Jump to content

devinjc

Members
  • Posts

    18
  • Joined

  • Last visited

Everything posted by devinjc

  1. actually looks like it did uninstall. Thanks for all the help, it's been enlightening.
  2. hrm combofix did not uninstall, it ran again, new log just in case, will try uninstalling again. ComboFix 11-04-03.01 - james 04/03/2011 16:25:31.7.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2169 [GMT -7:00] Running from: C:\Users\james\Desktop\Combo-Fix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) R:\Temp\188E.tmp R:\Temp\catchme.dll ((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 ))))))))))))))))))))))))))))))) 2011-04-03 23:29:18 . 2011-04-03 23:29:18 -------- d-----w- C:\Users\Karen\AppData\Local\temp 2011-04-03 23:29:18 . 2011-04-03 23:29:18 -------- d-----w- C:\Users\james\AppData\Local\temp 2011-04-03 23:29:18 . 2011-04-03 23:29:18 -------- d-----w- C:\Users\Default\AppData\Local\temp 2011-04-03 19:35:59 . 2011-04-03 20:22:25 -------- d-----w- C:\Combo-Fix 2011-03-30 07:08:50 . 2011-03-30 07:23:21 -------- d-----w- C:\23 2011-03-30 01:31:59 . 2010-12-21 05:38:24 73728 ----a-w- C:\Windows\system32\wscsvc.dll 2011-03-29 06:51:52 . 2011-02-23 13:56:55 371544 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2011-03-29 06:51:52 . 2011-02-23 13:56:45 301528 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2011-03-29 06:51:52 . 2011-02-23 13:55:49 49240 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2011-03-29 06:51:52 . 2011-02-23 13:55:10 25432 ----a-w- C:\Windows\system32\drivers\aswRdr.sys 2011-03-29 06:51:52 . 2011-02-23 13:55:03 53592 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2011-03-29 06:51:52 . 2011-02-23 13:54:55 19544 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2011-03-29 06:51:42 . 2011-02-23 14:04:21 40648 ----a-w- C:\Windows\avastSS.scr 2011-03-29 06:51:42 . 2011-02-23 14:04:17 190016 ----a-w- C:\Windows\system32\aswBoot.exe 2011-03-29 06:51:40 . 2011-03-29 06:51:40 -------- d-----w- C:\ProgramData\AVAST Software 2011-03-29 06:51:40 . 2011-03-29 06:51:40 -------- d-----w- C:\Program Files\AVAST Software 2011-03-29 06:06:05 . 2011-04-03 23:31:19 -------- d-----w- C:\TEMP 2011-03-29 05:25:19 . 2011-03-29 05:25:19 -------- d-----w- C:\Users\Karen\AppData\Roaming\Malwarebytes 2011-03-29 05:25:17 . 2011-03-29 05:25:17 -------- d-----w- C:\Users\Karen\AppData\Local\Apple Computer 2011-03-29 05:19:20 . 2011-03-29 05:19:20 -------- d-----w- C:\Program Files\CCleaner 2011-03-28 05:34:25 . 2011-04-03 22:05:42 24416 ----a-w- C:\Windows\system32\drivers\regguard.sys 2011-03-28 05:29:09 . 2011-03-28 05:29:09 39192 ----a-w- C:\Windows\system32\Partizan.exe 2011-03-28 05:29:09 . 2011-03-28 05:29:09 35816 ----a-w- C:\Windows\system32\drivers\Partizan.sys 2011-03-28 05:29:07 . 2011-03-28 05:29:07 2 --shatr- C:\Windows\winstart.bat 2011-03-28 05:29:05 . 2011-03-16 21:50:18 12808 ----a-w- C:\Windows\system32\drivers\UnHackMeDrv.sys 2011-03-27 22:04:32 . 2011-03-27 22:04:32 -------- d-----w- C:\Users\james\AppData\Roaming\Malwarebytes 2011-03-27 22:04:30 . 2011-03-27 22:04:30 -------- d-----w- C:\ProgramData\Malwarebytes 2011-03-27 22:04:30 . 2010-12-21 01:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys 2011-03-27 22:04:27 . 2010-12-21 01:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-03-27 21:45:37 . 2011-03-29 05:16:48 16968 ----a-w- C:\Windows\system32\drivers\hitmanpro35.sys 2011-03-27 21:45:35 . 2011-03-27 21:45:35 -------- d-----w- C:\Program Files\Hitman Pro 3.5 2011-03-27 21:45:15 . 2011-03-27 21:49:15 -------- d-----w- C:\ProgramData\Hitman Pro 2011-03-26 23:14:52 . 2011-03-26 23:14:52 -------- d-----w- C:\Users\james\AppData\Roaming\GARMIN 2011-03-26 23:14:12 . 2011-03-28 02:45:20 -------- d-----w- C:\WebUpdater 2011-03-26 23:13:51 . 2011-03-26 23:14:18 -------- d-----w- C:\Garmin 2011-03-14 16:42:48 . 2011-03-14 16:42:48 -------- d--h--w- C:\ProgramData\Common Files 2011-03-09 17:01:21 . 2011-03-09 17:01:21 -------- d-----w- C:\Program Files\Bonjour (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-02-19 00:36:58 . 2011-02-19 00:36:58 41984 ----a-w- C:\Windows\system32\drivers\usbaapl.sys 2011-02-19 00:36:58 . 2011-02-19 00:36:58 4184352 ----a-w- C:\Windows\system32\usbaaplrc.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 14:04:11 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-14 16:35:34 39408] "Steam"="F:\Steam\Steam.exe" [2010-12-27 00:20:08 1242448] "Free Download Manager"="F:\Free Download Manager\fdm.exe" [2009-01-31 10:45:14 3399727] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-14 16:35:33 122880] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 03:21:50 7625248] "dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-11-18 01:50:14 827904] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-30 01:38:18 421888] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 01:17:16 47904] "iTunesHelper"="F:\iTunes7\iTunesHelper.exe" [2011-03-07 23:33:40 421160] "Malwarebytes' Anti-Malware (reboot)"="F:\Malwarebytes\mbam.exe" [2010-12-21 01:08:46 963976] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-02-23 14:04:20 3451496] C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - F:\MagicDisc\MagicDisc.exe [2011-1-28 576000] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-4-18 67128] Squeezebox Server Tray Tool.lnk - F:\Squeezebox\SqueezeTray.exe [2009-11-12 2351191] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 20:16:28 130384] R3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2011-04-03 22:05:42 24416] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;F:\Sandra Benchmark\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 20:34:40 93848] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-06 11:00:13 1343400] S0 Partizan;Partizan;C:\Windows\system32\drivers\Partizan.sys [2011-03-28 05:29:09 35816] S0 SscRdBus;Virtual bus device (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdBus.sys [2009-06-18 16:24:00 67608] S0 SscRdCls;RAM Disk (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdCls.sys [2007-12-20 02:22:16 40984] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 13:55:03 53592] S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:24 136176] S2 SqueezeMySQL;SqueezeMySQL;F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2010-12-13 21:18:02 4149248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc Contents of the 'Scheduled Tasks' folder 2011-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:30 . 2010-05-30 01:43:24] 2011-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:30 . 2010-05-30 01:43:24] ------- Supplementary Scan ------- uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://F:\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://F:\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://F:\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://F:\Free Download Manager\dllink.htm IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\wf24yb9q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\james\AppData\Roaming\Move Networks FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) ------------------------ Other Running Processes ------------------------ C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe f:\UnHackMe\hackmon.exe C:\Windows\system32\conhost.exe C:\Windows\system32\sppsvc.exe ************************************************************************** Completion time: 2011-04-03 16:33:28 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-03 23:33:23 ComboFix2.txt 2011-04-03 20:41:01 ComboFix3.txt 2011-04-03 16:24:51 ComboFix4.txt 2011-03-30 07:22:51 Pre-Run: 38,363,627,520 bytes free Post-Run: 38,213,582,848 bytes free - - End Of File - - CFB2805C07B0BA56E5ACD589A4E75A67
  3. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6260 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 4/3/2011 4:11:31 PM mbam-log-2011-04-03 (16-11-31).txt Scan type: Quick scan Objects scanned: 161517 Time elapsed: 1 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_11-03-05.01) - FAT32x86 Run by james at 16:12:50.83 on Sun 04/03/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.1799 [GMT -7:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe f:\UnHackMe\hackmon.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\WUDFHost.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\dvd43\DVD43_Tray.exe F:\iTunes7\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe F:\Free Download Manager\fdm.exe F:\MagicDisc\MagicDisc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\ctfmon.exe F:\Malwarebytes\mbam.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\james\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - f:\free download manager\iefdm2.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [steam] "f:\steam\Steam.exe" -silent uRun: [Free Download Manager] f:\free download manager\fdm.exe -autorun mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "f:\itunes7\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "f:\malwarebytes\mbam.exe" /runcleanupscript mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - f:\magicdisc\MagicDisc.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\squeez~1.lnk - f:\squeezebox\SqueezeTray.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://f:\free download manager\dlall.htm IE: Download selected with Free Download Manager - file://f:\free download manager\dlselected.htm IE: Download video with Free Download Manager - file://f:\free download manager\dlfvideo.htm IE: Download with Free Download Manager - file://f:\free download manager\dllink.htm IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.water.ca.gov/dana-cached/sc/JuniperSetupClient.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\wf24yb9q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: f:\free download manager\firefox\extension\components\vmsfdmff.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\users\james\appdata\roaming\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\james\appdata\roaming\move networks\plugins\npqmp071705000014.dll FF - plugin: f:\itunes7\mozilla plugins\npitunes.dll FF - plugin: f:\picasa3\npPicasa3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\james\appdata\roaming\Move Networks FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF . ============= SERVICES / DRIVERS =============== . R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [2009-6-18 67608] R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [2007-12-19 40984] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-28 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-28 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-28 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-28 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-28 42184] R2 SqueezeMySQL;SqueezeMySQL;f:\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> f:\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?] S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-3-27 35816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-3-27 24416] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\sandra benchmark\sisoftware sandra lite 2010.sp2\RpcAgentSrv.exe [2010-8-1 93848] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-6 1343400] . =============== Created Last 30 ================ . 2011-04-03 20:41:04 -------- d-----w- c:\users\james\appdata\local\temp 2011-04-03 20:31:44 -------- d-sh--w- C:\$RECYCLE.BIN 2011-04-03 19:35:59 -------- d-----w- C:\Combo-Fix 2011-03-30 07:08:54 98816 ----a-w- c:\windows\sed.exe 2011-03-30 07:08:54 89088 ----a-w- c:\windows\MBR.exe 2011-03-30 07:08:54 256512 ----a-w- c:\windows\PEV.exe 2011-03-30 07:08:54 161792 ----a-w- c:\windows\SWREG.exe 2011-03-30 07:08:50 -------- d-----w- C:\23 2011-03-30 01:31:59 981504 ----a-w- c:\windows\system32\wininet.dll 2011-03-29 06:51:52 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-03-29 06:51:52 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-29 06:51:42 40648 ----a-w- c:\windows\avastSS.scr 2011-03-29 06:51:40 -------- d-----w- c:\program files\AVAST Software 2011-03-29 06:51:40 -------- d-----w- c:\progra~2\AVAST Software 2011-03-29 06:06:05 -------- d-----w- C:\TEMP 2011-03-29 05:19:20 -------- d-----w- c:\program files\CCleaner 2011-03-28 05:34:25 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2011-03-28 05:29:09 39192 ----a-w- c:\windows\system32\Partizan.exe 2011-03-28 05:29:09 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2011-03-28 05:29:07 2 --shatr- c:\windows\winstart.bat 2011-03-28 05:29:05 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2011-03-27 22:04:32 -------- d-----w- c:\users\james\appdata\roaming\Malwarebytes 2011-03-27 22:04:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-27 22:04:30 -------- d-----w- c:\progra~2\Malwarebytes 2011-03-27 22:04:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-27 21:45:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-03-27 21:45:35 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-03-27 21:45:15 -------- d-----w- c:\progra~2\Hitman Pro 2011-03-26 23:14:52 -------- d-----w- c:\users\james\appdata\roaming\GARMIN 2011-03-26 23:14:12 -------- d-----w- C:\WebUpdater 2011-03-26 23:13:51 -------- d-----w- C:\Garmin 2011-03-14 16:42:48 -------- d--h--w- c:\progra~2\Common Files 2011-03-09 17:01:21 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2011-02-19 00:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: STT_FTM6 rev.1571 -> Harddisk3\DR3 -> \Device\00000068 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys nvm62x32.sys win32k.sys c:\windows\system32\drivers\nvstor.sys NVIDIA Corporation NVIDIA nForce SATA Driver c:\windows\system32\drivers\nvm62x32.sys NVIDIA Corporation NVIDIA Networking Driver 1 ntkrnlpa!IofCallDriver[0x83455448] -> \Device\Harddisk3\DR3[0x873BDAC8] 3 CLASSPNP[0x8BE1959E] -> ntkrnlpa!IofCallDriver[0x83455448] -> [0x86DC84F0] 5 ACPI[0x840BA3B2] -> ntkrnlpa!IofCallDriver[0x83455448] -> \Device\00000066[0x86DC8030] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user != kernel MBR !!! error: Read Insufficient system resources exist to complete the requested service. . ============= FINISH: 16:13:33.45 ===============
  4. 30 odd google searches, no redirects... cautiously optimistic.
  5. Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: STT_FTM6 rev.1571 -> Harddisk3\DR3 -> \Device\00000068 device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! error: Read Insufficient system resources exist to complete the requested service.
  6. Freezes when it gets to "59 GB \\.\PhysicalDrive3." At least the bios didn't lose track of the boot drive on reboot this time. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 32-bit Base Board Manufacturer: MSI BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MSI System Product Name: MS-7350 Logical Drives Mask: 0x00020cfc Kernel Drivers (total 160): 0x83403000 \SystemRoot\system32\ntkrnlpa.exe 0x83813000 \SystemRoot\system32\halmacpi.dll 0x80BA2000 \SystemRoot\system32\kdcom.dll 0x83A33000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x83AAB000 \SystemRoot\system32\PSHED.dll 0x83ABC000 \SystemRoot\system32\BOOTVID.dll 0x83AC4000 \SystemRoot\system32\CLFS.SYS 0x83B06000 \SystemRoot\system32\CI.dll 0x84009000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8407A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x84088000 \SystemRoot\system32\drivers\Partizan.sys 0x84090000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x840D8000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x840E1000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x840E9000 \SystemRoot\system32\DRIVERS\pci.sys 0x84113000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8411E000 \SystemRoot\System32\drivers\partmgr.sys 0x8412F000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8413F000 \SystemRoot\System32\drivers\volmgrx.sys 0x8418A000 \SystemRoot\system32\DRIVERS\pciide.sys 0x84191000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8419F000 \SystemRoot\System32\drivers\mountmgr.sys 0x841B5000 \SystemRoot\system32\DRIVERS\atapi.sys 0x841BE000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x83BB1000 \SystemRoot\system32\DRIVERS\nvstor.sys 0x84214000 \SystemRoot\system32\DRIVERS\storport.sys 0x8425B000 \SystemRoot\system32\DRIVERS\SscRdBus.sys 0x8426E000 \SystemRoot\system32\DRIVERS\vsmraid.sys 0x84293000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8429C000 \SystemRoot\system32\DRIVERS\SscRdCls.sys 0x842A9000 \SystemRoot\system32\drivers\fltmgr.sys 0x842DD000 \SystemRoot\system32\drivers\fileinfo.sys 0x842EE000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8BA00000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BB2F000 \SystemRoot\System32\Drivers\msrpc.sys 0x8BB5A000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8BB6D000 \SystemRoot\System32\Drivers\cng.sys 0x8BBCA000 \SystemRoot\System32\drivers\pcw.sys 0x8BBD8000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x842F7000 \SystemRoot\system32\drivers\ndis.sys 0x843AE000 \SystemRoot\system32\drivers\NETIO.SYS 0x83BD6000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8BC0C000 \SystemRoot\System32\drivers\tcpip.sys 0x8BD55000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8BD86000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8BD8F000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8BDCE000 \SystemRoot\System32\Drivers\spldr.sys 0x83A00000 \SystemRoot\System32\drivers\rdyboost.sys 0x8BDD6000 \SystemRoot\System32\Drivers\mup.sys 0x8BDE6000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BE17000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8BE49000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BE5A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BECC000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8BEEB000 \SystemRoot\System32\Drivers\aswSnx.SYS 0x8BF49000 \SystemRoot\System32\Drivers\Null.SYS 0x8BF50000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BF57000 \SystemRoot\System32\drivers\vga.sys 0x8BF63000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8BF84000 \SystemRoot\System32\drivers\watchdog.sys 0x8BF91000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8BF99000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8BFA1000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8BFA9000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8BFB4000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8BFC2000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8BFD9000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8BFE4000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x91810000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91842000 \SystemRoot\system32\drivers\afd.sys 0x9189C000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x918A1000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x918A8000 \SystemRoot\system32\DRIVERS\pacer.sys 0x918C7000 \SystemRoot\system32\DRIVERS\netbios.sys 0x918D5000 \SystemRoot\system32\DRIVERS\serial.sys 0x918EF000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x91902000 \SystemRoot\system32\DRIVERS\termdd.sys 0x91912000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x91953000 \SystemRoot\system32\drivers\nsiproxy.sys 0x9195D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x91967000 \SystemRoot\System32\drivers\discache.sys 0x91973000 \SystemRoot\system32\drivers\csc.sys 0x919D7000 \SystemRoot\System32\Drivers\dfsc.sys 0x919EF000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x91A11000 \SystemRoot\System32\Drivers\aswSP.SYS 0x91A59000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x91A7A000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x92C2A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x91A8C000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x93590000 \SystemRoot\System32\drivers\dxgmms1.sys 0x935C9000 \SystemRoot\system32\DRIVERS\serenum.sys 0x935D3000 \SystemRoot\system32\DRIVERS\parport.sys 0x92C00000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x92C18000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x935EB000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x91B43000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x91B4D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x91B98000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x935F8000 \SystemRoot\System32\DRIVERS\dvd43llh.sys 0x91BA7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x91BAD000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x91BD9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x92427000 \SystemRoot\system32\DRIVERS\nvm62x32.sys 0x9247C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x92489000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x9249B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x924B3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x924BE000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x924E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x924F8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x9250F000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x92526000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x92530000 \SystemRoot\system32\DRIVERS\mcdbus.sys 0x9254D000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x92573000 \SystemRoot\system32\DRIVERS\swenum.sys 0x92575000 \SystemRoot\system32\DRIVERS\ks.sys 0x925A9000 \SystemRoot\system32\DRIVERS\umbus.sys 0x925B7000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x92400000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x92619000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x928A2000 \SystemRoot\system32\drivers\portcls.sys 0x928D1000 \SystemRoot\system32\drivers\drmk.sys 0x928EA000 \SystemRoot\System32\Drivers\crashdmp.sys 0x928F7000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x92901000 \SystemRoot\System32\Drivers\dump_nvstor.sys 0x92926000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x978C0000 \SystemRoot\System32\win32k.sys 0x92937000 \SystemRoot\System32\drivers\Dxapi.sys 0x92941000 \SystemRoot\system32\DRIVERS\monitor.sys 0x97B20000 \SystemRoot\System32\TSDDD.dll 0x97B50000 \SystemRoot\System32\cdd.dll 0x9294C000 \SystemRoot\system32\drivers\luafv.sys 0x92967000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x9299F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x929A2000 \SystemRoot\system32\drivers\WudfPf.sys 0x929BC000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x929CC000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9DC12000 \SystemRoot\system32\drivers\HTTP.sys 0x9DC97000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9DCB0000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9DCC2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9DCE5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9DD20000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9DD3B000 \SystemRoot\system32\DRIVERS\parvdm.sys 0x9DD42000 \SystemRoot\system32\drivers\peauth.sys 0x9DDD9000 \SystemRoot\System32\Drivers\secdrv.SYS 0x929DF000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9DDE3000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA080A000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA0859000 \SystemRoot\System32\DRIVERS\srv.sys 0xA08AA000 \SystemRoot\System32\drivers\rdpdr.sys 0xA08CF000 \SystemRoot\system32\drivers\tdtcp.sys 0xA08D9000 \SystemRoot\System32\DRIVERS\tssecsrv.sys 0xA08E6000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xA0917000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA09A2000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA09AB000 \SystemRoot\System32\Drivers\fastfat.SYS 0x774B0000 \Windows\System32\ntdll.dll 0x47F20000 \Windows\System32\smss.exe 0x776F0000 \Windows\System32\apisetschema.dll Processes (total 65): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 456 csrss.exe 508 C:\Windows\System32\wininit.exe 516 csrss.exe 568 C:\Windows\System32\services.exe 576 C:\Windows\System32\lsass.exe 592 C:\Windows\System32\lsm.exe 608 C:\Windows\System32\winlogon.exe 724 C:\Windows\System32\svchost.exe 840 C:\Windows\System32\svchost.exe 916 C:\Windows\System32\svchost.exe 988 C:\Windows\System32\svchost.exe 1024 C:\Windows\System32\svchost.exe 1184 C:\Windows\System32\svchost.exe 1348 C:\Windows\System32\svchost.exe 1456 C:\Program Files\AVAST Software\Avast\AvastSvc.exe 1764 C:\Windows\System32\spoolsv.exe 1776 C:\Windows\System32\taskeng.exe 1812 C:\Windows\System32\svchost.exe 1872 C:\Windows\System32\rundll32.exe 1960 C:\Windows\System32\svchost.exe 1980 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2044 C:\Program Files\Bonjour\mDNSResponder.exe 388 C:\Windows\System32\svchost.exe 432 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 1280 C:\Windows\System32\PnkBstrA.exe 1268 C:\Windows\System32\PnkBstrB.exe 1396 F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe 1924 C:\Windows\System32\svchost.exe 2064 C:\Windows\System32\svchost.exe 2104 C:\Windows\System32\SearchIndexer.exe 2984 C:\Windows\System32\svchost.exe 3072 WUDFHost.exe 2600 C:\Windows\System32\dwm.exe 2728 C:\Windows\System32\taskeng.exe 3176 C:\Windows\explorer.exe 1020 C:\Windows\System32\taskhost.exe 2720 F:\UnHackMe\hackmon.exe 3508 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 532 C:\Program Files\dvd43\DVD43_Tray.exe 3576 F:\iTunes7\iTunesHelper.exe 3584 C:\Program Files\AVAST Software\Avast\AvastUI.exe 1856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3312 F:\Free Download Manager\fdm.exe 3652 F:\MagicDisc\MagicDisc.exe 3852 C:\Program Files\iPod\bin\iPodService.exe 2736 C:\Program Files\Windows Media Player\wmpnetwk.exe 1436 C:\Windows\System32\svchost.exe 5096 F:\Squeezebox\SqueezeTray.exe 3048 F:\SQUEEZ~1\server\SQUEEZ~3.EXE 4672 C:\Program Files\Internet Explorer\iexplore.exe 5204 C:\Program Files\Internet Explorer\iexplore.exe 232 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 5076 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe 6108 C:\Windows\System32\audiodg.exe 5804 C:\Windows\System32\SearchProtocolHost.exe 4352 C:\Windows\System32\SearchFilterHost.exe 3900 C:\Windows\System32\ctfmon.exe 3064 dllhost.exe 4744 dllhost.exe 6080 C:\Users\james\Desktop\MBRCheck.exe 5356 C:\Windows\System32\conhost.exe 3808 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00103e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS) \\.\G: --> \\.\PhysicalDrive5 at offset 0x0000000c`0cbf3000 (NTFS) \\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`08100000 (NTFS) \\.\L: --> \\.\PhysicalDrive4 at offset 0x00000000`08100000 (NTFS) PhysicalDrive3 Model Number: STT_FTM64GX25H, Rev: 1571 PhysicalDrive0 Model Number: ST3400633A, Rev: 3.AAH PhysicalDrive5 Model Number: WDC WD16, Rev: 10.0 PhysicalDrive1 Model Number: WDC WD5000AAKS-65YGA, Rev: 12.0 PhysicalDrive2 Model Number: WDC WD10EALS-00Z8A0, Rev: 05.0 PhysicalDrive4 Model Number: WDC WD20EARS-00MVWB0, Rev: 50.0 Size Device Name MBR Status -------------------------------------------- 59 GB \\.\PhysicalDrive3
  7. it hung the first time on reboot, so I repeated the process as described ComboFix 11-04-03.01 - james 04/03/2011 13:23:40.6.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2272 [GMT -7:00] Running from: C:\Users\james\Desktop\Combo-Fix.exe Command switches used :: C:\Users\james\Desktop\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point FILE :: "C:\Users\james\AppData\Local\Esixuka.bin" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) R:\Temp\catchme.dll R:\Temp\CFB.tmp ---- Previous Run ------- C:\Users\james\AppData\Local\Esixuka.bin C:\Windows\system32\KBDBENEY.dll R:\Temp\catchme.dll ((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 ))))))))))))))))))))))))))))))) 2011-04-03 20:27:33 . 2011-04-03 20:27:33 -------- d-----w- C:\Users\Karen\AppData\Local\temp 2011-04-03 20:27:33 . 2011-04-03 20:27:33 -------- d-----w- C:\Users\james\AppData\Local\temp 2011-04-03 20:27:33 . 2011-04-03 20:27:33 -------- d-----w- C:\Users\Default\AppData\Local\temp 2011-04-03 19:35:59 . 2011-04-03 20:22:25 -------- d-----w- C:\Combo-Fix 2011-03-30 07:08:50 . 2011-03-30 07:23:21 -------- d-----w- C:\23 2011-03-30 01:31:59 . 2010-12-21 05:38:24 73728 ----a-w- C:\Windows\system32\wscsvc.dll 2011-03-29 06:51:52 . 2011-02-23 13:56:55 371544 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2011-03-29 06:51:52 . 2011-02-23 13:56:45 301528 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2011-03-29 06:51:52 . 2011-02-23 13:55:49 49240 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2011-03-29 06:51:52 . 2011-02-23 13:55:10 25432 ----a-w- C:\Windows\system32\drivers\aswRdr.sys 2011-03-29 06:51:52 . 2011-02-23 13:55:03 53592 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2011-03-29 06:51:52 . 2011-02-23 13:54:55 19544 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2011-03-29 06:51:42 . 2011-02-23 14:04:21 40648 ----a-w- C:\Windows\avastSS.scr 2011-03-29 06:51:42 . 2011-02-23 14:04:17 190016 ----a-w- C:\Windows\system32\aswBoot.exe 2011-03-29 06:51:40 . 2011-03-29 06:51:40 -------- d-----w- C:\ProgramData\AVAST Software 2011-03-29 06:51:40 . 2011-03-29 06:51:40 -------- d-----w- C:\Program Files\AVAST Software 2011-03-29 06:06:05 . 2011-04-03 20:29:27 -------- d-----w- C:\TEMP 2011-03-29 05:25:19 . 2011-03-29 05:25:19 -------- d-----w- C:\Users\Karen\AppData\Roaming\Malwarebytes 2011-03-29 05:25:17 . 2011-03-29 05:25:17 -------- d-----w- C:\Users\Karen\AppData\Local\Apple Computer 2011-03-29 05:19:20 . 2011-03-29 05:19:20 -------- d-----w- C:\Program Files\CCleaner 2011-03-28 05:34:25 . 2011-03-30 15:22:59 24416 ----a-w- C:\Windows\system32\drivers\regguard.sys 2011-03-28 05:29:09 . 2011-03-28 05:29:09 39192 ----a-w- C:\Windows\system32\Partizan.exe 2011-03-28 05:29:09 . 2011-03-28 05:29:09 35816 ----a-w- C:\Windows\system32\drivers\Partizan.sys 2011-03-28 05:29:07 . 2011-03-28 05:29:07 2 --shatr- C:\Windows\winstart.bat 2011-03-28 05:29:05 . 2011-03-16 21:50:18 12808 ----a-w- C:\Windows\system32\drivers\UnHackMeDrv.sys 2011-03-27 22:04:32 . 2011-03-27 22:04:32 -------- d-----w- C:\Users\james\AppData\Roaming\Malwarebytes 2011-03-27 22:04:30 . 2011-03-27 22:04:30 -------- d-----w- C:\ProgramData\Malwarebytes 2011-03-27 22:04:30 . 2010-12-21 01:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys 2011-03-27 22:04:27 . 2010-12-21 01:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-03-27 21:45:37 . 2011-03-29 05:16:48 16968 ----a-w- C:\Windows\system32\drivers\hitmanpro35.sys 2011-03-27 21:45:35 . 2011-03-27 21:45:35 -------- d-----w- C:\Program Files\Hitman Pro 3.5 2011-03-27 21:45:15 . 2011-03-27 21:49:15 -------- d-----w- C:\ProgramData\Hitman Pro 2011-03-26 23:14:52 . 2011-03-26 23:14:52 -------- d-----w- C:\Users\james\AppData\Roaming\GARMIN 2011-03-26 23:14:12 . 2011-03-28 02:45:20 -------- d-----w- C:\WebUpdater 2011-03-26 23:13:51 . 2011-03-26 23:14:18 -------- d-----w- C:\Garmin 2011-03-14 16:42:48 . 2011-03-14 16:42:48 -------- d--h--w- C:\ProgramData\Common Files 2011-03-09 17:01:21 . 2011-03-09 17:01:21 -------- d-----w- C:\Program Files\Bonjour (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-02-19 00:36:58 . 2011-02-19 00:36:58 41984 ----a-w- C:\Windows\system32\drivers\usbaapl.sys 2011-02-19 00:36:58 . 2011-02-19 00:36:58 4184352 ----a-w- C:\Windows\system32\usbaaplrc.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 14:04:11 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-14 16:35:34 39408] "Steam"="F:\Steam\Steam.exe" [2010-12-27 00:20:08 1242448] "Free Download Manager"="F:\Free Download Manager\fdm.exe" [2009-01-31 10:45:14 3399727] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-14 16:35:33 122880] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 03:21:50 7625248] "dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-11-18 01:50:14 827904] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-30 01:38:18 421888] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 01:17:16 47904] "iTunesHelper"="F:\iTunes7\iTunesHelper.exe" [2011-03-07 23:33:40 421160] "Malwarebytes' Anti-Malware (reboot)"="F:\Malwarebytes\mbam.exe" [2010-12-21 01:08:46 963976] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-02-23 14:04:20 3451496] C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - F:\MagicDisc\MagicDisc.exe [2011-1-28 576000] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-4-18 67128] Squeezebox Server Tray Tool.lnk - F:\Squeezebox\SqueezeTray.exe [2009-11-12 2351191] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 20:16:28 130384] R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:24 136176] R3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2011-03-30 15:22:59 24416] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;F:\Sandra Benchmark\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 20:34:40 93848] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-06 11:00:13 1343400] S0 Partizan;Partizan;C:\Windows\system32\drivers\Partizan.sys [2011-03-28 05:29:09 35816] S0 SscRdBus;Virtual bus device (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdBus.sys [2009-06-18 16:24:00 67608] S0 SscRdCls;RAM Disk (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdCls.sys [2007-12-20 02:22:16 40984] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 13:55:03 53592] S2 SqueezeMySQL;SqueezeMySQL;F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2010-12-13 21:18:02 4149248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc Contents of the 'Scheduled Tasks' folder 2011-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:30 . 2010-05-30 01:43:24] 2011-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:30 . 2010-05-30 01:43:24] ------- Supplementary Scan ------- uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://F:\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://F:\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://F:\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://F:\Free Download Manager\dllink.htm IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\wf24yb9q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\james\AppData\Roaming\Move Networks FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) ------------------------ Other Running Processes ------------------------ C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe f:\UnHackMe\hackmon.exe C:\Windows\system32\conhost.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\DllHost.exe ************************************************************************** Completion time: 2011-04-03 13:32:21 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-03 20:32:14 ComboFix2.txt 2011-04-03 16:24:51 ComboFix3.txt 2011-03-30 07:22:51 Pre-Run: 38,368,309,248 bytes free Post-Run: 38,216,839,168 bytes free - - End Of File - - C413F35C359854AE423669E26AC106ED
  8. I can't see that dll to upload it. Closest visable is KBDBENE.dll in the system32 folder. I have show hidden turned on. A search of C:\ for KBDB does not show it either.
  9. Glad to change tactics. Even tried MBRcheck in safe mode, instant crash, 4 power cycles to get the bios to see the boot drive again. DLed combofix as combo-fix to desktop. Ran. Combofix popup: Avg running please disable. Cannot find any trace of AVG to disable, continued. Combofix does it's thing, here is the log: ComboFix 11-04-02.05 - james 04/03/2011 9:17:42.4.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2130 [GMT -7:00] Running from: C:\Users\james\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) R:\Temp\catchme.dll R:\temp\F2C6.tmp R:\Temp\pdk-james-5248\20252d6e001ae3774b425e81ba09b666\Fcntl.dll R:\temp\pdk-james-5248\2076671ee5d0a5323570c92c74abac6f\Process.dll R:\Temp\pdk-james-5248\23ae7fb85999872530b5a5d4d67a4f44\Registry.dll R:\Temp\pdk-james-5248\23fe5d76b9491fa255db2281ac7687d5\Service.dll R:\temp\pdk-james-5248\2d2847f7dd2a1fddd0fdb79d9d64ba93\List.dll R:\temp\pdk-james-5248\6a834a555edd63cb8706466e7c1666f2\Hostname.dll R:\temp\pdk-james-5248\7020d50af327e3fc94b98242c307fc81\Cwd.dll R:\Temp\pdk-james-5248\7dd16cc839f33995d1a58e2773aa29b8\WinError.dll R:\temp\pdk-james-5248\855297e7b4b860331fdbdd53426f5e15\Dumper.dll R:\Temp\pdk-james-5248\86351894c58e4804ca004825fea78bbb\Encode.dll R:\Temp\pdk-james-5248\a7c0cce4e1ac2c1f6d3e71bbe3c9bdd3\Socket.dll R:\Temp\pdk-james-5248\b7b4505cb0a127c242f14d779e410e03\POSIX.dll R:\Temp\pdk-james-5248\c3da4aa4c02db51c7f94d5eaf2438023\OLE.dll R:\Temp\pdk-james-5248\f48694173221cfa9bad4275e2389b498\Win32.dll R:\temp\pdk-james-5248\perl510.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_WMPNetworkSvc ((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 ))))))))))))))))))))))))))))))) 2011-04-03 16:21:38 . 2011-04-03 16:21:38 -------- d-----w- C:\Users\Karen\AppData\Local\temp 2011-04-03 16:21:38 . 2011-04-03 16:21:38 -------- d-----w- C:\Users\james\AppData\Local\temp 2011-04-03 16:21:38 . 2011-04-03 16:21:38 -------- d-----w- C:\Users\Default\AppData\Local\temp 2011-03-30 07:08:50 . 2011-03-30 07:23:21 -------- d-----w- C:\23 2011-03-30 01:31:59 . 2010-12-21 05:38:24 73728 ----a-w- C:\Windows\system32\wscsvc.dll 2011-03-29 06:51:52 . 2011-02-23 13:56:55 371544 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2011-03-29 06:51:52 . 2011-02-23 13:56:45 301528 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2011-03-29 06:51:52 . 2011-02-23 13:55:49 49240 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2011-03-29 06:51:52 . 2011-02-23 13:55:10 25432 ----a-w- C:\Windows\system32\drivers\aswRdr.sys 2011-03-29 06:51:52 . 2011-02-23 13:55:03 53592 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2011-03-29 06:51:52 . 2011-02-23 13:54:55 19544 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2011-03-29 06:51:42 . 2011-02-23 14:04:21 40648 ----a-w- C:\Windows\avastSS.scr 2011-03-29 06:51:42 . 2011-02-23 14:04:17 190016 ----a-w- C:\Windows\system32\aswBoot.exe 2011-03-29 06:51:40 . 2011-03-29 06:51:40 -------- d-----w- C:\ProgramData\AVAST Software 2011-03-29 06:51:40 . 2011-03-29 06:51:40 -------- d-----w- C:\Program Files\AVAST Software 2011-03-29 06:06:05 . 2011-04-03 16:05:35 -------- d-----w- C:\TEMP 2011-03-29 05:25:19 . 2011-03-29 05:25:19 -------- d-----w- C:\Users\Karen\AppData\Roaming\Malwarebytes 2011-03-29 05:25:17 . 2011-03-29 05:25:17 -------- d-----w- C:\Users\Karen\AppData\Local\Apple Computer 2011-03-29 05:19:20 . 2011-03-29 05:19:20 -------- d-----w- C:\Program Files\CCleaner 2011-03-28 05:34:25 . 2011-03-30 15:22:59 24416 ----a-w- C:\Windows\system32\drivers\regguard.sys 2011-03-28 05:29:09 . 2011-03-28 05:29:09 39192 ----a-w- C:\Windows\system32\Partizan.exe 2011-03-28 05:29:09 . 2011-03-28 05:29:09 35816 ----a-w- C:\Windows\system32\drivers\Partizan.sys 2011-03-28 05:29:07 . 2011-03-28 05:29:07 2 --shatr- C:\Windows\winstart.bat 2011-03-28 05:29:05 . 2011-03-16 21:50:18 12808 ----a-w- C:\Windows\system32\drivers\UnHackMeDrv.sys 2011-03-27 22:04:32 . 2011-03-27 22:04:32 -------- d-----w- C:\Users\james\AppData\Roaming\Malwarebytes 2011-03-27 22:04:30 . 2011-03-27 22:04:30 -------- d-----w- C:\ProgramData\Malwarebytes 2011-03-27 22:04:30 . 2010-12-21 01:09:00 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys 2011-03-27 22:04:27 . 2010-12-21 01:08:40 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-03-27 21:45:37 . 2011-03-29 05:16:48 16968 ----a-w- C:\Windows\system32\drivers\hitmanpro35.sys 2011-03-27 21:45:35 . 2011-03-27 21:45:35 -------- d-----w- C:\Program Files\Hitman Pro 3.5 2011-03-27 21:45:15 . 2011-03-27 21:49:15 -------- d-----w- C:\ProgramData\Hitman Pro 2011-03-26 23:36:16 . 2011-03-27 18:40:22 0 ----a-w- C:\Users\james\AppData\Local\Esixuka.bin 2011-03-26 23:22:21 . 2011-03-26 23:22:21 149504 --sha-r- C:\Windows\system32\KBDBENEY.dll 2011-03-26 23:14:52 . 2011-03-26 23:14:52 -------- d-----w- C:\Users\james\AppData\Roaming\GARMIN 2011-03-26 23:14:12 . 2011-03-28 02:45:20 -------- d-----w- C:\WebUpdater 2011-03-26 23:13:51 . 2011-03-26 23:14:18 -------- d-----w- C:\Garmin 2011-03-14 16:42:48 . 2011-03-14 16:42:48 -------- d--h--w- C:\ProgramData\Common Files 2011-03-09 17:01:21 . 2011-03-09 17:01:21 -------- d-----w- C:\Program Files\Bonjour (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-02-19 00:36:58 . 2011-02-19 00:36:58 41984 ----a-w- C:\Windows\system32\drivers\usbaapl.sys 2011-02-19 00:36:58 . 2011-02-19 00:36:58 4184352 ----a-w- C:\Windows\system32\usbaaplrc.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 14:04:11 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-14 16:35:34 39408] "Steam"="F:\Steam\Steam.exe" [2010-12-27 00:20:08 1242448] "Free Download Manager"="F:\Free Download Manager\fdm.exe" [2009-01-31 10:45:14 3399727] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-14 16:35:33 122880] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 03:21:50 7625248] "dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2008-11-18 01:50:14 827904] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-30 01:38:18 421888] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 01:17:16 47904] "iTunesHelper"="F:\iTunes7\iTunesHelper.exe" [2011-03-07 23:33:40 421160] "Malwarebytes' Anti-Malware (reboot)"="F:\Malwarebytes\mbam.exe" [2010-12-21 01:08:46 963976] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-02-23 14:04:20 3451496] C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - F:\MagicDisc\MagicDisc.exe [2011-1-28 576000] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-4-18 67128] Squeezebox Server Tray Tool.lnk - F:\Squeezebox\SqueezeTray.exe [2009-11-12 2351191] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 20:16:28 130384] R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:24 136176] R3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2011-03-30 15:22:59 24416] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;F:\Sandra Benchmark\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-08-10 20:34:40 93848] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-06 11:00:13 1343400] S0 Partizan;Partizan;C:\Windows\system32\drivers\Partizan.sys [2011-03-28 05:29:09 35816] S0 SscRdBus;Virtual bus device (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdBus.sys [2009-06-18 16:24:00 67608] S0 SscRdCls;RAM Disk (SuperSpeed LLC);C:\Windows\system32\DRIVERS\SscRdCls.sys [2007-12-20 02:22:16 40984] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 13:55:03 53592] S2 SqueezeMySQL;SqueezeMySQL;F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe [2010-12-13 21:18:02 4149248] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc Contents of the 'Scheduled Tasks' folder 2011-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:30 . 2010-05-30 01:43:24] 2011-04-03 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-30 01:43:30 . 2010-05-30 01:43:24] ------- Supplementary Scan ------- uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://F:\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://F:\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://F:\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://F:\Free Download Manager\dllink.htm IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\wf24yb9q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\james\AppData\Roaming\Move Networks FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\AVAST Software\Avast\WebRep\FF --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) ------------------------ Other Running Processes ------------------------ C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe f:\UnHackMe\hackmon.exe C:\Windows\system32\conhost.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnscfg.exe ************************************************************************** Completion time: 2011-04-03 09:24:50 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-03 16:24:46 ComboFix2.txt 2011-03-30 07:22:51 Pre-Run: 38,492,540,928 bytes free Post-Run: 38,224,654,336 bytes free - - End Of File - - 64743F67FD966A2DBE5436FEC4163ED3
  10. yes that's the entire file. attached MBRCheck_04.02.11_05.40.03.txt
  11. Ran MBRcheck again, this time the window indicated it was finished, hit enter to close. Hit enter, it flashed not responding, then blue screened. At least this time the bios still recognizes the ssd boot drive. Here is the log, I had deleted the previous one. This one looks similar. I do have a ramdrive set up (drive letter R), I wonder if that is an issue with this? MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 32-bit Base Board Manufacturer: MSI BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MSI System Product Name: MS-7350 Logical Drives Mask: 0x00020cfc Kernel Drivers (total 162): 0x83401000 \SystemRoot\system32\ntkrnlpa.exe 0x83811000 \SystemRoot\system32\halmacpi.dll 0x80BD4000 \SystemRoot\system32\kdcom.dll 0x83A38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x83AB0000 \SystemRoot\system32\PSHED.dll 0x83AC1000 \SystemRoot\system32\BOOTVID.dll 0x83AC9000 \SystemRoot\system32\CLFS.SYS 0x83B0B000 \SystemRoot\system32\CI.dll 0x84021000 \SystemRoot\system32\drivers\Wdf01000.sys 0x84092000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x840A0000 \SystemRoot\system32\drivers\Partizan.sys 0x840A8000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x840F0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x840F9000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x84101000 \SystemRoot\system32\DRIVERS\pci.sys 0x8412B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x84136000 \SystemRoot\System32\drivers\partmgr.sys 0x84147000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x84157000 \SystemRoot\System32\drivers\volmgrx.sys 0x841A2000 \SystemRoot\system32\DRIVERS\pciide.sys 0x841A9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x841B7000 \SystemRoot\System32\drivers\mountmgr.sys 0x841CD000 \SystemRoot\system32\DRIVERS\atapi.sys 0x841D6000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x83BB6000 \SystemRoot\system32\DRIVERS\nvstor.sys 0x8420A000 \SystemRoot\system32\DRIVERS\storport.sys 0x84251000 \SystemRoot\system32\DRIVERS\SscRdBus.sys 0x84264000 \SystemRoot\system32\DRIVERS\vsmraid.sys 0x84289000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x84292000 \SystemRoot\system32\DRIVERS\SscRdCls.sys 0x8429F000 \SystemRoot\system32\drivers\fltmgr.sys 0x842D3000 \SystemRoot\system32\drivers\fileinfo.sys 0x842E4000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8BC3A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BD69000 \SystemRoot\System32\Drivers\msrpc.sys 0x8BD94000 \SystemRoot\System32\Drivers\ksecdd.sys 0x842ED000 \SystemRoot\System32\Drivers\cng.sys 0x8BDA7000 \SystemRoot\System32\drivers\pcw.sys 0x8BDB5000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8BE03000 \SystemRoot\system32\drivers\ndis.sys 0x8BEBA000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BEF8000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8C033000 \SystemRoot\System32\drivers\tcpip.sys 0x8C17C000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8C1AD000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8C1B6000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8C1F5000 \SystemRoot\System32\Drivers\spldr.sys 0x8C000000 \SystemRoot\System32\drivers\rdyboost.sys 0x8BF1D000 \SystemRoot\System32\Drivers\mup.sys 0x8BF2D000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BF35000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8BF67000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BF78000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BDBE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8434A000 \SystemRoot\System32\Drivers\aswSnx.SYS 0x8BFEA000 \SystemRoot\System32\Drivers\Null.SYS 0x8BFF1000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BDDD000 \SystemRoot\System32\drivers\vga.sys 0x8BC00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8BC21000 \SystemRoot\System32\drivers\watchdog.sys 0x8BFF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8BC2E000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8BDE9000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8BDF1000 \SystemRoot\System32\Drivers\Msfs.SYS 0x843A8000 \SystemRoot\System32\Drivers\Npfs.SYS 0x843B6000 \SystemRoot\system32\DRIVERS\tdx.sys 0x843CD000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x843D8000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x83A00000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91A2D000 \SystemRoot\system32\drivers\afd.sys 0x91A87000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x91A8C000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x91A93000 \SystemRoot\system32\DRIVERS\pacer.sys 0x91AB2000 \SystemRoot\system32\DRIVERS\netbios.sys 0x91AC0000 \SystemRoot\system32\DRIVERS\serial.sys 0x91ADA000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x91AED000 \SystemRoot\system32\DRIVERS\termdd.sys 0x91AFD000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x91B3E000 \SystemRoot\system32\drivers\nsiproxy.sys 0x91B48000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x91B52000 \SystemRoot\System32\drivers\discache.sys 0x91B5E000 \SystemRoot\system32\drivers\csc.sys 0x91BC2000 \SystemRoot\System32\Drivers\dfsc.sys 0x91BDA000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x91C3D000 \SystemRoot\System32\Drivers\aswSP.SYS 0x91C85000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x91CA6000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x92E23000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x91CB8000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x93789000 \SystemRoot\System32\drivers\dxgmms1.sys 0x937C2000 \SystemRoot\system32\DRIVERS\serenum.sys 0x937CC000 \SystemRoot\system32\DRIVERS\parport.sys 0x937E4000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x92E00000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x92E0D000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x91D6F000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x91D79000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x91DC4000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x92E1A000 \SystemRoot\System32\DRIVERS\dvd43llh.sys 0x91DD3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x91C00000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x91DD9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x9248F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x9249C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x924AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x924C6000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x924D1000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x924F3000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x9250B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x92522000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x92539000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x92543000 \SystemRoot\system32\DRIVERS\mcdbus.sys 0x92560000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x92586000 \SystemRoot\system32\DRIVERS\swenum.sys 0x92588000 \SystemRoot\system32\DRIVERS\ks.sys 0x925BC000 \SystemRoot\system32\DRIVERS\umbus.sys 0x92803000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x92847000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x93C1C000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x93EA5000 \SystemRoot\system32\drivers\portcls.sys 0x93ED4000 \SystemRoot\system32\drivers\drmk.sys 0x93EED000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x93F03000 \SystemRoot\System32\Drivers\crashdmp.sys 0x93F10000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x93F1A000 \SystemRoot\System32\Drivers\dump_nvstor.sys 0x93F3F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x98100000 \SystemRoot\System32\win32k.sys 0x93F50000 \SystemRoot\System32\drivers\Dxapi.sys 0x93F5A000 \SystemRoot\system32\DRIVERS\monitor.sys 0x98360000 \SystemRoot\System32\TSDDD.dll 0x98390000 \SystemRoot\System32\cdd.dll 0x93F65000 \SystemRoot\system32\drivers\luafv.sys 0x93F80000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x93FB8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x93FBB000 \SystemRoot\system32\drivers\WudfPf.sys 0x93FD5000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x93FE5000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x92858000 \SystemRoot\system32\drivers\HTTP.sys 0x93C00000 \SystemRoot\system32\DRIVERS\bowser.sys 0x928DD000 \SystemRoot\System32\drivers\mpsdrv.sys 0x928EF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x92912000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9294D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x93FF8000 \SystemRoot\system32\DRIVERS\parvdm.sys 0x92968000 \SystemRoot\system32\drivers\peauth.sys 0x925CA000 \SystemRoot\System32\Drivers\secdrv.SYS 0x925D4000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x92400000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA0629000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA0678000 \SystemRoot\System32\DRIVERS\srv.sys 0xA06C9000 \SystemRoot\System32\drivers\rdpdr.sys 0xA06EE000 \SystemRoot\system32\drivers\tdtcp.sys 0xA06F8000 \SystemRoot\System32\DRIVERS\tssecsrv.sys 0xA0705000 \SystemRoot\System32\Drivers\RDPWD.SYS 0xA0736000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA07C1000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x9240D000 \SystemRoot\system32\DRIVERS\nvm62x32.sys 0xA07CA000 \SystemRoot\System32\Drivers\fastfat.SYS 0xA0757000 \SystemRoot\system32\DRIVERS\udfs.sys 0x76FA0000 \Windows\System32\ntdll.dll 0x484E0000 \Windows\System32\smss.exe 0x771E0000 \Windows\System32\apisetschema.dll Processes (total 61): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 456 csrss.exe 504 C:\Windows\System32\wininit.exe 512 csrss.exe 564 C:\Windows\System32\services.exe 572 C:\Windows\System32\lsass.exe 580 C:\Windows\System32\lsm.exe 604 C:\Windows\System32\winlogon.exe 724 C:\Windows\System32\svchost.exe 836 C:\Windows\System32\svchost.exe 920 C:\Windows\System32\svchost.exe 976 C:\Windows\System32\svchost.exe 1008 C:\Windows\System32\svchost.exe 1176 C:\Windows\System32\svchost.exe 1344 C:\Windows\System32\svchost.exe 1448 C:\Program Files\AVAST Software\Avast\AvastSvc.exe 1760 C:\Windows\System32\spoolsv.exe 1772 C:\Windows\System32\taskeng.exe 1812 C:\Windows\System32\svchost.exe 1856 C:\Windows\System32\rundll32.exe 1944 C:\Windows\System32\svchost.exe 1964 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2012 C:\Program Files\Bonjour\mDNSResponder.exe 180 C:\Windows\System32\svchost.exe 412 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 1276 C:\Windows\System32\PnkBstrA.exe 1044 C:\Windows\System32\taskhost.exe 2104 C:\Windows\System32\taskeng.exe 2120 C:\Windows\System32\dwm.exe 2208 C:\Windows\explorer.exe 2288 F:\UnHackMe\hackmon.exe 2420 C:\Windows\System32\PnkBstrB.exe 2448 F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe 2484 C:\Windows\System32\svchost.exe 2524 C:\Windows\System32\svchost.exe 2576 C:\Windows\System32\SearchIndexer.exe 3340 WUDFHost.exe 3460 C:\Windows\System32\svchost.exe 2892 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3204 C:\Program Files\dvd43\DVD43_Tray.exe 3480 F:\iTunes7\iTunesHelper.exe 516 C:\Program Files\AVAST Software\Avast\AvastUI.exe 752 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3748 F:\Free Download Manager\fdm.exe 3132 F:\MagicDisc\MagicDisc.exe 3892 C:\Program Files\iPod\bin\iPodService.exe 3900 C:\Program Files\Windows Media Player\wmpnetwk.exe 4280 C:\Windows\System32\svchost.exe 5700 F:\Squeezebox\SqueezeTray.exe 4404 F:\SQUEEZ~1\server\SQUEEZ~3.EXE 4664 C:\Windows\System32\svchost.exe 4272 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 4852 C:\Windows\System32\SearchProtocolHost.exe 3504 C:\Windows\System32\SearchFilterHost.exe 4020 C:\Windows\System32\audiodg.exe 3468 C:\Windows\System32\ctfmon.exe 4836 C:\Users\james\Desktop\MBRCheck.exe 5468 C:\Windows\System32\conhost.exe 1768 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00103e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS) \\.\G: --> \\.\PhysicalDrive5 at offset 0x0000000c`0cbf3000 (NTFS) \\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`08100000 (NTFS) \\.\L: --> \\.\PhysicalDrive4 at offset 0x00000000`08100000 (NTFS) PhysicalDrive3 Model Number: STT_FTM64GX25H, Rev: 1571 PhysicalDrive0 Model Number: ST3400633A, Rev: 3.AAH PhysicalDrive5 Model Number: WDC WD16, Rev: 10.0 PhysicalDrive1 Model Number: WDC WD5000AAKS-65YGA, Rev: 12.0 PhysicalDrive2 Model Number: WDC WD10EALS-00Z8A0, Rev: 05.0 PhysicalDrive4 Model Number: WDC WD20EARS-00MVWB0, Rev: 50.0 Size Device Name MBR Status -------------------------------------------- 59 GB \\.\PhysicalDrive3
  12. Back in business, here's the MBRCHECK log that it generated earlier. I can run again if incomplete, but will wait for your direction. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 32-bit Base Board Manufacturer: MSI BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MSI System Product Name: MS-7350 Logical Drives Mask: 0x00020dfc Kernel Drivers (total 163): 0x8343C000 \SystemRoot\system32\ntkrnlpa.exe 0x83405000 \SystemRoot\system32\halmacpi.dll 0x80BAA000 \SystemRoot\system32\kdcom.dll 0x83A04000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x83A7C000 \SystemRoot\system32\PSHED.dll 0x83A8D000 \SystemRoot\system32\BOOTVID.dll 0x83A95000 \SystemRoot\system32\CLFS.SYS 0x83AD7000 \SystemRoot\system32\CI.dll 0x83B82000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8402A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x84038000 \SystemRoot\system32\drivers\Partizan.sys 0x84040000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x84088000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x84091000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x84099000 \SystemRoot\system32\DRIVERS\pci.sys 0x840C3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x840CE000 \SystemRoot\System32\drivers\partmgr.sys 0x840DF000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x840EF000 \SystemRoot\System32\drivers\volmgrx.sys 0x8413A000 \SystemRoot\system32\DRIVERS\pciide.sys 0x84141000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8414F000 \SystemRoot\System32\drivers\mountmgr.sys 0x84165000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8416E000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x84191000 \SystemRoot\system32\DRIVERS\nvstor.sys 0x841B6000 \SystemRoot\system32\DRIVERS\storport.sys 0x84000000 \SystemRoot\system32\DRIVERS\SscRdBus.sys 0x8423E000 \SystemRoot\system32\DRIVERS\vsmraid.sys 0x84263000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8426C000 \SystemRoot\system32\DRIVERS\SscRdCls.sys 0x84279000 \SystemRoot\system32\drivers\fltmgr.sys 0x842AD000 \SystemRoot\system32\drivers\fileinfo.sys 0x842BE000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x842C7000 \SystemRoot\System32\Drivers\Ntfs.sys 0x84200000 \SystemRoot\System32\Drivers\msrpc.sys 0x8422B000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8BA1A000 \SystemRoot\System32\Drivers\cng.sys 0x8BA77000 \SystemRoot\System32\drivers\pcw.sys 0x8BA85000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8BA8E000 \SystemRoot\system32\drivers\ndis.sys 0x8BB45000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BB83000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8BC30000 \SystemRoot\System32\drivers\tcpip.sys 0x8BD79000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8BDAA000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8BDB3000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8BDF2000 \SystemRoot\System32\Drivers\spldr.sys 0x8BC00000 \SystemRoot\System32\drivers\rdyboost.sys 0x8BBA8000 \SystemRoot\System32\Drivers\mup.sys 0x8BBB8000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BBC0000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8BA00000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BE0B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BE7D000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8BE9C000 \SystemRoot\System32\Drivers\aswSnx.SYS 0x8BEFA000 \SystemRoot\System32\Drivers\Null.SYS 0x8BF01000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BF08000 \SystemRoot\System32\drivers\vga.sys 0x8BF14000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8BF35000 \SystemRoot\System32\drivers\watchdog.sys 0x8BF42000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8BF4A000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8BF52000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8BF5A000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8BF65000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8BF73000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8BF8A000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8BF95000 \SystemRoot\System32\Drivers\aswTdi.SYS 0x8BF9F000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9123E000 \SystemRoot\system32\drivers\afd.sys 0x91298000 \SystemRoot\System32\Drivers\aswRdr.SYS 0x9129D000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x912A4000 \SystemRoot\system32\DRIVERS\pacer.sys 0x912C3000 \SystemRoot\system32\DRIVERS\netbios.sys 0x912D1000 \SystemRoot\system32\DRIVERS\serial.sys 0x912EB000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x912FE000 \SystemRoot\system32\DRIVERS\termdd.sys 0x9130E000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x9134F000 \SystemRoot\system32\drivers\nsiproxy.sys 0x91359000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x91363000 \SystemRoot\System32\drivers\discache.sys 0x9136F000 \SystemRoot\system32\drivers\csc.sys 0x913D3000 \SystemRoot\System32\Drivers\dfsc.sys 0x913EB000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x91625000 \SystemRoot\System32\Drivers\aswSP.SYS 0x9166D000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x9168E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x91E3C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x916A0000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x927A2000 \SystemRoot\System32\drivers\dxgmms1.sys 0x927DB000 \SystemRoot\system32\DRIVERS\serenum.sys 0x927E5000 \SystemRoot\system32\DRIVERS\parport.sys 0x91E00000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x91E18000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x91E25000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x91E32000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x91757000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x917A2000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x917B1000 \SystemRoot\System32\DRIVERS\dvd43llh.sys 0x917B6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x917BC000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x91600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x92C2E000 \SystemRoot\system32\DRIVERS\nvm62x32.sys 0x92C83000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x92C90000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x92CA2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x92CBA000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x92CC5000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x92CE7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x92CFF000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x92D16000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x92D2D000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x92D37000 \SystemRoot\system32\DRIVERS\mcdbus.sys 0x92D54000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x92D7A000 \SystemRoot\system32\DRIVERS\swenum.sys 0x92D7C000 \SystemRoot\system32\DRIVERS\ks.sys 0x92DB0000 \SystemRoot\system32\DRIVERS\umbus.sys 0x92E07000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x92E4B000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x93037000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x932C0000 \SystemRoot\system32\drivers\portcls.sys 0x932EF000 \SystemRoot\system32\drivers\drmk.sys 0x93308000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x9331F000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x93321000 \SystemRoot\System32\Drivers\fastfat.SYS 0x96830000 \SystemRoot\System32\win32k.sys 0x9334B000 \SystemRoot\System32\drivers\Dxapi.sys 0x93355000 \SystemRoot\System32\Drivers\crashdmp.sys 0x93362000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x9336C000 \SystemRoot\System32\Drivers\dump_nvstor.sys 0x93391000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x933A2000 \SystemRoot\system32\DRIVERS\monitor.sys 0x96A90000 \SystemRoot\System32\TSDDD.dll 0x96AC0000 \SystemRoot\System32\cdd.dll 0x933AD000 \SystemRoot\system32\drivers\luafv.sys 0x933C8000 \??\C:\Windows\system32\drivers\aswMonFlt.sys 0x93000000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0x93003000 \SystemRoot\system32\drivers\WudfPf.sys 0x9301D000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x92E5C000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x92E6F000 \SystemRoot\system32\drivers\HTTP.sys 0x92EF4000 \SystemRoot\system32\DRIVERS\bowser.sys 0x92F0D000 \SystemRoot\System32\drivers\mpsdrv.sys 0x92F1F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x92F42000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x92F7D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9302D000 \SystemRoot\system32\DRIVERS\parvdm.sys 0x9E40C000 \SystemRoot\system32\drivers\peauth.sys 0x9E4A3000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9E4AD000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9E4CE000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9E4DB000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9E52A000 \SystemRoot\System32\DRIVERS\srv.sys 0x9E57B000 \SystemRoot\System32\drivers\rdpdr.sys 0x9E5A0000 \SystemRoot\system32\drivers\tdtcp.sys 0x9E5AA000 \SystemRoot\System32\DRIVERS\tssecsrv.sys 0x9E5B7000 \SystemRoot\System32\Drivers\RDPWD.SYS 0x92F98000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA54A1000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA54AA000 \??\R:\Temp\mbr.sys 0x77130000 \Windows\System32\ntdll.dll 0x48310000 \Windows\System32\smss.exe 0x77370000 \Windows\System32\apisetschema.dll Processes (total 64): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 464 csrss.exe 512 C:\Windows\System32\wininit.exe 520 csrss.exe 572 C:\Windows\System32\services.exe 580 C:\Windows\System32\lsass.exe 596 C:\Windows\System32\lsm.exe 616 C:\Windows\System32\winlogon.exe 744 C:\Windows\System32\svchost.exe 856 C:\Windows\System32\svchost.exe 936 C:\Windows\System32\svchost.exe 988 C:\Windows\System32\svchost.exe 1020 C:\Windows\System32\svchost.exe 1200 C:\Windows\System32\svchost.exe 1408 C:\Windows\System32\svchost.exe 1488 C:\Program Files\AVAST Software\Avast\AvastSvc.exe 1788 C:\Windows\System32\taskeng.exe 1796 C:\Windows\System32\spoolsv.exe 1832 C:\Windows\System32\svchost.exe 1880 C:\Windows\System32\rundll32.exe 1960 C:\Windows\System32\svchost.exe 1980 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2044 C:\Program Files\Bonjour\mDNSResponder.exe 388 C:\Windows\System32\svchost.exe 412 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 1120 C:\Windows\System32\PnkBstrA.exe 1304 C:\Windows\System32\PnkBstrB.exe 1340 F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe 2056 C:\Windows\System32\svchost.exe 2092 C:\Windows\System32\SearchIndexer.exe 2860 WUDFHost.exe 2980 C:\Windows\System32\svchost.exe 3868 C:\Windows\System32\taskeng.exe 2100 C:\Windows\System32\dwm.exe 4044 C:\Windows\System32\taskhost.exe 3832 C:\Windows\explorer.exe 3980 F:\UnHackMe\hackmon.exe 4072 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 2792 C:\Program Files\dvd43\DVD43_Tray.exe 2656 F:\iTunes7\iTunesHelper.exe 3972 C:\Program Files\AVAST Software\Avast\AvastUI.exe 3012 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2380 F:\Free Download Manager\fdm.exe 2572 F:\MagicDisc\MagicDisc.exe 1144 C:\Program Files\iPod\bin\iPodService.exe 3128 C:\Program Files\Windows Media Player\wmpnetwk.exe 6100 C:\Windows\System32\ctfmon.exe 1680 C:\Windows\System32\notepad.exe 1276 F:\Squeezebox\SqueezeTray.exe 1676 F:\SQUEEZ~1\server\SQUEEZ~3.EXE 5932 C:\Program Files\Internet Explorer\iexplore.exe 4604 C:\Program Files\Internet Explorer\iexplore.exe 3032 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 5828 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe 4680 WmiPrvSE.exe 772 C:\Program Files\Internet Explorer\iexplore.exe 3988 C:\Windows\System32\SearchProtocolHost.exe 3448 C:\Windows\System32\SearchFilterHost.exe 5688 C:\Windows\System32\audiodg.exe 4256 C:\Users\james\Desktop\MBRCheck.exe 5924 C:\Windows\System32\conhost.exe 4328 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive3 at offset 0x00000000`00103e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS) \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS) \\.\G: --> \\.\PhysicalDrive5 at offset 0x0000000c`0cbf3000 (NTFS) \\.\K: --> \\.\PhysicalDrive2 at offset 0x00000000`08100000 (NTFS) \\.\L: --> \\.\PhysicalDrive4 at offset 0x00000000`08100000 (NTFS) PhysicalDrive3 Model Number: STT_FTM64GX25H, Rev: 1571 PhysicalDrive0 Model Number: ST3400633A, Rev: 3.AAH PhysicalDrive5 Model Number: WDC WD16, Rev: 10.0 PhysicalDrive1 Model Number: WDC WD5000AAKS-65YGA, Rev: 12.0 PhysicalDrive2 Model Number: WDC WD10EALS-00Z8A0, Rev: 05.0 PhysicalDrive4 Model Number: WDC WD20EARS-00MVWB0, Rev: 50.0 Size Device Name MBR Status -------------------------------------------- 59 GB \\.\PhysicalDrive3
  13. Fun stuff. MBRcheck locked up the machine (or so it appeared, unresponsive to everything including enter) after an hour I rebooted. Now I'm getting NTLDR missing. Will repair that tonight hopefully. Thanks for all your help so far, it will probably be 10-12 hours before I get a chance to do anything else.
  14. Not sure I understand what you are asking at this point. Attempted all of the following: Root\default > Query Select * From AntivirusProduct = invalid class error Root/default > Query Select * From AntivirusProduct = invalid class error Root/default > root/securitycenter > Query Select * From AntivirusProduct = 0 objects Root\default > root\securitycenter > Quert Select * From AntivirusProduct = 0 objects
  15. I can switch to root\default but the first time I hit connect it shows "root\cimv2"
  16. Hello Borislav, thank you very much for the help. Step 1: No AskBarDis in programs to remove, however search for "ask" revealed Foxit toolbar with ask.com association, removed that. Step 2: Done Step 3: Opened webemtest, clicked connect, replaced "root\cimv2" with "root\SecurityCenter" clicked connect. Query, entered "Select * From AntivirusProduct" returned no entries to delete. New DDS just in case. . DDS (Ver_11-03-05.01) - FAT32x86 Run by james at 11:32:57.48 on Thu 03/31/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2293 [GMT -7:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE f:\UnHackMe\hackmon.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\dvd43\DVD43_Tray.exe F:\iTunes7\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe F:\Free Download Manager\fdm.exe F:\MagicDisc\MagicDisc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\ctfmon.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\james\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - f:\free download manager\iefdm2.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [steam] "f:\steam\Steam.exe" -silent uRun: [Free Download Manager] f:\free download manager\fdm.exe -autorun mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "f:\itunes7\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "f:\malwarebytes\mbam.exe" /runcleanupscript mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - f:\magicdisc\MagicDisc.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\squeez~1.lnk - f:\squeezebox\SqueezeTray.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://f:\free download manager\dlall.htm IE: Download selected with Free Download Manager - file://f:\free download manager\dlselected.htm IE: Download video with Free Download Manager - file://f:\free download manager\dlfvideo.htm IE: Download with Free Download Manager - file://f:\free download manager\dllink.htm IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.water.ca.gov/dana-cached/sc/JuniperSetupClient.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\wf24yb9q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: f:\free download manager\firefox\extension\components\vmsfdmff.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\users\james\appdata\roaming\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\james\appdata\roaming\move networks\plugins\npqmp071705000014.dll FF - plugin: f:\itunes7\mozilla plugins\npitunes.dll FF - plugin: f:\picasa3\npPicasa3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\james\appdata\roaming\Move Networks FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF . ============= SERVICES / DRIVERS =============== . R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [2009-6-18 67608] R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [2007-12-19 40984] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-28 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-28 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-28 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-28 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-28 42184] R2 SqueezeMySQL;SqueezeMySQL;f:\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> f:\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?] S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-3-27 35816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-3-27 24416] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\sandra benchmark\sisoftware sandra lite 2010.sp2\RpcAgentSrv.exe [2010-8-1 93848] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-6 1343400] . =============== Created Last 30 ================ . 2011-03-30 07:23:10 -------- d-----w- c:\users\james\appdata\local\temp 2011-03-30 07:21:34 -------- d-sh--w- C:\$RECYCLE.BIN 2011-03-30 07:08:54 98816 ----a-w- c:\windows\sed.exe 2011-03-30 07:08:54 89088 ----a-w- c:\windows\MBR.exe 2011-03-30 07:08:54 256512 ----a-w- c:\windows\PEV.exe 2011-03-30 07:08:54 161792 ----a-w- c:\windows\SWREG.exe 2011-03-30 07:08:50 -------- d-----w- C:\23 2011-03-30 01:31:59 981504 ----a-w- c:\windows\system32\wininet.dll 2011-03-29 06:51:52 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-03-29 06:51:52 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-03-29 06:51:42 40648 ----a-w- c:\windows\avastSS.scr 2011-03-29 06:51:40 -------- d-----w- c:\program files\AVAST Software 2011-03-29 06:51:40 -------- d-----w- c:\progra~2\AVAST Software 2011-03-29 06:06:05 -------- d-----w- C:\TEMP 2011-03-29 05:19:20 -------- d-----w- c:\program files\CCleaner 2011-03-28 05:34:25 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2011-03-28 05:29:09 39192 ----a-w- c:\windows\system32\Partizan.exe 2011-03-28 05:29:09 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2011-03-28 05:29:07 2 --shatr- c:\windows\winstart.bat 2011-03-28 05:29:05 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2011-03-27 22:04:32 -------- d-----w- c:\users\james\appdata\roaming\Malwarebytes 2011-03-27 22:04:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-27 22:04:30 -------- d-----w- c:\progra~2\Malwarebytes 2011-03-27 22:04:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-27 21:45:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-03-27 21:45:35 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-03-27 21:45:15 -------- d-----w- c:\progra~2\Hitman Pro 2011-03-26 23:36:16 0 ----a-w- c:\users\james\appdata\local\Esixuka.bin 2011-03-26 23:22:21 149504 --sha-r- c:\windows\system32\KBDBENEY.dll 2011-03-26 23:14:52 -------- d-----w- c:\users\james\appdata\roaming\GARMIN 2011-03-26 23:14:12 -------- d-----w- C:\WebUpdater 2011-03-26 23:13:51 -------- d-----w- C:\Garmin 2011-03-14 16:42:48 -------- d--h--w- c:\progra~2\Common Files 2011-03-09 17:01:21 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2011-02-19 00:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: STT_FTM6 rev.1571 -> Harddisk3\DR3 -> \Device\00000068 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys c:\windows\system32\drivers\nvstor.sys NVIDIA Corporation NVIDIA nForce SATA Driver 1 ntkrnlpa!IofCallDriver[0x83478448] -> \Device\Harddisk3\DR3[0x873BDAC8] 3 CLASSPNP[0x8BE0F59E] -> ntkrnlpa!IofCallDriver[0x83478448] -> [0x86DC84F0] 5 ACPI[0x840493B2] -> ntkrnlpa!IofCallDriver[0x83478448] -> \Device\00000066[0x86DC8030] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user != kernel MBR !!! error: Read Insufficient system resources exist to complete the requested service. . ============= FINISH: 11:33:15.09 =============== Attach1.zip
  17. Wits end, probably have done a lot of things I shouldn't have... was going to just reimage, but thought I'd try this as I'm really curious at this point. Nothing bad is showing up on any scans that I see. Thanks in advance. DDS.txt . DDS (Ver_11-03-05.01) - FAT32x86 Run by james at 8:39:10.21 on Thu 03/31/2011 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2110 [GMT -7:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe F:\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe f:\UnHackMe\hackmon.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\dvd43\DVD43_Tray.exe F:\iTunes7\iTunesHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe F:\Free Download Manager\fdm.exe F:\MagicDisc\MagicDisc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\sppsvc.exe C:\Users\james\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - f:\free download manager\iefdm2.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [steam] "f:\steam\Steam.exe" -silent uRun: [Free Download Manager] f:\free download manager\fdm.exe -autorun mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "f:\itunes7\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "f:\malwarebytes\mbam.exe" /runcleanupscript mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - f:\magicdisc\MagicDisc.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\squeez~1.lnk - f:\squeezebox\SqueezeTray.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://f:\free download manager\dlall.htm IE: Download selected with Free Download Manager - file://f:\free download manager\dlselected.htm IE: Download video with Free Download Manager - file://f:\free download manager\dlfvideo.htm IE: Download with Free Download Manager - file://f:\free download manager\dllink.htm IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ssl.water.ca.gov/dana-cached/sc/JuniperSetupClient.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\wf24yb9q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: f:\free download manager\firefox\extension\components\vmsfdmff.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\users\james\appdata\roaming\move networks\plugins\npqmp071701000002.dll FF - plugin: c:\users\james\appdata\roaming\move networks\plugins\npqmp071705000014.dll FF - plugin: f:\itunes7\mozilla plugins\npitunes.dll FF - plugin: f:\picasa3\npPicasa3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\james\appdata\roaming\Move Networks FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF . ============= SERVICES / DRIVERS =============== . R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [2009-6-18 67608] R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [2007-12-19 40984] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-28 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-28 301528] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-28 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-28 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-28 42184] R2 SqueezeMySQL;SqueezeMySQL;f:\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> f:\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?] S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-3-27 35816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-3-27 24416] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;f:\sandra benchmark\sisoftware sandra lite 2010.sp2\RpcAgentSrv.exe [2010-8-1 93848] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-6 1343400] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2011-03-28 05:29:09 39192 ----a-w- c:\windows\system32\Partizan.exe 2011-03-28 05:29:07 2 --shatr- c:\windows\winstart.bat 2011-03-26 23:22:21 149504 --sha-r- c:\windows\system32\KBDBENEY.dll 2011-03-03 02:56:50 37943240 ----a-w- c:\windows\system32\MRT.exe 2011-02-23 14:04:21 40648 ----a-w- c:\windows\avastSS.scr 2011-02-23 14:04:17 190016 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-19 00:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll 2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll 2011-01-05 05:34:32 716800 ----a-w- c:\windows\system32\jscript.dll 2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: STT_FTM6 rev.1571 -> Harddisk3\DR3 -> \Device\00000068 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys c:\windows\system32\drivers\nvstor.sys NVIDIA Corporation NVIDIA nForce SATA Driver 1 ntkrnlpa!IofCallDriver[0x83476448] -> \Device\Harddisk3\DR3[0x873B9AC8] 3 CLASSPNP[0x8BE5E59E] -> ntkrnlpa!IofCallDriver[0x83476448] -> [0x85FE2B50] 5 ACPI[0x840CC3B2] -> ntkrnlpa!IofCallDriver[0x83476448] -> \Device\00000066[0x86DCB030] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user != kernel MBR !!! error: Read Insufficient system resources exist to complete the requested service. . ============= FINISH: 8:40:02.36 =============== Attach.zip ark.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.