 2011-11-10 04:31 -------- d-----w- c:\users\Dustin\AppData\Roaming\SUPERAntiSpyware.com 2011-11-10 04:31 . 2011-11-10 04:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-11-10 04:31 . 2011-11-10 04:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-11-09 19:43 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-09 19:43 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2011-11-09 19:43 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-09 19:43 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys 2011-11-09 01:51 . 2011-11-09 01:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-11-08 02:18 . 2011-11-08 02:18 -------- d-----r- c:\program files (x86)\Skype 2011-11-04 22:01 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F6F1FED-D398-40B9-B443-AE4EB60D1F90}\mpengine.dll 2011-11-04 03:46 . 2011-11-04 03:46 -------- d-----w- c:\windows\CheckSur 2011-11-01 04:48 . 2011-11-01 04:48 -------- d-----w- c:\program files (x86)\Safari 2011-10-28 22:24 . 2011-11-11 20:48 -------- d-----w- c:\users\Dustin\AppData\Roaming\mIRC 2011-10-28 22:24 . 2011-10-28 22:24 -------- d-----w- c:\program files (x86)\mIRC 2011-10-28 02:01 . 2011-10-28 02:01 -------- d-----w- c:\users\Dustin\AppData\Roaming\Realtime Soft 2011-10-28 02:01 . 2011-10-28 02:01 -------- d-----w- c:\programdata\Realtime Soft 2011-10-28 02:01 . 2011-10-28 02:01 -------- d-----w- c:\program files\UltraMon 2011-10-28 02:01 . 2011-10-28 02:01 -------- d-----w- c:\program files (x86)\Common Files\Realtime Soft 2011-10-27 02:04 . 2011-10-27 07:08 -------- d-----w- c:\users\Dustin\AppData\Local\ESN Sonar . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-24 09:56 . 2011-02-13 06:39 4598 --sha-w- c:\programdata\KGyGaAvL.sys 2011-11-07 10:28 . 2011-09-24 05:45 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-11-07 10:28 . 2011-04-25 02:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-11-07 10:17 . 2011-04-25 02:22 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-10-26 00:15 . 2011-05-19 01:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-25 14:25 . 2011-04-25 02:22 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2011-10-15 08:53 . 2011-10-26 00:08 7581504 ----a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-10-26 00:08 68928 ----a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-10-26 00:08 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-15 08:53 . 2011-10-26 00:08 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll 2011-10-15 08:53 . 2011-10-26 00:08 2542912 ----a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-10-26 00:08 24796992 ----a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-10-26 00:08 24742720 ----a-w- c:\windows\system32\nvoglv64.dll 2011-10-15 08:53 . 2011-10-26 00:08 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2011-10-15 08:53 . 2011-10-26 00:08 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-26 00:08 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-26 00:08 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2011-10-15 08:53 . 2011-10-26 00:08 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2011-10-15 08:53 . 2011-10-26 00:08 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll 2011-10-15 08:53 . 2011-10-26 00:08 1533248 ----a-w- c:\windows\system32\nvdispco64.dll 2011-10-15 08:53 . 2011-10-26 00:08 1454400 ----a-w- c:\windows\system32\nvgenco64.dll 2011-10-15 08:53 . 2011-10-26 00:08 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-15 08:53 . 2011-08-06 13:11 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-10-15 08:53 . 2011-08-06 13:11 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-10-15 08:53 . 2011-08-06 13:11 2808128 ----a-w- c:\windows\system32\nvapi64.dll 2011-10-15 08:53 . 2011-08-06 13:11 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll 2011-10-15 08:53 . 2011-08-06 13:11 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-10-15 08:53 . 2011-01-08 00:50 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll 2011-10-15 08:53 . 2011-01-08 00:50 10406208 ----a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-01-08 00:49 5067584 ----a-w- c:\windows\system32\nvsvc64.dll 2011-10-15 08:53 . 2011-01-08 00:49 222528 ----a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-01-08 00:49 1640768 ----a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2010-07-09 20:27 137536 ----a-w- c:\windows\system32\nvshext.dll 2011-10-15 04:54 . 2011-10-15 04:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2011-09-01 05:24 . 2011-10-13 07:00 2309120 ----a-w- c:\windows\system32\jscript9.dll 2011-09-01 05:17 . 2011-10-13 07:00 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-09-01 05:12 . 2011-10-13 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-09-01 02:35 . 2011-10-13 07:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-09-01 02:28 . 2011-10-13 07:00 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-09-01 02:22 . 2011-10-13 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-31 03:05 . 2011-08-31 03:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-31 03:05 . 2011-08-31 03:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-17_04.00.07 ))))))))))))))))))))))))))))))))))))))))) . - 2011-11-17 03:07 . 2011-11-17 03:07 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat + 2011-11-25 06:18 . 2011-11-25 06:16 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat - 2011-11-17 03:07 . 2011-11-17 03:07 16384 c:\windows\temp\History\History.IE5\index.dat + 2011-11-25 06:18 . 2011-11-25 06:16 16384 c:\windows\temp\History\History.IE5\index.dat - 2011-11-17 03:07 . 2011-11-17 03:07 16384 c:\windows\temp\Cookies\index.dat + 2011-11-25 06:18 . 2011-11-25 06:16 16384 c:\windows\temp\Cookies\index.dat + 2010-10-13 01:20 . 2011-11-25 06:18 92234 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-11-25 06:18 39470 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-10-13 00:52 . 2011-11-25 06:18 25532 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-39059309-325787191-288141660-1001_UserData.bin + 2011-11-17 05:06 . 2011-11-03 17:06 69376 c:\windows\system32\DRVSTORE\lbd_483F0BF7A3AD4ED71EB7FC6065CFD6B9C37DEB69\L bd.sys - 2009-07-14 05:30 . 2011-11-16 18:28 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2011-11-25 02:53 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 04:46 . 2011-11-20 11:10 92448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\Cache\cache.dat + 2011-11-25 02:52 . 2011-11-25 02:52 10134 c:\windows\Installer\{10E5F3FF-AD93-40C5-A0F5-13B9185DBB12}\callmsi.exe + 2011-11-23 09:44 . 2011-11-23 09:44 9560 c:\windows\system32\NetworkList\Icons\{98BF7480-CD53-4388-A1E5-2B6A8E05A5ED}_48.bin + 2011-11-23 09:44 . 2011-11-23 09:44 4280 c:\windows\system32\NetworkList\Icons\{98BF7480-CD53-4388-A1E5-2B6A8E05A5ED}_32.bin + 2011-11-23 09:44 . 2011-11-23 09:44 2456 c:\windows\system32\NetworkList\Icons\{98BF7480-CD53-4388-A1E5-2B6A8E05A5ED}_24.bin + 2011-11-25 06:16 . 2011-11-25 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-17 02:46 . 2011-11-17 02:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-11-17 02:46 . 2011-11-17 02:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-11-25 06:16 . 2011-11-25 06:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:36 . 2011-11-25 02:47 669534 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-11-25 02:47 125616 c:\windows\system32\perfc009.dat + 2011-11-21 06:52 . 2011-11-20 05:46 545792 c:\windows\system32\ioncube\ioncube_loader_win_5.3.dll + 2011-11-21 06:52 . 2011-11-20 05:46 448512 c:\windows\system32\ioncube\ioncube_loader_win_5.2.dll + 2011-11-21 06:52 . 2011-11-20 05:46 440832 c:\windows\system32\ioncube\ioncube_loader_win_5.1.dll - 2009-07-14 05:30 . 2011-11-16 18:28 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2011-11-25 02:53 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2011-11-16 18:28 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-07-14 05:30 . 2011-11-25 02:53 143360 c:\windows\system32\DriverStore\infstor.dat + 2009-09-01 20:29 . 2009-09-01 20:29 157712 c:\windows\system32\drivers\kl1.sys + 2011-08-04 14:20 . 2011-08-04 14:20 137144 c:\windows\system32\drivers\epfwwfpr.sys + 2011-08-04 14:20 . 2011-08-04 14:20 146432 c:\windows\system32\drivers\ehdrv.sys + 2011-08-09 19:24 . 2011-08-09 19:24 202576 c:\windows\system32\drivers\eamonm.sys - 2009-07-14 05:01 . 2011-11-17 00:36 348112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-11-25 06:15 348112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-11-25 02:52 . 2011-11-25 02:52 105624 c:\windows\Installer\{10E5F3FF-AD93-40C5-A0F5-13B9185DBB12}\egui.exe + 2009-07-14 04:45 . 2011-11-20 04:30 7150424 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2011-11-16 18:36 7150424 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\tokens.dat + 2011-04-24 07:06 . 2011-11-24 07:53 5579660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-39059309-325787191-288141660-1001-12288.dat - 2011-04-24 07:06 . 2011-11-17 00:36 5579660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-39059309-325787191-288141660-1001-12288.dat + 2011-11-21 02:29 . 2011-11-21 02:29 1402880 c:\windows\Installer\21bfb.msi + 2011-04-22 09:12 . 2011-11-25 06:15 12137064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-39059309-325787191-288141660-1001-8192.dat + 2011-11-03 17:08 . 2011-11-03 17:08 15544320 c:\windows\Installer\80bb99.msi + 2011-11-25 02:51 . 2011-11-25 02:51 57035776 c:\windows\Installer\1ee4a.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntd rv] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] R3 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-14 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-14 79360] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 PCPitstop Scheduling;PCPitstop Scheduling;d:\programs\PCPitstopScheduleService.exe [2009-09-09 90296] S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 hcw89;hcw89 service;c:\windows\system32\DRIVERS\hcw89.sys [x] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-17 17152] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam C260(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 MCfilt;MCfilt;c:\windows\system32\drivers\MCfilt64.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER . Contents of the 'Scheduled Tasks' folder . 2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 06:55] . 2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 06:55] . 2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-39059309-325787191-288141660-1001Core.job - c:\users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-14 06:55] . 2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-39059309-325787191-288141660-1001UA.job - c:\users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-14 06:55] . 2011-11-25 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65f9d942-7001-48b4-aef6-fe3b848deb51.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2011-11-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9cd972a8-0bc5-4eff-859b-2c5ad42063c2.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_Dlls"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab FF - ProfilePath - c:\users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\w2kzzu7o.default\ FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties . - - - - ORPHANS REMOVED - - - - . WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-39059309-325787191-288141660-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:31,13,57,39,65,8a,f8,01,67,a2,5c,ff,ed,97,4d,ed,2e,e1,35,6a,34,29, e0, 91,78,f3,f1,11,07,a7,f1,a0,33,0d,52,03,ab,9d,8c,62,e5,b8,9e,c8,68,52,bc,6e, \ "??"=hex:3a,c9,c7,fc,42,6f,da,f1,19,0e,d5,bc,c5,21,93,da . [HKEY_USERS\S-1-5-21-39059309-325787191-288141660-1001\Software\SecuROM\License information*] "datasecu"=hex:50,d5,68,2d,5a,b1,9b,cf,8d,f6,a6,5f,32,a0,58,54,23,4f,a1,e7, 6d, ed,7e,35,55,3d,2d,ed,79,17,04,e4,1d,2e,8b,80,41,46,c8,b8,75,6d,1d,a8,d3,1d, \ "rkeysecu"=hex:99,68,e4,28,e4,04,d5,40,17,3a,08,6e,7c,7b,35,53 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_Ac tiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\FileZilla Server\FileZilla Server.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe d:\programs\Asus\AsCmd.exe d:\programs\Asus\AsShare.exe c:\program files (x86)\Internet Explorer\iexplore.exe c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Completion time: 2011-11-25 01:37:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-25 06:37 ComboFix2.txt 2011-11-17 04:19 . Pre-Run: 18,336,628,736 bytes free Post-Run: 18,723,151,872 bytes free . - - End Of File - - E109322CA7DDAEE4272CECF49908A70C ------------------------- mbrcheck gave me this and it says MBR code faked. i hope this might help as well. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: ASUSTeK Computer INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: System manufacturer System Product Name: System Product Name Logical Drives Mask: 0x00000efd Kernel Drivers (total 181): 0x03209000 \SystemRoot\system32\ntoskrnl.exe 0x037F2000 \SystemRoot\system32\hal.dll 0x00BB2000 \SystemRoot\system32\kdcom.dll 0x00C9A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CE9000 \SystemRoot\system32\PSHED.dll 0x00CFD000 \SystemRoot\system32\CLFS.SYS 0x00EBE000 \SystemRoot\system32\CI.dll 0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x01060000 \SystemRoot\System32\Drivers\sptd.sys 0x011BD000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x011C6000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x01000000 \SystemRoot\system32\drivers\ACPI.sys 0x011F5000 \SystemRoot\system32\drivers\msisadrv.sys 0x00F7E000 \SystemRoot\system32\drivers\vdrvroot.sys 0x00F8B000 \SystemRoot\system32\drivers\pci.sys 0x00FBE000 \SystemRoot\System32\drivers\partmgr.sys 0x00FD3000 \SystemRoot\system32\drivers\volmgr.sys 0x00D5B000 \SystemRoot\System32\drivers\volmgrx.sys 0x01057000 \SystemRoot\system32\drivers\pciide.sys 0x00FE8000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x0105E000 \SystemRoot\system32\DRIVERS\AiCharger.sys 0x00DB7000 \SystemRoot\System32\drivers\mountmgr.sys 0x00EB3000 \SystemRoot\system32\drivers\atapi.sys 0x00DD1000 \SystemRoot\system32\drivers\ataport.SYS 0x00C00000 \SystemRoot\system32\DRIVERS\jraid.sys 0x00C1D000 \SystemRoot\system32\drivers\amdxata.sys 0x00C28000 \SystemRoot\system32\drivers\fltmgr.sys 0x00C74000 \SystemRoot\system32\drivers\fileinfo.sys 0x012B7000 \SystemRoot\system32\DRIVERS\Lbd.sys 0x01413000 \SystemRoot\System32\Drivers\Ntfs.sys 0x012CC000 \SystemRoot\System32\Drivers\msrpc.sys 0x015B6000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0132A000 \SystemRoot\System32\Drivers\cng.sys 0x015D1000 \SystemRoot\System32\drivers\pcw.sys 0x015E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01675000 \SystemRoot\system32\drivers\ndis.sys 0x01768000 \SystemRoot\system32\drivers\NETIO.SYS 0x017C8000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01807000 \SystemRoot\System32\drivers\tcpip.sys 0x01A0B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01A55000 \SystemRoot\system32\drivers\volsnap.sys 0x01AA1000 \SystemRoot\System32\Drivers\spldr.sys 0x01AA9000 \SystemRoot\System32\drivers\rdyboost.sys 0x01AE3000 \SystemRoot\System32\Drivers\mup.sys 0x01AF5000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01AFE000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01B38000 \SystemRoot\system32\DRIVERS\disk.sys 0x01B4E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01BB4000 \SystemRoot\system32\drivers\cdrom.sys 0x01BDE000 \SystemRoot\System32\Drivers\Null.SYS 0x01BE7000 \SystemRoot\System32\Drivers\Beep.SYS 0x01600000 \SystemRoot\system32\DRIVERS\ehdrv.sys 0x01BEE000 \SystemRoot\System32\drivers\vga.sys 0x01627000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x0164C000 \SystemRoot\System32\drivers\watchdog.sys 0x0165C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01665000 \SystemRoot\system32\drivers\rdpencdd.sys 0x017F3000 \SystemRoot\system32\drivers\rdprefmp.sys 0x015EC000 \SystemRoot\System32\Drivers\Msfs.SYS 0x01400000 \SystemRoot\System32\Drivers\Npfs.SYS 0x0139C000 \SystemRoot\system32\DRIVERS\tdx.sys 0x013BE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x01200000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04AC7000 \SystemRoot\system32\DRIVERS\kl1.sys 0x04A00000 \SystemRoot\system32\drivers\afd.sys 0x04A89000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x04A92000 \SystemRoot\system32\DRIVERS\pacer.sys 0x01245000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x04AB8000 \SystemRoot\system32\DRIVERS\netbios.sys 0x0125B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x01276000 \SystemRoot\system32\drivers\termdd.sys 0x04FF0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 0x0128A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 0x044EB000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x0453C000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04548000 \SystemRoot\system32\drivers\mssmbios.sys 0x04553000 \SystemRoot\System32\drivers\discache.sys 0x04562000 \SystemRoot\System32\Drivers\dfsc.sys 0x04580000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x04591000 \SystemRoot\SysWow64\drivers\AsUpIO.sys 0x04597000 \SystemRoot\SysWow64\drivers\AsIO.sys 0x0459D000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x045C3000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0F2B2000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0FF29000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x03EE3000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys 0x03E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03E6A000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x03E77000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03ECD000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0FF2B000 \SystemRoot\system32\DRIVERS\yk62x64.sys 0x0503E000 \SystemRoot\system32\DRIVERS\hcw89.sys 0x051BC000 \SystemRoot\system32\DRIVERS\ks.sys 0x05000000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x05004000 \SystemRoot\system32\drivers\ksthunk.sys 0x0500A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x05207000 \SystemRoot\system32\DRIVERS\netr28x.sys 0x05357000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x05364000 \SystemRoot\system32\drivers\1394ohci.sys 0x053A2000 \SystemRoot\system32\DRIVERS\fdc.sys 0x053AF000 \SystemRoot\system32\DRIVERS\ASACPI.sys 0x053B7000 \SystemRoot\system32\drivers\i8042prt.sys 0x053D5000 \SystemRoot\system32\drivers\kbdclass.sys 0x053E4000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0FF90000 \SystemRoot\System32\Drivers\ay6idbub.SYS 0x053F3000 \SystemRoot\system32\drivers\wmiacpi.sys 0x05017000 \SystemRoot\system32\drivers\CompositeBus.sys 0x05027000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03FD7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x0FFD4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x0F200000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x0F22F000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x0F24A000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x0F26B000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x053FC000 \SystemRoot\system32\drivers\swenum.sys 0x0F285000 \SystemRoot\system32\DRIVERS\circlass.sys 0x0F297000 \SystemRoot\system32\drivers\umbus.sys 0x04400000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0FFE0000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0x0FFEB000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0445A000 \SystemRoot\system32\drivers\nvhda64v.sys 0x04487000 \SystemRoot\system32\drivers\portcls.sys 0x044C4000 \SystemRoot\system32\drivers\drmk.sys 0x06C68000 \SystemRoot\system32\drivers\ADIHdAud.sys 0x06CE1000 \SystemRoot\system32\drivers\MCfilt64.sys 0x06CEF000 \SystemRoot\system32\DRIVERS\hidir.sys 0x06D00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x06D19000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x06D22000 \SystemRoot\system32\drivers\kbdhid.sys 0x06D30000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x06D3D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x06D58000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x06D5A000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x07403000 \SystemRoot\system32\DRIVERS\lvuvc64.sys 0x06D77000 \SystemRoot\system32\drivers\usbaudio.sys 0x06D92000 \SystemRoot\system32\DRIVERS\lvrs64.sys 0x06DE4000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x06DF2000 \SystemRoot\System32\Drivers\crashdmp.sys 0x06C00000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x06C0C000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x06C15000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00050000 \SystemRoot\System32\win32k.sys 0x06C28000 \SystemRoot\System32\drivers\Dxapi.sys 0x06C34000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00430000 \SystemRoot\System32\TSDDD.dll 0x00690000 \SystemRoot\System32\cdd.dll 0x06C42000 \SystemRoot\system32\drivers\luafv.sys 0x02A8D000 \SystemRoot\system32\DRIVERS\eamonm.sys 0x02B6F000 \SystemRoot\system32\drivers\WudfPf.sys 0x02B90000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02BA5000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x02A00000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x02A13000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x02A2B000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x09271000 \SystemRoot\system32\drivers\HTTP.sys 0x0933A000 \SystemRoot\system32\DRIVERS\bowser.sys 0x09358000 \SystemRoot\System32\drivers\mpsdrv.sys 0x09370000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0939D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x09200000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x09224000 \??\C:\Windows\system32\drivers\cpuz134_x64.sys 0x0922D000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys 0x0981C000 \SystemRoot\system32\drivers\peauth.sys 0x098C2000 \SystemRoot\System32\Drivers\secdrv.SYS 0x098CD000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x098FE000 \SystemRoot\System32\drivers\tcpipreg.sys 0x09910000 \??\C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys 0x09919000 \SystemRoot\System32\DRIVERS\srv2.sys 0x09E15000 \SystemRoot\System32\DRIVERS\srv.sys 0x09EAD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x09EED000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 0x09F65000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x00880000 \SystemRoot\System32\ATMFD.DLL 0x09F70000 \??\C:\Program Files\PeerBlock\pbfilter.sys 0x09F7B000 \SystemRoot\System32\Drivers\fastfat.SYS 0x09EF4000 \SystemRoot\system32\DRIVERS\udfs.sys 0x77120000 \Windows\System32\ntdll.dll 0x482E0000 \Windows\System32\smss.exe 0xFF440000 \Windows\System32\apisetschema.dll Processes (total 70): 0 System Idle Process 4 System 312 C:\Windows\System32\smss.exe 468 csrss.exe 532 C:\Windows\System32\wininit.exe 560 csrss.exe 592 C:\Windows\System32\services.exe 612 C:\Windows\System32\lsass.exe 620 C:\Windows\System32\lsm.exe 728 C:\Windows\System32\svchost.exe 800 C:\Windows\System32\nvvsvc.exe 824 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 868 C:\Windows\System32\svchost.exe 932 C:\Windows\System32\svchost.exe 964 C:\Windows\System32\svchost.exe 996 C:\Windows\System32\svchost.exe 156 C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 272 C:\Windows\System32\winlogon.exe 1076 C:\Windows\System32\svchost.exe 1188 C:\Windows\System32\svchost.exe 1312 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1324 C:\Windows\System32\nvvsvc.exe 1348 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe 1640 C:\Windows\System32\spoolsv.exe 1676 C:\Windows\System32\svchost.exe 1772 C:\Program Files\SUPERAntiSpyware\SASCore64.exe 1792 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1820 C:\Program Files\Bonjour\mDNSResponder.exe 1896 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe 1928 C:\Windows\System32\svchost.exe 1952 C:\Program Files (x86)\FileZilla Server\FileZilla server.exe 1996 C:\Program Files\Microsoft LifeCam\MSCamS64.exe 1288 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 1516 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 1596 C:\Windows\System32\svchost.exe 2056 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe 2640 unsecapp.exe 2708 WmiPrvSE.exe 2912 C:\Windows\System32\svchost.exe 2976 WUDFHost.exe 3240 C:\Windows\System32\taskhost.exe 3316 C:\Windows\System32\taskeng.exe 3392 C:\Windows\System32\dwm.exe 3476 C:\Windows\explorer.exe 3496 C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe 3532 D:\Programs\Asus\AsCmd.exe 3896 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe 3960 D:\Programs\Asus\AsShare.exe 4052 C:\Windows\System32\SearchIndexer.exe 3692 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 744 C:\Program Files\Windows Media Player\wmpnetwk.exe 1808 C:\Windows\System32\svchost.exe 4464 C:\Windows\System32\taskmgr.exe 4700 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe 4940 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 3604 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 1648 C:\Windows\System32\svchost.exe 3308 C:\Windows\SysWOW64\PnkBstrA.exe 3744 C:\Program Files\PeerBlock\peerblock.exe 5240 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 4436 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe 1200 C:\Program Files (x86)\Internet Explorer\iexplore.exe 2884 C:\Program Files (x86)\Internet Explorer\iexplore.exe 3416 C:\Windows\System32\SearchProtocolHost.exe 4776 C:\Windows\System32\SearchFilterHost.exe 1084 C:\Windows\System32\SearchProtocolHost.exe 1500 C:\Windows\System32\audiodg.exe 5368 C:\Users\Dustin\Downloads\MBRCheck.exe 2784 C:\Windows\System32\conhost.exe 3176 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`a246f000 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: WDCWD6401AALS-00L3B2, Rev: 01.03B01 PhysicalDrive1 Model Number: ST3100011A, Rev: 3.02 Size Device Name MBR Status -------------------------------------------- 596 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 93 GB \\.\PhysicalDrive1 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0... Enter filename to dump to: Attach.txt hijackthis.log DDS.txt TDSSKiller.2.6.16.0_08.11.2011_20.24.08_log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.