Jump to content

fmchuck

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Everything posted by fmchuck

  1. I downloaded and saved it as an HTML doc and it seems to have saved the entire thread. Thanks so much again for all your help...simply amazes me you can look at all those logs and make sense of them. We have dubbed you Saint D_Fred. Later, my friend. CC
  2. Thanks very much for all our help. I've updated, installed, and reinstalled as needed and everything seems to be working fabulously. A question: I'd like to be able to refer back to some of the suggestions you gave. Is this thread to be archived somewhere or should I copy it and keep it myself?
  3. Thanks for the suggestions. I've shut the laptop down remotely for the night so will install AVG in the morning. I have Spybot installed on my profile on the laptop and will make sure it gets transferred over to my wife's as well since she's the primary user of that computer. I also use Firefox (which I updated tonight as well) and will encourage her to switch to it...I think she'll find it easier to use anyway. I'll download the firewalls and let you know if there are any other issues. Automatic updates are enabled. Thanks again so much. If you see a plane skywriting your name with a huge "THANKS", that would be my wife's way of expressing her gratitude. Me, I'll just click on that button at the bottom of your sig line... FmC
  4. No apologies necessary, you've been a tremendous help and very patient. All uninstalls/updates went smoothly. Any other suggestions before we add virus software back in?
  5. Here is the aswMBR log and the .DAT file: aswMBR version 0.9.7.747 Copyright© 2011 AVAST Software Run date: 2011-07-14 11:14:39 ----------------------------- 11:14:39.959 OS Version: Windows 6.1.7600 11:14:39.959 Number of processors: 2 586 0xF02 11:14:39.959 ComputerName: DEB-PC UserName: Deb 11:14:40.505 Initialize success 11:17:12.208 AVAST engine defs: 11071400 11:17:17.886 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 11:17:17.886 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC74P Size: 76319MB BusType: 3 11:17:19.930 Disk 0 MBR read successfully 11:17:19.930 Disk 0 MBR scan 11:17:19.945 Disk 0 Windows 7 default MBR code 11:17:21.958 Disk 0 scanning sectors +156299264 11:17:22.051 Disk 0 scanning C:\Windows\system32\drivers 11:17:35.810 Service scanning 11:17:37.121 Disk 0 trace - called modules: 11:17:37.152 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 11:17:37.152 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8631ca78] 11:17:37.152 3 CLASSPNP.SYS[8bdab59e] -> nt!IofCallDriver -> [0x85e8b898] 11:17:37.168 5 ACPI.sys[8ba923b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85e74030] 11:17:38.150 AVAST engine scan C:\Windows 11:54:22.902 AVAST engine scan C:\Users\Deb 12:03:44.909 AVAST engine scan C:\ProgramData 12:09:29.186 Scan finished successfully 14:30:05.197 Disk 0 MBR has been saved successfully to "C:\Users\Deb\Desktop\MBR.dat" 14:30:05.197 The log file has been saved successfully to "C:\Users\Deb\Desktop\aswMBR.txt" Let me know if you think it's ok to reinstall AVG (or another AV program you recommend). Thanks! MBR.zip
  6. Scans completed, posted below. All seems to be working in search engines with no redirects. Could we possibly have gotten it all?? Btw, my wife is singing your praises GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-13 23:23:15 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541680J9SA00 rev.SB2OC74P Running: yj5sso6p.exe; Driver: C:\Users\Deb\AppData\Local\Temp\pwldapow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E90569 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB5092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} PAGE peauth.sys AC025E20 76 Bytes CALL A9ED4A4B PAGE peauth.sys AC025E72 19 Bytes JMP CC545610 ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!DialogBoxIndirectParamW 76204AA7 5 Bytes JMP 73110240 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!DialogBoxParamW 7620564A 5 Bytes JMP 72F04B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!DialogBoxParamA 7621CF6A 5 Bytes JMP 731101DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!DialogBoxIndirectParamA 7621D29C 5 Bytes JMP 731102A3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!MessageBoxIndirectA 7622E8C9 5 Bytes JMP 73110172 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!MessageBoxIndirectW 7622E9C3 5 Bytes JMP 73110107 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!MessageBoxExA 7622EA29 5 Bytes JMP 731100A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!MessageBoxExW 7622EA4D 5 Bytes JMP 73110043 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!SetWindowsHookExW 761E210A 5 Bytes JMP 72F9460B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxIndirectParamW 76204AA7 5 Bytes JMP 73110240 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxParamW 7620564A 5 Bytes JMP 72F04B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxParamA 7621CF6A 5 Bytes JMP 731101DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxIndirectParamA 7621D29C 5 Bytes JMP 731102A3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxIndirectA 7622E8C9 5 Bytes JMP 73110172 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxIndirectW 7622E9C3 5 Bytes JMP 73110107 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxExA 7622EA29 5 Bytes JMP 731100A5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxExW 7622EA4D 5 Bytes JMP 73110043 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1088] ole32.dll!OleLoadFromStream 77965BF6 5 Bytes JMP 7311059E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000005c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: MXC062 Logical Drives Mask: 0x0000001c Kernel Drivers (total 180): 0x82E4D000 \SystemRoot\system32\ntkrnlpa.exe 0x82E16000 \SystemRoot\system32\halmacpi.dll 0x80BA1000 \SystemRoot\system32\kdcom.dll 0x8B820000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8B898000 \SystemRoot\system32\PSHED.dll 0x8B8A9000 \SystemRoot\system32\BOOTVID.dll 0x8B8B1000 \SystemRoot\system32\CLFS.SYS 0x8B8F3000 \SystemRoot\system32\CI.dll 0x8BA14000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8BA85000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8BA93000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8BADB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x8BAE4000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8BAEC000 \SystemRoot\system32\DRIVERS\pci.sys 0x8BB16000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8BB21000 \SystemRoot\System32\drivers\partmgr.sys 0x8BB32000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8BB3A000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8BB45000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8BB55000 \SystemRoot\System32\drivers\volmgrx.sys 0x8BBA0000 \SystemRoot\system32\DRIVERS\intelide.sys 0x8BBA7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8BBB5000 \SystemRoot\System32\drivers\mountmgr.sys 0x8BBCB000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8BBD4000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8BBF7000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8B99E000 \SystemRoot\system32\drivers\fltmgr.sys 0x8BA00000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B9D2000 \SystemRoot\System32\Drivers\DRVMCDB.SYS 0x8B9E8000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8BC05000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BD34000 \SystemRoot\System32\Drivers\msrpc.sys 0x8BD5F000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8BD72000 \SystemRoot\System32\Drivers\cng.sys 0x8BDCF000 \SystemRoot\System32\drivers\pcw.sys 0x8BDDD000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8BE26000 \SystemRoot\system32\drivers\ndis.sys 0x8BEDD000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BF1B000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8C00C000 \SystemRoot\System32\drivers\tcpip.sys 0x8C155000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8C186000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8C18F000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8C1CE000 \SystemRoot\System32\Drivers\spldr.sys 0x8BF40000 \SystemRoot\System32\drivers\rdyboost.sys 0x8C1D6000 \SystemRoot\System32\Drivers\mup.sys 0x8C1E6000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BF6D000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8C1EE000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BF9F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BE00000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8BE1F000 \??\C:\Windows\system32\SAVRKBootTasks.sys 0x8BE24000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0x8BFEB000 \SystemRoot\System32\Drivers\Null.SYS 0x8BFF2000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BFF9000 \SystemRoot\System32\Drivers\DLARTL_M.SYS 0x8BDE6000 \SystemRoot\System32\drivers\vga.sys 0x94009000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x9402A000 \SystemRoot\System32\drivers\watchdog.sys 0x94037000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x9403F000 \SystemRoot\system32\drivers\rdpencdd.sys 0x94047000 \SystemRoot\system32\drivers\rdprefmp.sys 0x9404F000 \SystemRoot\System32\Drivers\Msfs.SYS 0x9405A000 \SystemRoot\System32\Drivers\Npfs.SYS 0x94068000 \SystemRoot\system32\DRIVERS\tdx.sys 0x9407F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x9408A000 \SystemRoot\System32\DRIVERS\netbt.sys 0x940BC000 \SystemRoot\system32\drivers\afd.sys 0x94116000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x9411D000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9413C000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9414A000 \SystemRoot\System32\Drivers\tosrfcom.sys 0x9415A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9416D000 \SystemRoot\System32\drivers\truecrypt.sys 0x941A2000 \SystemRoot\system32\DRIVERS\termdd.sys 0x941B2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x941D4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x93805000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x93846000 \SystemRoot\system32\drivers\nsiproxy.sys 0x93850000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x9385A000 \SystemRoot\System32\drivers\discache.sys 0x93866000 \SystemRoot\system32\drivers\csc.sys 0x938CA000 \SystemRoot\System32\Drivers\dfsc.sys 0x938E2000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x938F0000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x93911000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x93923000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x9392C000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x94A11000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x94F1A000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x93930000 \SystemRoot\System32\drivers\dxgmms1.sys 0x94FD1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x9502A000 \SystemRoot\system32\DRIVERS\netw5v32.sys 0x9543D000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x95448000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x95493000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x954A2000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0x954B3000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x954DF000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x954F8000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x95506000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x9551A000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x9556B000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x95583000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x955AE000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x955B0000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x955BD000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x955CA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x955D0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x955E6000 \SystemRoot\system32\drivers\vad.sys 0x93969000 \SystemRoot\system32\drivers\portcls.sys 0x95000000 \SystemRoot\system32\drivers\drmk.sys 0x93998000 \SystemRoot\system32\drivers\ks.sys 0x955EA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x939CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x95019000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x941DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x939E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8B800000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x95A34000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x95A4B000 \SystemRoot\system32\DRIVERS\connctfy.sys 0x95A55000 \SystemRoot\system32\DRIVERS\pnetmdm.sys 0x95A58000 \SystemRoot\system32\drivers\modem.sys 0x95A65000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x95A6F000 \SystemRoot\system32\DRIVERS\swenum.sys 0x95A71000 \SystemRoot\system32\DRIVERS\umbus.sys 0x95A7F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x95AC3000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x95ADD000 \SystemRoot\system32\drivers\stwrt.sys 0x95B80000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x96201000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x96304000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x963B8000 \SystemRoot\system32\DRIVERS\tosporte.sys 0x963C3000 \SystemRoot\System32\Drivers\crashdmp.sys 0x963D0000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x963DB000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x963E4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x97CF0000 \SystemRoot\System32\win32k.sys 0x963F5000 \SystemRoot\System32\drivers\Dxapi.sys 0x95BBD000 \SystemRoot\system32\DRIVERS\monitor.sys 0x97F50000 \SystemRoot\System32\TSDDD.dll 0x97F80000 \SystemRoot\System32\cdd.dll 0x97FA0000 \SystemRoot\System32\ATMFD.DLL 0x95BC8000 \SystemRoot\system32\drivers\luafv.sys 0x95BE3000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0x963FF000 \SystemRoot\System32\DLA\DLADResM.SYS 0x95A00000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0x95A18000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0x95A1D000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0x8BFC4000 \SystemRoot\system32\drivers\WudfPf.sys 0x95A1F000 \SystemRoot\System32\DLA\DLABMFSM.SYS 0x95A26000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0x99C20000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0x99C36000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0x99C4D000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x99C5D000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x99CA3000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x99CB3000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x99CC6000 \SystemRoot\system32\drivers\HTTP.sys 0x99D4B000 \SystemRoot\system32\DRIVERS\bowser.sys 0x99D64000 \SystemRoot\System32\drivers\mpsdrv.sys 0x99D76000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x99D99000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x99DD4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x99C18000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys 0x99C1A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xAC01A000 \SystemRoot\system32\drivers\peauth.sys 0xAC0B1000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAC0BB000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xAC0DC000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAC0E9000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xAC0F1000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAC140000 \SystemRoot\System32\DRIVERS\srv.sys 0xAC192000 \SystemRoot\System32\Drivers\fastfat.SYS 0xAC1BC000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys 0xB8488000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xB8491000 \??\C:\Users\Deb\AppData\Local\Temp\pwldapow.sys 0x77EC0000 \Windows\System32\ntdll.dll 0x47F60000 \Windows\System32\smss.exe 0x77E80000 \Windows\System32\apisetschema.dll Processes (total 57): 0 System Idle Process 4 System 276 C:\Windows\System32\smss.exe 420 csrss.exe 472 C:\Windows\System32\wininit.exe 484 csrss.exe 536 C:\Windows\System32\services.exe 560 C:\Windows\System32\winlogon.exe 600 C:\Windows\System32\lsass.exe 608 C:\Windows\System32\lsm.exe 704 C:\Windows\System32\svchost.exe 808 C:\Windows\System32\svchost.exe 872 C:\Windows\System32\svchost.exe 964 C:\Windows\System32\svchost.exe 1004 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\svchost.exe 1292 C:\Windows\System32\svchost.exe 1456 C:\Windows\System32\spoolsv.exe 1488 C:\Windows\System32\svchost.exe 1568 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1588 C:\Program Files\Bonjour\mDNSResponder.exe 1616 C:\Program Files\Connectify\Connectifyd.exe 1692 C:\Windows\System32\svchost.exe 1724 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 1836 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 1908 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 1988 C:\Program Files\Dell Support Center\bin\sprtsvc.exe 2020 C:\Windows\System32\stacsv.exe 1212 C:\Windows\System32\svchost.exe 436 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe 1000 C:\Windows\System32\dwm.exe 2064 C:\Windows\explorer.exe 2208 C:\Windows\System32\drivers\XAudio.exe 2236 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 2620 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2664 C:\Windows\sttray.exe 2736 C:\Program Files\TeamViewer\Version6\TeamViewer.exe 2808 C:\Windows\System32\taskhost.exe 2840 C:\Windows\System32\hkcmd.exe 2884 C:\Windows\System32\igfxpers.exe 2936 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 3000 C:\Windows\System32\igfxsrvc.exe 3068 C:\Users\Deb\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe 3088 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe 3164 C:\Program Files\PdaNet for Android\PdaNetPC.exe 3600 WmiPrvSE.exe 3612 C:\Windows\System32\SearchIndexer.exe 4020 C:\Windows\System32\svchost.exe 1708 C:\Windows\System32\wuauclt.exe 3812 C:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe 2792 C:\Program Files\TeamViewer\Version6\tv_w32.exe 664 C:\Program Files\Internet Explorer\iexplore.exe 1088 C:\Program Files\Internet Explorer\iexplore.exe 2332 C:\Windows\System32\audiodg.exe 3024 C:\Users\Deb\Desktop\Security\MBRCheck.exe 364 C:\Windows\System32\conhost.exe 2904 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC74P Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=fc1a2bacd30ca54ba618883e4f2dd2e8 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-14 06:14:46 # local_time=2011-07-14 01:14:46 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777215 100 0 124341 124341 0 0 # compatibility_mode=5893 16776573 100 94 0 62162775 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=221183 # found=0 # cleaned=0 # scan_time=6102 QuickScan Beta 32-bit v0.9.9.96 ------------------------------- Scan date: Thu Jul 14 01:37:45 2011 Machine ID: 74F9ABD6 No infection found. ------------------- Processes --------- Apple Mobile Device Service 1568 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Bonjour 1588 C:\Program Files\Bonjour\mDNSResponder.exe C-Major Audio 2664 C:\Windows\sttray.exe C-Major Audio 2020 C:\Windows\System32\stacsv.exe CommonSDK 1908 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe Connectify 1616 C:\Program Files\Connectify\Connectifyd.exe Dropbox 3088 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe FreeScreenSharing Application 3068 C:\Users\Deb\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe Intel® Common User Interface 2840 C:\Windows\System32\hkcmd.exe Intel® Common User Interface 2884 C:\Windows\System32\igfxpers.exe Intel® Common User Interface 3000 C:\Windows\System32\igfxsrvc.exe Logitech Webcam Software 1724 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe Microsoft® Windows® Operating System 2064 C:\Windows\explorer.exe Microsoft® Windows® Operating System 420 C:\Windows\System32\csrss.exe Microsoft® Windows® Operating System 484 C:\Windows\System32\csrss.exe Microsoft® Windows® Operating System 608 C:\Windows\System32\lsm.exe Microsoft® Windows® Operating System 536 C:\Windows\System32\services.exe Microsoft® Windows® Operating System 276 C:\Windows\System32\smss.exe Microsoft® Windows® Operating System 1456 C:\Windows\System32\spoolsv.exe Microsoft® Windows® Operating System 472 C:\Windows\System32\wininit.exe Microsoft® Windows® Operating System 560 C:\Windows\System32\winlogon.exe Microsoft® Windows® Operating System 1708 C:\Windows\System32\wuauclt.exe Nero BackItUp 1836 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PdaNetPC.exe 3164 C:\Program Files\PdaNet for Android\PdaNetPC.exe SoftK56 Modem Driver 2208 C:\Windows\System32\drivers\XAudio.exe SUPERAntiSpyware 2936 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe SupportSoft sprtsvc 1988 C:\Program Files\Dell Support Center\bin\sprtsvc.exe Synaptics Pointing Device Driver 2620 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe TeamViewer 2736 C:\Program Files\TeamViewer\Version6\TeamViewer.exe TeamViewer 3812 C:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe TeamViewer 436 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe TeamViewer 2792 C:\Program Files\TeamViewer\Version6\tv_w32.exe Windows® Internet Explorer 664 C:\Program Files\Internet Explorer\iexplore.exe Windows® Internet Explorer 1088 C:\Program Files\Internet Explorer\iexplore.exe (verified) Microsoft® Windows® Operating System 2568 C:\Windows\servicing\TrustedInstaller.exe (verified) Microsoft® Windows® Operating System 1000 C:\Windows\System32\dwm.exe (verified) Microsoft® Windows® Operating System 600 C:\Windows\System32\lsass.exe (verified) Microsoft® Windows® Operating System 704 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 808 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 872 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1692 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1488 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1292 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1212 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1112 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 1004 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 964 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 4020 C:\Windows\System32\svchost.exe (verified) Microsoft® Windows® Operating System 2808 C:\Windows\System32\taskhost.exe (verified) Windows Installer - Unicode 3104 C:\Windows\System32\msiexec.exe (verified) Windows® Search 3612 C:\Windows\System32\SearchIndexer.exe (verified) Yahoo! AutoUpdater 2236 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe Network activity ---------------- Process TeamViewer_Service.exe (436) connected on port 5938 --> 207.199.237.159 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 24.25.26.58 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 24.25.26.58 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 24.25.26.58 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 24.25.26.58 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 24.25.26.58 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 24.25.26.58 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 72.14.204.96 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 72.14.204.154 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 72.14.204.102 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 69.171.228.40 Process iexplore.exe (1088) connected on port 80 (HTTP) --> 72.14.204.102 Process Dropbox.exe (3088) connected on port 80 (HTTP) --> 199.47.217.147 Process Dropbox.exe (3088) connected on port 443 (HTTP over SSL) --> 107.20.248.135 Process TeamViewer_Service.exe (436) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 5938 Process wininit.exe (472) listens on ports: 49152 (RPC) Process services.exe (536) listens on ports: 49187 Process lsass.exe (600) listens on ports: 49155 (RPC) Process svchost.exe (808) listens on ports: 135 (RPC) Process svchost.exe (872) listens on ports: 49153 (RPC) Process svchost.exe (1004) listens on ports: 49154 (RPC) Process Dropbox.exe (3088) listens on ports: 17500 Autoruns and critical files --------------------------- C-Major Audio C:\Windows\sttray.exe Dropbox C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe FreeScreenSharing Application C:\Users\Deb\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe Google Desktop c:\Program Files\Google\Google Desktop Search\googledesktopnetwork3.dll Intel® Common User Interface C:\Windows\System32\hkcmd.exe Intel® Common User Interface C:\Windows\system32\igfxdev.dll Intel® Common User Interface C:\Windows\System32\igfxpers.exe PdaNetPC.exe C:\Program Files\PdaNet for Android\PdaNetPC.exe SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Windows® Internet Explorer c:\windows\system32\webcheck.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\cmd.exe (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Browser plugins --------------- AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll Adobe Acrobat C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\nppdf32.dll BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll Bonjour C:\Program Files\Bonjour\mdnsNSP.dll Browser Address Error Redirector C:\Program Files\BAE\BAE.dll EModel scriptable Plugin C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npEModelPlugin.dll FlashPlayer.dll C:\Program Files\Flash2X\Flash Player\FlashPlayer.dll Java Deployment Toolkit 6.0.210.7 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npdeployJava1.dll Java Platform SE 6 U21 C:\Program Files\Java\jre6\bin\jp2ssv.dll Java Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll Macrovision FLEXnet Connect C:\Windows\Downloaded Program Files\isusweb.dll npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll PDF-XChange Viewer C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npPDFXCviewNPPlugin.dll PDF-XChange Viewer C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll QuickTime Plug-in 7.6.8 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin.dll QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin2.dll QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin3.dll QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin4.dll QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin5.dll QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin6.dll QuickTime Plug-in 7.6.8 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin7.dll Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll Skype add-on for IE c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\Windows\system32\IEFRAME.dll Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn1\ytsingleinstance.dll Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn1\yt.dll Yahoo! Toolbar Nav Assistant plugin c:\program files\yahoo!\companion\installs\cpn1\ytnavassist.dll (verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll (verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe (verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll Scan ---- MD5: 1a4f60ef6da38621f1091b0cb0fa2c09 C:\Program Files\BAE\BAE.dll MD5: 5f2917842d9fbb4cb11f76b0c00a1f5b C:\Program Files\Bonjour\mdnsNSP.dll MD5: 673cf4f6bb1fbe09331b526802fbb892 C:\Program Files\Bonjour\mDNSResponder.exe MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll MD5: 70d7be78061126dd0c3accdb7e129017 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe MD5: da4372152c68641c032dfeb4773562e8 C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe MD5: bdbf48d13c5343cced93e675effdb72c C:\Program Files\Common Files\microsoft shared\Web Folders\MSONSEXT.DLL MD5: edc351e9bfdd86d3b5057e8425b55529 C:\Program Files\Common Files\microsoft shared\Web Folders\PKMWS.DLL MD5: 5f5360825d2b829121e78e84d4cb8785 C:\Program Files\Common Files\Nero\Nero BackItUp 4\LBFC.dll MD5: 81da72712df46480e6248aeb35e15fcc C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBBurn.dll MD5: b90e093e7a7250906f1054418b5339c0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe MD5: 8e2d68a36fcb58a8da57de3e064f39cc C:\Program Files\Common Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll MD5: f6c66188def298e2c3827af6fb2c0637 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\CPSCommonTools9.dll MD5: 3c03db6f66c9792c9b6e30473e847ca2 C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll MD5: 41857da3ea7a2568e1aae8fedc8d8939 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonEnglish.dll MD5: c7c30b24c8c57078654ba9574ce70e3d C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSCommonObjects.dll MD5: 1bac818025403333c11817dafbcee283 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSFileLoader.dll MD5: 5fce5b36991dbaa99da9e9c62d8e60ac C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\LeResourceLoader.dll MD5: ebcde8b48fadc6479d96a56d0a432160 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe MD5: ab2b1de1c8f31efce2384b14b3dc4260 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe MD5: 900a9d261859ec999c9c7243410c3203 C:\Program Files\Common Files\Roxio Shared\DLLShared\homeutils9.dll MD5: 743e556a998074ed7eeb99ca495b2e5d C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll MD5: 3c84fca13c4eb607478a45f2d7e16db3 C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient9.dll MD5: 4945020bc094c322571184a6e8056b3a C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe MD5: 51778fd315c9882f1cbd932743e62a72 C:\Program Files\Common Files\SureThing Shared\stllssvr.exe MD5: a8fcc3d0fadc011a22300b4f457f1df1 C:\Program Files\Connectify\BuildProps.dll MD5: 66aed09819ac3be90305498a3759f42a C:\Program Files\Connectify\Connectifyd.exe MD5: b79524bfaf0da7f3bdbc1bc84dacd425 C:\Program Files\Connectify\ConnectifyNAT.dll MD5: 2c0700e35b4456040b0cabe8d0b24807 C:\Program Files\Connectify\DriverLib.dll MD5: 01f6369f8ffa768e77391755afeb00ca C:\Program Files\Connectify\log4cxx.dll MD5: 66f2f6856415f7a1178a017373f4e4a2 C:\Program Files\Connectify\log4net.dll MD5: afa53cd90e01ca1861498b1ac8caaf77 C:\Program Files\Connectify\ndisapi.dll MD5: e60dba29c52a217c770064f52aebaa1d C:\Program Files\Connectify\wifi.dll MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files\Dell Support Center\bin\LIBEAY32.dll MD5: 0ab6629467d8f073b762fca1d416bf2d C:\Program Files\Dell Support Center\bin\sprtfod.dll MD5: 8e8d1251c52de0256c076caaa79af327 C:\Program Files\Dell Support Center\bin\sprtsched.dll MD5: 777115c9cc675bd98127660712d2f784 C:\Program Files\Dell Support Center\bin\sprtsvc.exe MD5: e4d3f600cff1e76950abb0d790f2a1ef C:\Program Files\Dell Support Center\bin\sprtupdate.dll MD5: 01d5b95d0a12a916bbdc258629113258 C:\Program Files\DellSupport\brkrsvc.exe MD5: 64fa28c15dd71a80bef3527e1ef07df6 C:\Program Files\DellSupport\Drivers\dsunidrv.sys MD5: 413f2d5f9d802688242c23b38f767ecb C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys MD5: 99c293b2c3fac32fd20053bd1e5ed21a C:\Program Files\Flash2X\Flash Player\FlashPlayer.dll MD5: 6434b5f02751b9140deecf4e4a3bab47 c:\Program Files\Google\Google Desktop Search\googledesktopnetwork3.dll MD5: bd43a986fa0dc0cbf672638a8de444db C:\Program Files\Internet Explorer\ieproxy.dll MD5: 64efaf916c4009f1b84153d0bb491fb0 C:\Program Files\Internet Explorer\iexplore.exe MD5: 700cc8a0ca98e056f7a951d0ab9f856b C:\Program Files\Internet Explorer\plugins\nppdf32.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll MD5: 32cdedd15e2d1a557cd54552ae78ff86 C:\Program Files\iPod\bin\iPodService.exe MD5: 7559e4fda009669309e599474d852527 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll MD5: 2d5394ff0e31ffefb5049f0911e91d89 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll MD5: c3e42cbf8215171a524d123a54ae3233 C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll MD5: d865612e27633bf6bd1a062e08fcb801 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npEModelPlugin.dll MD5: 700cc8a0ca98e056f7a951d0ab9f856b C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\nppdf32.dll MD5: 2a9c913898dd0287f6f43d1004115b9a C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npPDFXCviewNPPlugin.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin2.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin3.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin4.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin5.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin6.dll MD5: e55be7a502b3a78f32ba3a208f6874b7 C:\Program Files\Mozilla Firefox 3.6 Beta 3\plugins\npqtplugin7.dll MD5: d6297c607683a536c4016d9911da4738 C:\Program Files\PdaNet for Android\PdaNetPC.exe MD5: 76ff9f849b0b56a73082da8294821460 C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll MD5: d299be72fb0554016f69c3cf04274d7c C:\Program Files\Roxio\Drag-to-Disc\ShellRes.dll MD5: ce16731d20bc8afd532ac7a526d809a9 c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll MD5: 31a7aa2dedefbd3927b0cade051aac2c C:\Program Files\SUPERAntiSpyware\deupx.dll MD5: 760c4453663248c596e80df34fb8cc85 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MD5: bc9e0a68a38e0e57d4f36beeb75c6e28 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MD5: 2d6ef592e9d3f64d0f3d592322ea1b04 C:\Program Files\TeamViewer\Version6\TeamViewer.exe MD5: 28d082a8cb5d321eef8399f6ec0c5d5d C:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe MD5: da0fe6ba79b6ac310f27aaf9386c7fe0 C:\Program Files\TeamViewer\Version6\TeamViewer_Resource_en.dll MD5: 8a9828975a857e477efef5a61ba45ac0 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe MD5: 00d9282218b1bd8736e54298290f0317 C:\Program Files\TeamViewer\Version6\tv_w32.dll MD5: 7973c557b2be08395664c5630665905f C:\Program Files\TeamViewer\Version6\tv_w32.exe MD5: d241900c8e03f850e862664f3fbeb5b6 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBdAPI.dll MD5: af5112a454dee214a44c070e2a59042c C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtAPI.dll MD5: 756d84d65e727b60f149d8058720521a C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtHcrpAPI.dll MD5: ac88d258f20909eeb91796f490cfbb73 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe MD5: 2a9c913898dd0287f6f43d1004115b9a C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll MD5: 1e715247efffdda938c085913045d599 C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys MD5: 089b5f924e96ba9c40e4e4522bf43770 c:\program files\windows defender\mprtp.dll MD5: 77fbd400984cf72ba0fc4b3489d65f74 C:\Program Files\Windows Media Player\wmpnetwk.exe MD5: f8b3f34f70c92cf6113972a1e0d7ecd7 c:\program files\yahoo!\companion\installs\cpn1\yt.dll MD5: a1e27169e47806a8fb3a1a4e4a26730c c:\program files\yahoo!\companion\installs\cpn1\ytnavassist.dll MD5: f513f8e9771cf6976e831e0cc3c72ba5 c:\program files\yahoo!\companion\installs\cpn1\ytsingleinstance.dll MD5: a3ba4712ebf768edfbccec09fa120b6f C:\Program Files\Zune\WMZuneComm.exe MD5: 5bdcacd5b2b0fb972bc570e70f616acf C:\Program Files\Zune\ZuneNss.exe MD5: e22e48654a66aa3e24f4646c6bc1756c C:\Program Files\Zune\ZuneWlanCfgSvc.exe MD5: 401f82ce78ae5995684333b556948fa4 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D58ADFF-C461-4595-A493-E649FE996BE4}\mpengine.dll MD5: fe36976864a30ea91e14d024f8bf7dd8 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe MD5: 0b02d9aa67eea2c5524943b69418512e C:\Users\Chuck\AppData\Roaming\Dropbox\bin\PYTHON25.DLL MD5: c793d05e0f461e8d5ba4336c5a95589f C:\Users\Deb\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe MD5: 6d74290856347cf8682277a54b433d4b C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll MD5: 031ccdff85a57172f3402cb99b3e9d46 C:\Users\Deb\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MD5: 2786afc6ab1f04d7600228e39df2e186 C:\Users\Deb\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MD5: db4b28b8f25b3a2548b947a42b2df3b3 C:\Users\Deb\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MD5: 11ab72d5d603db401c190b454fb935a7 C:\Users\Deb\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MD5: 644d1b1db02e8b2ec8e9d7e43f67e5bb C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll MD5: cff4536d93d0011cc2ce2fe22af3f9a9 C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\c3a9fb49784a53ce475a592c15728888\SMDiagnostics.ni.dll MD5: 4490f1c1ccab3d991fb88f3fbfa75277 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8add38eb4f9c07790b5be549c5f0dae\System.Configuration.ni.dll MD5: a7e9b5d775f3a8e40b014365dab5505a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e979f76558e7e1f7127a5244fb5a0347\System.Drawing.ni.dll MD5: a4c9eab5ae87cbb4c384c9fe74884539 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\565a1d9d3fed4d64ddb884a49a1a0e25\System.Management.ni.dll MD5: 9b20aaeec2adcca011cead7eb1b45fcd C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a93babbfac74bef9adb0aa3fbc36c5ef\System.Runtime.Serialization.ni.dll MD5: fc08edfaa639549f7e2d1f39ab367089 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d18e14ad9dd0de4997b57c36bd157d61\System.ServiceModel.ni.dll MD5: 91481c43bb2427843f45efc509eb8724 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d9b3bb263a38ca5767baf78cacf380d8\System.ServiceProcess.ni.dll MD5: f35825dc45fa8cccd76e03aa4f6ae638 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\bb3ccd9385192fd043a41c62d37e34fe\System.Web.ni.dll MD5: 7412929627084ac490eff5c282cf44bd C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\933baa29f5feba3093ba81c5b9b82b1c\System.Windows.Forms.ni.dll MD5: 00652de3983f094cbd2341a53f309a95 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\682572c507ea7552c3db1842c21bf9c8\System.Xml.ni.dll MD5: aca1c6403496495a150089a48e17df61 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f7048e198c963fa189cff3aea17dfee3\System.ni.dll MD5: 11ebc1ef713a878a14be8d5923cd355f C:\Windows\Downloaded Program Files\isusweb.dll MD5: 23dc75d158d484177ffe99e23264f89f C:\Windows\Downloaded Program Files\qsax.dll MD5: af2d82d297609df60469bfae48645762 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MD5: c7673048872bf6ead0a46d17d89b7537 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: 733da847d5c3e32c40ba831beaa8dc93 C:\Windows\sttray.exe MD5: 8b794ae6d5c7d42092804bc39a2eb8f6 c:\windows\system32\AEPIC.dll MD5: fabfc817547eabb19b74849cef410622 C:\Windows\system32\authui.dll MD5: e24fe90e9de8d8ae70e59f7b01675def C:\Windows\system32\AVICAP32.dll MD5: 9a595df601070da78c40481120dd2c06 C:\Windows\system32\basesrv.DLL MD5: f45ed8c4f9af862cd9992849b5203c11 C:\Windows\system32\bitsigd.dll MD5: 704a8b68374e6309b8d67f997fd3034b c:\windows\system32\bitsperf.dll MD5: 9092668daf4061898fd3f2c19d8c7f85 C:\Windows\system32\CLUSAPI.DLL MD5: 61062968b59b97be9568e68b4b527cb2 C:\Windows\System32\CNBLM4.DLL MD5: 50ba656134f78af64e4dd3c8b6fefd7e C:\Windows\system32\cngaudit.dll MD5: 53831de9162c6c2378574b59eb786bf1 C:\Windows\system32\corpol.dll MD5: 58c8d45c571aa9235fb296b383b89887 C:\Windows\System32\cpwmon2k.dll MD5: 10de24cccd418c31107813682eb73542 C:\Windows\system32\CSRSRV.dll MD5: 342271f6142e7c70805b8a81e1ba5f5c C:\Windows\System32\csrss.exe MD5: 40d2453fa90ddb5f92e4ecea5797895e C:\Windows\system32\D3D10Level9.dll MD5: 990a58a0b01720e419b55efc5ff387f8 C:\Windows\System32\dhcpcore6.dll MD5: a53723176d0002feb486eff8e17812f2 C:\Windows\System32\DLA\DLABMFSM.SYS MD5: d4587063acea776699251e177d719586 C:\Windows\System32\DLA\DLABOIOM.SYS MD5: c950c2e7b9ed1a4fc4a2ac7ec044f1d6 C:\Windows\System32\DLA\DLADResM.SYS MD5: 24400137e387a24410c52a591f3cfb4d C:\Windows\System32\DLA\DLAIFS_M.SYS MD5: 29a303feceb28641ecebdae89eb71c63 C:\Windows\System32\DLA\DLAOPIOM.SYS MD5: c93e33a22a1ae0c5508f3fb1f6d0a50c C:\Windows\System32\DLA\DLAPoolM.SYS MD5: 4897704c093c1f59ce58fc65e1e1ef1e C:\Windows\System32\DLA\DLAUDF_M.SYS MD5: b953498c35a31e5ac98f49adbcf3e627 C:\Windows\System32\DLA\DLAUDFAM.SYS MD5: d7675f963be522060140ecd15607bcb8 C:\Windows\system32\DLAAPI_W.DLL MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\Windows\system32\DNSAPI.dll MD5: 100103c6535c66265267f5eea5f5846e C:\Windows\System32\dnsext.dll MD5: b15be77a2bacf9c3177d27518afe26a9 c:\windows\system32\dnsrslvr.dll MD5: 0db7a48388d54d154ebec120461a0fcd C:\Windows\system32\drivers\afd.sys MD5: 82dd21bfa8bbe0a3a3833a1bd8e86158 C:\Windows\system32\DRIVERS\bcm4sbxp.sys MD5: 9a5c671b7fbae4865149bb11f59b91b2 C:\Windows\system32\DRIVERS\bowser.sys MD5: f483412cb726f5f09d73d92fe395f548 C:\Windows\system32\DRIVERS\connctfy.sys MD5: 83d1ecea8faae75604c0fa49ac7ad996 C:\Windows\System32\Drivers\dfsc.sys MD5: 5230cdb7e715f3a3b4a882e254cdd35d C:\Windows\System32\Drivers\DLACDBHM.SYS MD5: 77fe51f0f8d86804cb81f6ef6bfb86dd C:\Windows\System32\Drivers\DLARTL_M.SYS MD5: c00440385cf9f3d142917c63f989e244 C:\Windows\System32\Drivers\DRVMCDB.SYS MD5: ffc371525aa55d1bae18715ebcb8797c C:\Windows\System32\Drivers\DRVNDDM.SYS MD5: 6d2350bb6e77e800fc4be4e5b7a2e89a C:\Windows\system32\DRIVERS\HSX_CNXT.sys MD5: 53229dcf431d76434816cd29251168a0 C:\Windows\system32\DRIVERS\HSX_DPV.sys MD5: 31f949d452201f2f0af0c88d7db512cd C:\Windows\system32\DRIVERS\HSXHWAZL.sys MD5: b20f958b207e6aaac5f70d04dd2c30d8 C:\Windows\system32\DRIVERS\lv302af.sys MD5: dd184d9adfe2a8a21741dbdfe9e22f5c C:\Windows\system32\DRIVERS\LV302V32.SYS MD5: 1a7db7a00a4b0d8da24cd691a4547291 C:\Windows\system32\DRIVERS\LVPr2Mon.sys MD5: 87ecce893d8aec5a9337b917742d339c C:\Windows\system32\DRIVERS\lvrs.sys MD5: f7e15f2fe7790733df86e95a76556389 C:\Windows\system32\drivers\LVUSBSta.sys MD5: ca7570e42522e24324a12161db14ec02 C:\Windows\system32\DRIVERS\mrxsmb.sys MD5: c108952d3660375dcb716b222912e868 C:\Windows\system32\DRIVERS\mrxsmb10.sys MD5: 25c38264a3c72594dd21d355d70d7a5d C:\Windows\system32\DRIVERS\mrxsmb20.sys MD5: b7112f30d7eff4b5052eba879f46228f C:\Windows\system32\DRIVERS\nwusbmdm.sys MD5: b7112f30d7eff4b5052eba879f46228f C:\Windows\system32\DRIVERS\nwusbser.sys MD5: b7112f30d7eff4b5052eba879f46228f C:\Windows\system32\DRIVERS\nwusbser2.sys MD5: 6ddcf3f801ec15fe698f6a215cf30a1f C:\Windows\system32\drivers\Partizan.sys MD5: da19e3401f39c10df193be029c7e7bba C:\Windows\system32\DRIVERS\pnetmdm.sys MD5: 37ecebdd930395a9c399fb18a3c236d3 C:\Windows\system32\Drivers\regguard.sys MD5: d85e3fa9f5b1f29bb4ed185c450d1470 C:\Windows\system32\DRIVERS\rimmptsk.sys MD5: db8eb01c58c9fada00c70b1775278ae0 C:\Windows\system32\DRIVERS\rimsptsk.sys MD5: 6c1f93c0760c9f79a1869d07233df39d C:\Windows\system32\DRIVERS\rixdptsk.sys MD5: 564297827d213f52c7a3a2ff749568ca C:\Windows\System32\Drivers\RootMdm.sys MD5: c4a027b8c0bd3fc0699f41fa5e9e0c87 C:\Windows\System32\DRIVERS\srv.sys MD5: 414bb592cad8a79649d01f9d94318fb3 C:\Windows\System32\DRIVERS\srv2.sys MD5: ff207d67700aa18242aaf985d3e7d8f4 C:\Windows\System32\DRIVERS\srvnet.sys MD5: 9cea131b5eb0ea653f6b3ea80b54956d C:\Windows\system32\drivers\stwrt.sys MD5: 1f5192248a364d4ab68db063d18a2139 C:\Windows\system32\DRIVERS\SynTP.sys MD5: 0158d5e9982e9d6a90dfc802f618e130 C:\Windows\System32\drivers\tcpip.sys MD5: 90afa1a4451bbbee87c9f18a665d8121 C:\Windows\system32\DRIVERS\tosporte.sys MD5: b168b345fb7073930c31e0d8b85e8353 C:\Windows\system32\DRIVERS\tosrfbd.sys MD5: 74392bab3f0d4810da8436ec79d6955d C:\Windows\System32\Drivers\tosrfbnp.sys MD5: 1ad9eb1b5abd0aeee4084c8153476f1e C:\Windows\System32\Drivers\tosrfcom.sys MD5: a72a3473180f378cc07d342803ffd580 C:\Windows\system32\DRIVERS\Tosrfhid.sys MD5: b2a1a6538245fd69578224bbf2fd4677 C:\Windows\system32\DRIVERS\tosrfnds.sys MD5: 8b877e24550e7962da820c8c354ec33a C:\Windows\system32\drivers\tosrfsnd.sys MD5: 97529d04178bf604c62c5be4b8bb2129 C:\Windows\system32\DRIVERS\tosrfusb.sys MD5: 6ec1d6ed5471c99ffc38abe498a6df08 C:\Windows\System32\drivers\truecrypt.sys MD5: cc861da7c724f1da4f5eaf4c734fac35 C:\Windows\system32\drivers\vad.sys MD5: 28dc5d626e036a75a572556f0a6eb1f6 C:\Windows\System32\drivers\XAudio.exe MD5: 5a7ff9a18ff6d7e0527fe3abf9204ef8 C:\Windows\system32\DRIVERS\xaudio.sys MD5: 60cc965a89e2072ebd26d63d5e1e1d18 C:\Windows\system32\dwmcore.dll MD5: 496c56361f57c2ca54931ebbc7d6c2cf C:\Windows\system32\eapphost.dll MD5: 91f434ff6606ed9bdc6a05d651b69553 C:\Windows\system32\efslsaext.dll MD5: 8444a7364d6877922049e99bf4b78c5c C:\Windows\system32\elscore.dll MD5: 02a2ed8497f437ea200df3aced255afe C:\Windows\system32\ElsLad.dll MD5: f34cfada6c48daa41b996d24c7d8d3ca C:\Windows\system32\fdPnp.dll MD5: c87f28a34b3840f4b40011d170b1a159 C:\Windows\system32\FVECERTS.dll MD5: d5cc5113671ac70993a5b46923212f16 C:\Windows\System32\FXSMON.DLL MD5: e2f6cc0d191361ee94fea3957653f531 C:\Windows\system32\hidphone.tsp MD5: 004763bdf8e48244dbb9fdfde3065ebc C:\Windows\System32\hkcmd.exe MD5: 0c7b28decceb403b8853f52664f26e9b C:\Windows\system32\IEFRAME.dll MD5: 438147dae79299a5a9240219942b4439 C:\Windows\System32\iepeers.dll MD5: 570c6b12e7bd623a85ea1f01c75c346a C:\Windows\system32\iertutil.dll MD5: f88391450bfdd2c789bd98ff54f51745 C:\Windows\system32\IEUI.dll MD5: aed01a07b3f9b7ac9ebec89ebe78b0a1 C:\Windows\system32\igfxdev.dll MD5: 2ac91779a31284c0f5ab36501b96264c C:\Windows\system32\igfxrENU.lrc MD5: ecf6459a9c158ba07877221cf86d9e81 C:\Windows\system32\igfxsrvc.dll MD5: 258a532cffaad910b5b14f27dcd7bfb3 C:\Windows\System32\inetpp.dll MD5: 0bd0665d8bfd321d3b5a898ed09d1df3 C:\Windows\system32\jscript.dll MD5: 0908dac8249e9ae1c73ef80595ac0bc6 C:\Windows\system32\jsproxy.dll MD5: 48744c796f25a52b2c229686eb86edd5 C:\Windows\system32\kerberos.DLL MD5: af75dba674e55221b7a055b0a4345f16 C:\Windows\system32\keyiso.dll MD5: f3fb146cdbdd26fcd0cf7941c547bee4 C:\Windows\system32\kmddsp.tsp MD5: c1585eaa67c37a05bf6f93726fafc069 c:\windows\system32\l2gpstore.dll MD5: 55ca01ba19d0006c8f2639b6c045e08b c:\windows\system32\lmhsvc.dll MD5: 724a74ba9b5832a91562d2ac393e540b C:\Windows\System32\localspl.dll MD5: 737cbbadaa3e35bec3609a8c175f4f74 C:\Windows\System32\LPRHELP.dll MD5: ac356e087b20596a77e5a5b0ef898493 C:\Windows\System32\LPRMon.dll MD5: 4ddf6d393ad49da2bec4875b0b516a74 C:\Windows\system32\lsasrv.dll MD5: 398dc10274c0cb861338cfc56e727c9f C:\Windows\System32\lsm.exe MD5: 4b381e429a2982dde8c0aeaae75a65e9 C:\Windows\system32\Macromed\Flash\NPSWF32.dll MD5: 88fbe86112db7e4feb77a4a15c95ebef C:\Windows\system32\MFC42u.DLL MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Windows\system32\MFC71.DLL MD5: 4eaf682e27490a3d45c0ebb6537ee6a8 C:\Windows\system32\modemui.dll MD5: 1816d4cf1a7cbb72298ab120059226d4 C:\Windows\System32\mshtml.dll MD5: 387a8a473ecc5ba02cf453277c1f3274 c:\windows\system32\mspatcha.dll MD5: c90878913df3dc504790282043db5f4c C:\Windows\system32\msprivs.DLL MD5: 4a1b9779c5d580745b63feacc3b4332f C:\Windows\system32\MSRATING.dll MD5: 0ce7a0ffbba93810384b6794c6901f4c C:\Windows\system32\MSSRCH.DLL MD5: 5f610783fbf01f9885d80a1db1a2f220 C:\Windows\system32\NCI.dll MD5: a4cc7227a452c4909f9499d91b184364 C:\Windows\system32\NCObjAPI.DLL MD5: 3f2deafc463d75611cb9c5e36a8ccf15 c:\windows\system32\ncsi.dll MD5: aa11a26692e0db2996caefe9ec61f61f C:\Windows\system32\ndptsp.tsp MD5: 6dcfaec6d1334aa6cdf8961db4633cbf C:\Windows\system32\negoexts.DLL MD5: c5b5ccdbf8ed1475240313ed88234e3f C:\Windows\system32\netcfgx.dll MD5: c1ae600c554a0ebc6cd211541fa6815f C:\Windows\system32\netjoin.dll MD5: eaa75d9000b71f10eec04d2ae6c60e81 C:\Windows\system32\netlogon.DLL MD5: 16707ec5fd029a4415b138796f0981ce c:\windows\system32\nrpsrv.DLL MD5: ba387e955e890c8a88306d9b8d06bf17 c:\windows\system32\nsisvc.dll MD5: 3bbf9937cc8c58e8b418b01bddb8d43b C:\Windows\SYSTEM32\ntdll.dll MD5: 5764c381949147ebcfb9a7134e2abf06 C:\Windows\system32\ODBC32.dll MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\Windows\system32\ole32.dll MD5: 06333b8d05d4f3a2af25eb14fc0a1dff C:\Windows\system32\OLEAUT32.dll MD5: 7e82616bee76bf5eaa5b30f681414e21 C:\Windows\system32\perftrack.dll MD5: 1037db1b66622baf05da45ed01f47439 C:\Windows\System32\PJLMON.DLL MD5: 37cc990d4e2cdfae12ac47f6b620fc13 C:\Windows\system32\pku2u.DLL MD5: 2862a3819bbc9757dd27bac41a4e0a3e C:\Windows\System32\pnidui.dll MD5: eecbca235e56ef1c772df6a19c560afb C:\Windows\system32\PortableDeviceApi.dll MD5: c693e642acfbdd76433af6be3c3eee6f C:\Windows\System32\portabledeviceconnectapi.dll MD5: dda6cfd632dcb8d9c72ada58799bf776 C:\Windows\System32\PrintIsolationProxy.dll MD5: 7ffd52d73352806969d424ef327d10a7 C:\Windows\system32\radardt.dll MD5: 75dd1448b57d1f9382a8b59ed8e3790b C:\Windows\System32\raschap.dll MD5: 98963bd29723a373009b017e87be9ce8 C:\Windows\system32\rasppp.dll MD5: b5c452baf3a3914ef87628252ea12feb C:\Windows\system32\rastapi.DLL MD5: 9015ee5171bcb15653da27024bd27128 C:\Windows\system32\RESUTILS.DLL MD5: 4bef53964dc519550ee030253fc1e25e C:\Windows\system32\SAMSRV.dll MD5: 0aef47e0a6b0cba8c9833d55298b2791 C:\Windows\system32\SAVRKBootTasks.sys MD5: 26073302daea83cc5b944c546d6b47d2 C:\Windows\system32\scecli.DLL MD5: 1c9cdbdf895a556e66aebfd93a36b536 C:\Windows\system32\SCESRV.dll MD5: 3369d021265e369d57317d61fa86dd79 C:\Windows\system32\scext.dll MD5: 21cf5c7d8d727dcc337a1d251b6135f4 C:\Windows\system32\schannel.DLL MD5: df1e5c82e4d09cf8105cc644980c4803 c:\windows\system32\schedsvc.dll MD5: 5f1b6a9c35d3d5ca72d6d6fdef9747d6 C:\Windows\System32\services.exe MD5: 16742790895960690237a5143cedec8b C:\Windows\System32\smss.exe MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll MD5: c00cc74fc1d7b3f4cb3f7bedd3482447 C:\Windows\system32\spool\PRTPROCS\W32X86\CNBPP4.DLL MD5: 063457262374b224226710d8db74c37c C:\Windows\system32\spool\PRTPROCS\W32X86\mdippr.dll MD5: dbd10464e7246c9e722025debc093d01 C:\Windows\system32\spool\PRTPROCS\W32X86\winprint.dll MD5: 629181c26a78eb66b0b4e774e5ac2882 C:\Windows\System32\SPOOLSS.DLL MD5: d1bb750eb51694de183e08b9c33be5b2 C:\Windows\System32\spoolsv.exe MD5: 4c287f9069fedbd791178876ee9de536 C:\Windows\system32\sppsvc.exe MD5: 8f6bf790d3168224c16f2af68a84438c c:\windows\system32\srvsvc.dll MD5: 2f94e3709f029512a1bd8f6c108d7b62 C:\Windows\system32\SSCORE.DLL MD5: 54c5eb1fd11027fb23bc4f79146ce159 C:\Windows\system32\SspiSrv.dll MD5: cf26eb925f557d4d70973c702c8e7a49 C:\Windows\System32\stacsv.exe MD5: 0486b27a7a31edfa9f92a7f6bbc964e5 C:\Windows\system32\stapi32.dll MD5: ed3f7b4548a13561278bf6018d1364a0 C:\Windows\system32\STLang.dll MD5: 8d908f346eedd752005a32787a6dcafa C:\Windows\System32\StructuredQuery.dll MD5: 364455805e64882844ee9acb72522830 C:\Windows\system32\sxssrv.DLL MD5: 8c7fe6b9559204765849bff308764fa5 C:\Windows\System32\SyncCenter.dll MD5: 4c4a3efcf258072b5e90ea66119b0a29 C:\Windows\system32\SynCOM.dll MD5: 1ba1aa0d8d204d71ddc77eca40e00d7d C:\Windows\system32\SynTPAPI.dll MD5: 04105c8da62353589c29bdaeb8d88bd8 c:\windows\system32\sysmain.dll MD5: ba51ffe170c5b3ae8ec4f5bd2581a29e C:\Windows\system32\SYSNTFY.dll MD5: ef8808fea65723214d79734bdb79ebf6 C:\Windows\system32\taskcomp.dll MD5: 21012407e8c74aa72bbb485b0fc197fe C:\Windows\system32\taskschd.dll MD5: eafc149cd3bd78c443e31bb157841197 C:\Windows\system32\tbs.dll MD5: 18ba660c7022422a9b3be14c37d7401e C:\Windows\System32\tbtmon.dll MD5: e015c3af4ebefcd47bb05781126898bd C:\Windows\System32\tbtmon98Language.dll MD5: b390c1d825c7687493bede237c6c2f25 C:\Windows\System32\tcpmon.dll MD5: a739793f1a4f04b66e2444e90ae9e694 C:\Windows\system32\tspkg.DLL MD5: 7222995615bf93b628dcea4bd6ccacf7 C:\Windows\system32\UBPM.dll MD5: 91da0906b27adc98b7cc9d17f6f8227c C:\Windows\system32\umb.dll MD5: 71def5ec79774c798342d0ea16e41780 c:\windows\system32\umpnpmgr.dll MD5: f45330f0364bc8223ef835ea5e3ebb8e C:\Windows\system32\unimdm.tsp MD5: 60c4bbebb57be996e38bd0ec98a36e91 C:\Windows\system32\unimdmat.dll MD5: e675de8cf57d8814218733b3dae896d7 C:\Windows\system32\uniplat.dll MD5: ca4d146eac05ec4ba5fc4936f3369627 C:\Windows\system32\urlmon.dll MD5: 923cdd30092db73ec4a0ebcddd16c686 C:\Windows\System32\usbmon.dll MD5: a12829e9974f57e9b5dbfea7c93190f6 C:\Windows\system32\UXINIT.dll MD5: 582c191f861d18b8c937fb9859b80e9c C:\Windows\system32\vpnike.dll MD5: 5ae88135c6a86fcd67ba16afbb1c8389 C:\Windows\system32\wbem\esscli.dll MD5: f148865e4ac4f715e322ea06e6e21d84 C:\Windows\system32\wbem\ncprov.dll MD5: 371e3b05894549113d07cd3081ed55ef C:\Windows\system32\wbem\repdrvfs.dll MD5: 801211dcfd6414ffa48bca661a76c6fa C:\Windows\system32\wbem\wbemcore.dll MD5: b350509b6c9296529bc464c60feeaef1 C:\Windows\system32\wbem\wbemess.dll MD5: 0e7441be4d8c31c7f94d4e09af8339c8 C:\Windows\system32\wbem\wmidcprv.dll MD5: b8f4a6990a6295159792b4ad189d460d C:\Windows\system32\wbem\wmiprvsd.dll MD5: 7790b77fe1e5ee47dcc66247095bb4c9 C:\Windows\system32\wbengine.exe MD5: 23d5ae191d918bb82fd8027e1ba869d4 C:\Windows\system32\wdiasqmmodule.dll MD5: 177df28315bf4300ecb5cbeeee961292 c:\windows\system32\webcheck.dll MD5: 4fb96aacf2f05c7357546becd7678863 C:\Windows\system32\webio.dll MD5: 4262220b609ad082ce66914172597a96 C:\Windows\System32\webservices.dll MD5: 9a6dedbe309aa0ce2c31ee6799b38e4f C:\Windows\System32\werconcpl.dll MD5: 2873dfe622f4a3929d93f7bc85ade13e c:\windows\system32\wevtsvc.dll MD5: 019c372b1a9da73a22d0d35a4d40f5c9 C:\Windows\system32\wfapigp.dll MD5: e0fe1259d88a89493098d9269144fd5f C:\Windows\system32\wiarpc.dll MD5: 2f998e1fca7749e836fdfafe88de9237 C:\Windows\System32\win32spl.dll MD5: 27cdaf355cce3762c7f13719e814418b C:\Windows\system32\WININET.dll MD5: b5c5dcad3899512020d135600129d665 C:\Windows\System32\wininit.exe MD5: 37cdb7e72eb66ba85a87cbe37e7f03fd C:\Windows\System32\winlogon.exe MD5: 827e4f75901ca3f990b1487d3301841e C:\Windows\system32\winsrv.DLL MD5: 81e1423a5d3f0f350307b537d33599fc c:\windows\system32\WLANMSM.DLL MD5: 20c06a50dfc097e134bc6fa8444ca9bc c:\windows\system32\WLANSEC.dll MD5: 749f9795f01c35eebe100a87d82b9681 c:\windows\system32\wlgpclnt.dll MD5: 633c2c060cf857099f6c4f8d75c952b1 C:\Windows\system32\wls0wndh.dll MD5: d412b1b72c5ab020218e9a047d90ca05 C:\Windows\system32\WMsgAPI.dll MD5: 7fd5532c142db6c9cc47aa4dcf71fdec C:\Windows\System32\wscui.cpl MD5: 206eccf79765e9f3fc6cca04114ee058 C:\Windows\System32\wsdapi.dll MD5: a8eb761de499242becf153b2b34f020e C:\Windows\System32\WSDMon.dll MD5: 596371a825c6abb55e436b6f0966a24f C:\Windows\System32\wsnmp32.dll MD5: dd4400813589985677a363f8a589cd02 C:\Windows\system32\wuapi.dll MD5: b0da80ff42a0819d162a86612896aaf2 C:\Windows\System32\wuauclt.exe MD5: a33408cc036f9c08142b11be5e93f0a1 c:\windows\system32\wuaueng.dll MD5: f6ad68cc45f5630a01ac4178cef10384 C:\Windows\system32\wucltux.dll MD5: 688975cea9add749e339168a2841205a c:\windows\system32\WUDFPlatform.dll MD5: 2b3d64e795f6080e02cfcd9b8553ae2f C:\Windows\system32\wups2.dll MD5: 5b3d1c528cd6674ff6bd1f6720f5a686 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll MD5: 4ccf86aad1b67168fb51a477307ec288 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\DrUpdate.dll MD5: 6b3e0452a8fd0f6a3063551e7f7705b8 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\smiengine.dll MD5: 9d1693d5a9224a4cd64dd57e3614fbcc C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\smiPI.dll MD5: 8896ef6deba34c5507a488729a1d3af2 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wcp.dll MD5: c9b89e87cb6d87fa4cc3f04ebc9f3d1c C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wrpint.dll MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.dll MD5: 4b8dd8541c0e26602005dd0137333615 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.02 MB sent, 1.45 KB recvd Scanned 1002 files and modules - 13 seconds ==============================================================================
  7. It will be this evening before I can get back to it so will run the scans tonight. Thanks!
  8. TDSSKiller finally ran, rebooted. Seems like a major hurdle we passed, I'm able to browse without any redirection. Here's the file: 2011/07/13 07:32:42.0089 1224 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/13 07:32:42.0479 1224 ================================================================================ 2011/07/13 07:32:42.0479 1224 SystemInfo: 2011/07/13 07:32:42.0479 1224 2011/07/13 07:32:42.0479 1224 OS Version: 6.1.7600 ServicePack: 0.0 2011/07/13 07:32:42.0479 1224 Product type: Workstation 2011/07/13 07:32:42.0479 1224 ComputerName: DEB-PC 2011/07/13 07:32:42.0479 1224 UserName: Deb 2011/07/13 07:32:42.0479 1224 Windows directory: C:\Windows 2011/07/13 07:32:42.0479 1224 System windows directory: C:\Windows 2011/07/13 07:32:42.0479 1224 Processor architecture: Intel x86 2011/07/13 07:32:42.0479 1224 Number of processors: 2 2011/07/13 07:32:42.0479 1224 Page size: 0x1000 2011/07/13 07:32:42.0479 1224 Boot type: Normal boot 2011/07/13 07:32:42.0479 1224 ================================================================================ 2011/07/13 07:32:43.0681 1224 Initialize success 2011/07/13 07:32:49.0072 2528 ================================================================================ 2011/07/13 07:32:49.0072 2528 Scan started 2011/07/13 07:32:49.0072 2528 Mode: Manual; 2011/07/13 07:32:49.0072 2528 ================================================================================ 2011/07/13 07:32:50.0550 2528 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/07/13 07:32:50.0810 2528 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/07/13 07:32:51.0026 2528 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/07/13 07:32:51.0121 2528 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/07/13 07:32:51.0161 2528 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/07/13 07:32:51.0211 2528 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/07/13 07:32:51.0464 2528 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 2011/07/13 07:32:51.0630 2528 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/07/13 07:32:51.0706 2528 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/07/13 07:32:51.0772 2528 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/07/13 07:32:51.0932 2528 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/07/13 07:32:51.0968 2528 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/07/13 07:32:52.0023 2528 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/07/13 07:32:52.0063 2528 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/07/13 07:32:52.0303 2528 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/07/13 07:32:52.0551 2528 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/07/13 07:32:52.0592 2528 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/07/13 07:32:52.0864 2528 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/07/13 07:32:53.0106 2528 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/07/13 07:32:53.0162 2528 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/07/13 07:32:53.0201 2528 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/13 07:32:53.0265 2528 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/07/13 07:32:53.0552 2528 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/07/13 07:32:53.0812 2528 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/07/13 07:32:54.0076 2528 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2011/07/13 07:32:54.0324 2528 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/07/13 07:32:54.0657 2528 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/07/13 07:32:54.0941 2528 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/13 07:32:55.0107 2528 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/07/13 07:32:55.0156 2528 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/07/13 07:32:55.0243 2528 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/07/13 07:32:55.0291 2528 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/07/13 07:32:55.0327 2528 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/07/13 07:32:55.0493 2528 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/07/13 07:32:55.0553 2528 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/07/13 07:32:56.0064 2528 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/13 07:32:56.0265 2528 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/13 07:32:56.0680 2528 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/07/13 07:32:56.0748 2528 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/07/13 07:32:56.0789 2528 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/13 07:32:56.0832 2528 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/07/13 07:32:56.0876 2528 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/07/13 07:32:57.0078 2528 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/13 07:32:57.0130 2528 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/07/13 07:32:57.0432 2528 connctfy (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys 2011/07/13 07:32:57.0468 2528 connctfyMP (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys 2011/07/13 07:32:57.0776 2528 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/07/13 07:32:58.0041 2528 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/07/13 07:32:58.0338 2528 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 2011/07/13 07:32:58.0414 2528 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/07/13 07:32:58.0682 2528 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/07/13 07:32:58.0899 2528 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS 2011/07/13 07:32:58.0938 2528 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS 2011/07/13 07:32:59.0027 2528 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS 2011/07/13 07:32:59.0064 2528 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS 2011/07/13 07:32:59.0157 2528 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS 2011/07/13 07:32:59.0180 2528 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS 2011/07/13 07:32:59.0213 2528 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS 2011/07/13 07:32:59.0251 2528 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS 2011/07/13 07:32:59.0289 2528 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS 2011/07/13 07:32:59.0322 2528 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS 2011/07/13 07:32:59.0409 2528 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/07/13 07:32:59.0660 2528 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS 2011/07/13 07:32:59.0682 2528 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS 2011/07/13 07:32:59.0830 2528 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 2011/07/13 07:32:59.0914 2528 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys 2011/07/13 07:33:00.0162 2528 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/13 07:33:00.0528 2528 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/07/13 07:33:00.0910 2528 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/07/13 07:33:01.0090 2528 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/07/13 07:33:01.0167 2528 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/07/13 07:33:01.0241 2528 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/07/13 07:33:01.0275 2528 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/13 07:33:01.0322 2528 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/07/13 07:33:01.0497 2528 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/07/13 07:33:01.0535 2528 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/13 07:33:01.0590 2528 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/07/13 07:33:01.0645 2528 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/07/13 07:33:01.0675 2528 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/13 07:33:01.0940 2528 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys 2011/07/13 07:33:02.0197 2528 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/07/13 07:33:02.0241 2528 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/07/13 07:33:02.0533 2528 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/07/13 07:33:02.0576 2528 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/13 07:33:02.0816 2528 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/07/13 07:33:02.0840 2528 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/07/13 07:33:02.0864 2528 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/07/13 07:33:03.0055 2528 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/07/13 07:33:03.0129 2528 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/07/13 07:33:03.0224 2528 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/07/13 07:33:03.0485 2528 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/07/13 07:33:03.0746 2528 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/07/13 07:33:03.0997 2528 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/07/13 07:33:04.0234 2528 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/13 07:33:04.0520 2528 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/07/13 07:33:04.0951 2528 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/07/13 07:33:05.0265 2528 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/07/13 07:33:05.0347 2528 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/07/13 07:33:05.0373 2528 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/13 07:33:05.0429 2528 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/13 07:33:05.0699 2528 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/07/13 07:33:05.0745 2528 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/07/13 07:33:06.0020 2528 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/07/13 07:33:06.0185 2528 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/07/13 07:33:06.0218 2528 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/13 07:33:06.0262 2528 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/13 07:33:06.0334 2528 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/07/13 07:33:06.0495 2528 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/13 07:33:06.0542 2528 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/07/13 07:33:06.0616 2528 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/13 07:33:06.0726 2528 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/07/13 07:33:06.0851 2528 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/07/13 07:33:06.0892 2528 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/07/13 07:33:06.0923 2528 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/07/13 07:33:06.0981 2528 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/07/13 07:33:07.0086 2528 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 2011/07/13 07:33:07.0337 2528 LVRS (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys 2011/07/13 07:33:07.0602 2528 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\Windows\system32\drivers\LVUSBSta.sys 2011/07/13 07:33:07.0896 2528 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/07/13 07:33:08.0056 2528 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/07/13 07:33:08.0114 2528 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/07/13 07:33:08.0172 2528 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/07/13 07:33:08.0221 2528 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/13 07:33:08.0280 2528 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/13 07:33:08.0463 2528 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/13 07:33:08.0538 2528 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/07/13 07:33:08.0578 2528 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/07/13 07:33:08.0656 2528 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/13 07:33:08.0728 2528 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/07/13 07:33:08.0839 2528 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/13 07:33:08.0921 2528 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/13 07:33:09.0002 2528 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/13 07:33:09.0077 2528 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/07/13 07:33:09.0132 2528 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/07/13 07:33:09.0276 2528 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/07/13 07:33:09.0354 2528 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/07/13 07:33:09.0376 2528 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/07/13 07:33:09.0485 2528 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/13 07:33:09.0586 2528 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/13 07:33:09.0673 2528 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/07/13 07:33:09.0711 2528 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/07/13 07:33:09.0759 2528 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/13 07:33:09.0801 2528 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/07/13 07:33:09.0909 2528 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/07/13 07:33:09.0980 2528 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/07/13 07:33:10.0041 2528 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/13 07:33:10.0266 2528 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/07/13 07:33:10.0536 2528 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/07/13 07:33:10.0816 2528 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/13 07:33:10.0950 2528 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/13 07:33:11.0010 2528 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/13 07:33:11.0035 2528 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/07/13 07:33:11.0153 2528 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/13 07:33:11.0292 2528 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/13 07:33:11.0533 2528 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 2011/07/13 07:33:11.0895 2528 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/07/13 07:33:12.0160 2528 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/07/13 07:33:12.0197 2528 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/13 07:33:12.0493 2528 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/07/13 07:33:12.0763 2528 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/07/13 07:33:12.0799 2528 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/07/13 07:33:13.0018 2528 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/07/13 07:33:13.0065 2528 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/07/13 07:33:13.0312 2528 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbmdm.sys 2011/07/13 07:33:13.0551 2528 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser.sys 2011/07/13 07:33:13.0787 2528 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\Windows\system32\DRIVERS\nwusbser2.sys 2011/07/13 07:33:13.0859 2528 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/07/13 07:33:14.0117 2528 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/07/13 07:33:14.0387 2528 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\Windows\system32\drivers\Partizan.sys 2011/07/13 07:33:14.0451 2528 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/07/13 07:33:14.0695 2528 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/07/13 07:33:14.0742 2528 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/07/13 07:33:14.0988 2528 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/07/13 07:33:15.0054 2528 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/07/13 07:33:15.0299 2528 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/07/13 07:33:15.0341 2528 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/07/13 07:33:15.0588 2528 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\Windows\system32\DRIVERS\lv302af.sys 2011/07/13 07:33:15.0956 2528 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS 2011/07/13 07:33:16.0344 2528 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\Windows\system32\DRIVERS\pnetmdm.sys 2011/07/13 07:33:16.0627 2528 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/13 07:33:16.0663 2528 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/07/13 07:33:16.0964 2528 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/13 07:33:17.0034 2528 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 2011/07/13 07:33:17.0331 2528 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/07/13 07:33:17.0593 2528 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/07/13 07:33:17.0644 2528 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/13 07:33:17.0887 2528 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/13 07:33:18.0076 2528 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/07/13 07:33:18.0114 2528 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/13 07:33:18.0168 2528 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/13 07:33:18.0244 2528 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/13 07:33:18.0282 2528 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/13 07:33:18.0519 2528 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/07/13 07:33:18.0548 2528 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/13 07:33:18.0806 2528 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/07/13 07:33:18.0877 2528 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/13 07:33:19.0034 2528 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/07/13 07:33:19.0141 2528 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/07/13 07:33:19.0193 2528 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/07/13 07:33:19.0400 2528 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\Windows\system32\Drivers\regguard.sys 2011/07/13 07:33:19.0696 2528 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/07/13 07:33:19.0943 2528 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/07/13 07:33:20.0205 2528 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/07/13 07:33:20.0468 2528 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys 2011/07/13 07:33:20.0759 2528 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/13 07:33:20.0819 2528 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/07/13 07:33:20.0986 2528 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/07/13 07:33:21.0043 2528 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/07/13 07:33:21.0210 2528 SAVRKBootTasks (0aef47e0a6b0cba8c9833d55298b2791) C:\Windows\system32\SAVRKBootTasks.sys 2011/07/13 07:33:21.0297 2528 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/07/13 07:33:21.0347 2528 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/07/13 07:33:21.0609 2528 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys 2011/07/13 07:33:21.0680 2528 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/07/13 07:33:21.0884 2528 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/07/13 07:33:21.0921 2528 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/07/13 07:33:21.0952 2528 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/07/13 07:33:22.0020 2528 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/07/13 07:33:22.0052 2528 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/07/13 07:33:22.0101 2528 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/07/13 07:33:22.0128 2528 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/07/13 07:33:22.0406 2528 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/07/13 07:33:22.0663 2528 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/07/13 07:33:22.0693 2528 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/07/13 07:33:22.0958 2528 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/07/13 07:33:23.0097 2528 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys 2011/07/13 07:33:23.0340 2528 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/07/13 07:33:23.0466 2528 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 2011/07/13 07:33:23.0509 2528 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/13 07:33:23.0574 2528 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/13 07:33:23.0876 2528 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/07/13 07:33:24.0065 2528 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys 2011/07/13 07:33:24.0180 2528 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/07/13 07:33:24.0433 2528 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/07/13 07:33:24.0675 2528 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/13 07:33:24.0936 2528 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys 2011/07/13 07:33:25.0071 2528 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys 2011/07/13 07:33:25.0383 2528 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/13 07:33:25.0629 2528 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/13 07:33:25.0667 2528 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/07/13 07:33:25.0877 2528 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/07/13 07:33:25.0931 2528 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/13 07:33:26.0210 2528 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/13 07:33:26.0494 2528 tosporte (90afa1a4451bbbee87c9f18a665d8121) C:\Windows\system32\DRIVERS\tosporte.sys 2011/07/13 07:33:26.0534 2528 tosrfbd (b168b345fb7073930c31e0d8b85e8353) C:\Windows\system32\DRIVERS\tosrfbd.sys 2011/07/13 07:33:26.0780 2528 tosrfbnp (74392bab3f0d4810da8436ec79d6955d) C:\Windows\system32\Drivers\tosrfbnp.sys 2011/07/13 07:33:26.0941 2528 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\Windows\system32\Drivers\tosrfcom.sys 2011/07/13 07:33:26.0975 2528 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\Windows\system32\DRIVERS\Tosrfhid.sys 2011/07/13 07:33:27.0019 2528 tosrfnds (b2a1a6538245fd69578224bbf2fd4677) C:\Windows\system32\DRIVERS\tosrfnds.sys 2011/07/13 07:33:27.0107 2528 TosRfSnd (8b877e24550e7962da820c8c354ec33a) C:\Windows\system32\drivers\tosrfsnd.sys 2011/07/13 07:33:27.0146 2528 Tosrfusb (97529d04178bf604c62c5be4b8bb2129) C:\Windows\system32\DRIVERS\tosrfusb.sys 2011/07/13 07:33:27.0413 2528 truecrypt (6ec1d6ed5471c99ffc38abe498a6df08) C:\Windows\system32\drivers\truecrypt.sys 2011/07/13 07:33:27.0495 2528 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/13 07:33:27.0773 2528 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/13 07:33:27.0817 2528 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/07/13 07:33:28.0080 2528 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/13 07:33:28.0142 2528 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/07/13 07:33:28.0366 2528 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/13 07:33:28.0400 2528 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/07/13 07:33:28.0678 2528 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys 2011/07/13 07:33:28.0742 2528 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/07/13 07:33:28.0975 2528 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/13 07:33:29.0021 2528 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/07/13 07:33:29.0264 2528 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/13 07:33:29.0414 2528 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/13 07:33:29.0458 2528 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/07/13 07:33:29.0512 2528 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/13 07:33:29.0586 2528 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/13 07:33:29.0855 2528 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/13 07:33:29.0993 2528 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/13 07:33:30.0068 2528 VAD_DEV (cc861da7c724f1da4f5eaf4c734fac35) C:\Windows\system32\drivers\vad.sys 2011/07/13 07:33:30.0100 2528 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/07/13 07:33:30.0194 2528 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/13 07:33:30.0333 2528 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/07/13 07:33:30.0360 2528 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/07/13 07:33:30.0398 2528 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/07/13 07:33:30.0440 2528 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/07/13 07:33:30.0466 2528 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/07/13 07:33:30.0539 2528 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/07/13 07:33:30.0593 2528 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/07/13 07:33:30.0764 2528 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/07/13 07:33:30.0803 2528 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/07/13 07:33:30.0841 2528 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/07/13 07:33:30.0914 2528 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/07/13 07:33:31.0095 2528 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/07/13 07:33:31.0166 2528 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/07/13 07:33:31.0220 2528 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/13 07:33:31.0238 2528 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/13 07:33:31.0545 2528 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/07/13 07:33:31.0601 2528 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/13 07:33:31.0901 2528 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/07/13 07:33:31.0935 2528 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/07/13 07:33:32.0115 2528 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/07/13 07:33:32.0353 2528 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys 2011/07/13 07:33:32.0457 2528 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/07/13 07:33:32.0543 2528 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/13 07:33:32.0812 2528 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/07/13 07:33:33.0055 2528 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/13 07:33:33.0340 2528 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 2011/07/13 07:33:33.0446 2528 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0 2011/07/13 07:33:33.0454 2528 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0) 2011/07/13 07:33:33.0483 2528 Boot (0x1200) (bc9cd048448c2344054c902f23be94aa) \Device\Harddisk0\DR0\Partition0 2011/07/13 07:33:33.0513 2528 Boot (0x1200) (098c575b32536464c4219260573040f1) \Device\Harddisk0\DR0\Partition1 2011/07/13 07:33:33.0524 2528 ================================================================================ 2011/07/13 07:33:33.0524 2528 Scan finished 2011/07/13 07:33:33.0524 2528 ================================================================================ 2011/07/13 07:33:33.0545 3500 Detected object count: 1 2011/07/13 07:33:33.0545 3500 Actual detected object count: 1 2011/07/13 07:36:45.0702 3500 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot 2011/07/13 07:36:45.0703 3500 \Device\Harddisk0\DR0 - ok 2011/07/13 07:36:45.0704 3500 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/13 07:36:57.0894 2828 Deinitialize success
  9. Report too large, zipped and attached. Let me know if you'd rather have it in 2 posts. Thanks FmC Report.zip
  10. Long scan, will upload the log later tonight. Had to leave Teamviewer open, internet connected to manage scan. Hope that doesn't affect results.
  11. Had a bit of a problem with the GMER scan: started it 630am today, was still running at 2pm. Had my wife stop the scan, reboot, disconnect from internet and restart scan. Finished in less than an hour, hope I didn't mess it up. Here's the log: GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-12 17:01:37 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541680J9SA00 rev.SB2OC74P Running: yj5sso6p.exe; Driver: C:\Users\Deb\AppData\Local\Temp\pwldapow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E95569 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text peauth.sys AE611C9D 28 Bytes [44, 05, BC, 71, E9, C7, 2B, ...] .text peauth.sys AE611CC1 28 Bytes [44, 05, BC, 71, E9, C7, 2B, ...] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] USER32.dll!UnhookWindowsHookEx 75EDCC7B 5 Bytes JMP 727183AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] USER32.dll!CreateWindowExW 75EE0E51 5 Bytes JMP 72708187 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] USER32.dll!DialogBoxParamW 75F0564A 5 Bytes JMP 72624B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] ole32.dll!CoCreateInstance 7590590C 5 Bytes JMP 72708C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] WININET.dll!HttpAddRequestHeadersA 76449ABA 5 Bytes JMP 00F668C7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] WININET.dll!HttpAddRequestHeadersW 76450848 5 Bytes JMP 00F66AD2 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] WS2_32.dll!closesocket 75B33BED 5 Bytes JMP 0048000A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] WS2_32.dll!recv 75B347DF 5 Bytes JMP 0046000A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] WS2_32.dll!connect 75B348BE 5 Bytes JMP 0047000A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] WS2_32.dll!getaddrinfo 75B36737 5 Bytes JMP 00FA000A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] WS2_32.dll!send 75B3C4C8 5 Bytes JMP 0049000A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[976] WS2_32.dll!gethostbyname 75B47133 5 Bytes JMP 00F9000A .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3812] USER32.dll!CreateWindowExW 75EE0E51 5 Bytes JMP 72708187 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3812] USER32.dll!DialogBoxParamW 75F0564A 5 Bytes JMP 72624B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3812] WININET.dll!HttpAddRequestHeadersA 76449ABA 5 Bytes JMP 012068C7 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3812] WININET.dll!HttpAddRequestHeadersW 76450848 5 Bytes JMP 01206AD2 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000005b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:204] 8673B0B3 Thread System [4:216] 8673C7FB ---- EOF - GMER 1.0.15 ----
  12. Working on this laptop remotely. Will be tomorrow before I get the results. Thanks for your help and patience.
  13. D-Fred, Thanks again for the help. I'm still not able to zip the .DAT file, it only gives me the option to send to CD/DVD drive so I've attached the file. Not sure if you wanted both MBR check files so I've attached them anyway. First MBR check: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: MXC062 Logical Drives Mask: 0x0000001c Kernel Drivers (total 179): 0x82E3B000 \SystemRoot\system32\ntkrnlpa.exe 0x82E04000 \SystemRoot\system32\halmacpi.dll 0x80BA9000 \SystemRoot\system32\kdcom.dll 0x83434000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x834AC000 \SystemRoot\system32\PSHED.dll 0x834BD000 \SystemRoot\system32\BOOTVID.dll 0x834C5000 \SystemRoot\system32\CLFS.SYS 0x83507000 \SystemRoot\system32\CI.dll 0x8361D000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8368E000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8369C000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x836E4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x836ED000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x836F5000 \SystemRoot\system32\DRIVERS\pci.sys 0x8371F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8372A000 \SystemRoot\System32\drivers\partmgr.sys 0x8373B000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x83743000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8374E000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8375E000 \SystemRoot\System32\drivers\volmgrx.sys 0x837A9000 \SystemRoot\system32\DRIVERS\intelide.sys 0x837B0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x837BE000 \SystemRoot\System32\drivers\mountmgr.sys 0x837D4000 \SystemRoot\system32\DRIVERS\atapi.sys 0x837DD000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x83600000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x835B2000 \SystemRoot\system32\drivers\fltmgr.sys 0x83609000 \SystemRoot\system32\drivers\fileinfo.sys 0x835E6000 \SystemRoot\System32\Drivers\DRVMCDB.SYS 0x83400000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8BC2F000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BD5E000 \SystemRoot\System32\Drivers\msrpc.sys 0x8BD89000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8BD9C000 \SystemRoot\System32\Drivers\cng.sys 0x8BC00000 \SystemRoot\System32\drivers\pcw.sys 0x8BC0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8BE27000 \SystemRoot\system32\drivers\ndis.sys 0x8BEDE000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BF1C000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8C02C000 \SystemRoot\System32\drivers\tcpip.sys 0x8C175000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8C1A6000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8C1AF000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8C1EE000 \SystemRoot\System32\Drivers\spldr.sys 0x8BF41000 \SystemRoot\System32\drivers\rdyboost.sys 0x8C000000 \SystemRoot\System32\Drivers\mup.sys 0x8C010000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BF6E000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8C018000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BFA0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BE00000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8BE1F000 \??\C:\Windows\system32\SAVRKBootTasks.sys 0x8C029000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0x8BFEE000 \SystemRoot\System32\Drivers\Null.SYS 0x8BFF5000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BC17000 \SystemRoot\System32\Drivers\DLARTL_M.SYS 0x8BC1D000 \SystemRoot\System32\drivers\vga.sys 0x83409000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x93001000 \SystemRoot\System32\drivers\watchdog.sys 0x9300E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x93016000 \SystemRoot\system32\drivers\rdpencdd.sys 0x9301E000 \SystemRoot\system32\drivers\rdprefmp.sys 0x93026000 \SystemRoot\System32\Drivers\Msfs.SYS 0x93031000 \SystemRoot\System32\Drivers\Npfs.SYS 0x9303F000 \SystemRoot\system32\DRIVERS\tdx.sys 0x93056000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x93061000 \SystemRoot\System32\DRIVERS\netbt.sys 0x93093000 \SystemRoot\system32\drivers\afd.sys 0x930ED000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x930F4000 \SystemRoot\system32\DRIVERS\pacer.sys 0x93113000 \SystemRoot\system32\DRIVERS\netbios.sys 0x93121000 \SystemRoot\System32\Drivers\tosrfcom.sys 0x93131000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x93144000 \SystemRoot\System32\drivers\truecrypt.sys 0x93179000 \SystemRoot\system32\DRIVERS\termdd.sys 0x93189000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x931AB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x931B1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x931F2000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8342A000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x92E1F000 \SystemRoot\System32\drivers\discache.sys 0x92E2B000 \SystemRoot\system32\drivers\csc.sys 0x92E8F000 \SystemRoot\System32\Drivers\dfsc.sys 0x92EA7000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x92EB5000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x92ED6000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x92EE8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x92EF1000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x9342E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x93937000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x92EF5000 \SystemRoot\System32\drivers\dxgmms1.sys 0x93400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x93C31000 \SystemRoot\system32\DRIVERS\netw5v32.sys 0x94044000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x9404F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x9409A000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x940A9000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0x940BA000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x940E6000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x940FF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x9410D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x94121000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x94172000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x9418A000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x941B5000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x941B7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x941C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x941D1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x941D7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x941ED000 \SystemRoot\system32\drivers\vad.sys 0x93C00000 \SystemRoot\system32\drivers\portcls.sys 0x92F2E000 \SystemRoot\system32\drivers\drmk.sys 0x92F47000 \SystemRoot\system32\drivers\ks.sys 0x939EE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x92F7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x941F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x92F93000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x92FB5000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x92FCD000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x92FE4000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x9341F000 \SystemRoot\system32\DRIVERS\connctfy.sys 0x941FC000 \SystemRoot\system32\DRIVERS\pnetmdm.sys 0x92E00000 \SystemRoot\system32\drivers\modem.sys 0x92E0D000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x93C2F000 \SystemRoot\system32\DRIVERS\swenum.sys 0x9463C000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9464A000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x9468E000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x946A8000 \SystemRoot\system32\drivers\stwrt.sys 0x9474B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x94400000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x94503000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x945B7000 \SystemRoot\system32\DRIVERS\tosporte.sys 0x945C2000 \SystemRoot\System32\Drivers\crashdmp.sys 0x945CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x945DA000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x945E3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x95D90000 \SystemRoot\System32\win32k.sys 0x945F4000 \SystemRoot\System32\drivers\Dxapi.sys 0x95FF0000 \SystemRoot\System32\TSDDD.dll 0x95C20000 \SystemRoot\System32\cdd.dll 0x95C40000 \SystemRoot\System32\ATMFD.DLL 0x94793000 \SystemRoot\system32\drivers\luafv.sys 0x947AE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0x945FE000 \SystemRoot\System32\DLA\DLADResM.SYS 0x947B9000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0x947D1000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0x947D6000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0x947D8000 \SystemRoot\system32\drivers\WudfPf.sys 0x947F2000 \SystemRoot\System32\DLA\DLABMFSM.SYS 0x947F9000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0x94600000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0x94616000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0x8BFC5000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x97C01000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x97C47000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x97C57000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x97C6A000 \SystemRoot\system32\drivers\HTTP.sys 0x97CEF000 \SystemRoot\system32\DRIVERS\bowser.sys 0x97D08000 \SystemRoot\System32\drivers\mpsdrv.sys 0x97D1A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x97D3D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x97D78000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x97DAB000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys 0x97DAD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xAF215000 \SystemRoot\system32\drivers\peauth.sys 0xAF2AC000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAF2B6000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xAF2D7000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAF2E4000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xAF2EC000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAF33B000 \SystemRoot\System32\DRIVERS\srv.sys 0xAF38D000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys 0xAF392000 \SystemRoot\System32\Drivers\fastfat.SYS 0xBF0A5000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xBF0C4000 \SystemRoot\system32\DRIVERS\monitor.sys 0x77590000 \Windows\System32\ntdll.dll 0x47B00000 \Windows\System32\smss.exe 0x777D0000 \Windows\System32\apisetschema.dll Processes (total 52): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 436 csrss.exe 488 C:\Windows\System32\wininit.exe 500 csrss.exe 552 C:\Windows\System32\services.exe 576 C:\Windows\System32\winlogon.exe 588 C:\Windows\System32\lsass.exe 596 C:\Windows\System32\lsm.exe 712 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\svchost.exe 892 C:\Windows\System32\svchost.exe 952 C:\Windows\System32\svchost.exe 980 C:\Windows\System32\svchost.exe 1092 C:\Windows\System32\svchost.exe 1260 C:\Windows\System32\svchost.exe 1484 C:\Windows\System32\spoolsv.exe 1524 C:\Windows\System32\svchost.exe 1616 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1636 C:\Program Files\Bonjour\mDNSResponder.exe 1700 C:\Program Files\Connectify\Connectifyd.exe 1888 C:\Windows\System32\svchost.exe 1912 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 1964 C:\Windows\System32\taskhost.exe 376 C:\Windows\System32\dwm.exe 484 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 1740 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 2112 C:\Program Files\Dell Support Center\bin\sprtsvc.exe 2144 C:\Windows\System32\stacsv.exe 2280 C:\Windows\System32\svchost.exe 2360 C:\Windows\System32\drivers\XAudio.exe 2428 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 3796 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3816 C:\Windows\sttray.exe 3828 C:\Windows\System32\hkcmd.exe 3840 C:\Windows\System32\igfxpers.exe 3852 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 3868 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe 3896 C:\Program Files\PdaNet for Android\PdaNetPC.exe 3944 C:\Windows\System32\igfxsrvc.exe 2872 C:\Windows\System32\SearchIndexer.exe 3836 C:\Windows\System32\svchost.exe 4508 C:\Windows\System32\wuauclt.exe 2844 C:\Windows\explorer.exe 3340 C:\Users\Deb\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe 5960 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 4208 C:\Program Files\Internet Explorer\iexplore.exe 3588 C:\Program Files\Internet Explorer\iexplore.exe 3620 C:\Users\Deb\Desktop\MBRCheck.exe 4308 C:\Windows\System32\conhost.exe 3548 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC74P Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0... Enter filename to dump to: mbr-dump.datDumped successfully! Enter the physical disk number to dump (0-99, -1 to exit): -1 Done! Second MBR check: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: MXC062 Logical Drives Mask: 0x0000001c Kernel Drivers (total 179): 0x82E3B000 \SystemRoot\system32\ntkrnlpa.exe 0x82E04000 \SystemRoot\system32\halmacpi.dll 0x80BA9000 \SystemRoot\system32\kdcom.dll 0x83434000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x834AC000 \SystemRoot\system32\PSHED.dll 0x834BD000 \SystemRoot\system32\BOOTVID.dll 0x834C5000 \SystemRoot\system32\CLFS.SYS 0x83507000 \SystemRoot\system32\CI.dll 0x8361D000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8368E000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8369C000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x836E4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x836ED000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x836F5000 \SystemRoot\system32\DRIVERS\pci.sys 0x8371F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8372A000 \SystemRoot\System32\drivers\partmgr.sys 0x8373B000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x83743000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8374E000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8375E000 \SystemRoot\System32\drivers\volmgrx.sys 0x837A9000 \SystemRoot\system32\DRIVERS\intelide.sys 0x837B0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x837BE000 \SystemRoot\System32\drivers\mountmgr.sys 0x837D4000 \SystemRoot\system32\DRIVERS\atapi.sys 0x837DD000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x83600000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x835B2000 \SystemRoot\system32\drivers\fltmgr.sys 0x83609000 \SystemRoot\system32\drivers\fileinfo.sys 0x835E6000 \SystemRoot\System32\Drivers\DRVMCDB.SYS 0x83400000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8BC2F000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BD5E000 \SystemRoot\System32\Drivers\msrpc.sys 0x8BD89000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8BD9C000 \SystemRoot\System32\Drivers\cng.sys 0x8BC00000 \SystemRoot\System32\drivers\pcw.sys 0x8BC0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8BE27000 \SystemRoot\system32\drivers\ndis.sys 0x8BEDE000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BF1C000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8C02C000 \SystemRoot\System32\drivers\tcpip.sys 0x8C175000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8C1A6000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8C1AF000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8C1EE000 \SystemRoot\System32\Drivers\spldr.sys 0x8BF41000 \SystemRoot\System32\drivers\rdyboost.sys 0x8C000000 \SystemRoot\System32\Drivers\mup.sys 0x8C010000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BF6E000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8C018000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BFA0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BE00000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8BE1F000 \??\C:\Windows\system32\SAVRKBootTasks.sys 0x8C029000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0x8BFEE000 \SystemRoot\System32\Drivers\Null.SYS 0x8BFF5000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BC17000 \SystemRoot\System32\Drivers\DLARTL_M.SYS 0x8BC1D000 \SystemRoot\System32\drivers\vga.sys 0x83409000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x93001000 \SystemRoot\System32\drivers\watchdog.sys 0x9300E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x93016000 \SystemRoot\system32\drivers\rdpencdd.sys 0x9301E000 \SystemRoot\system32\drivers\rdprefmp.sys 0x93026000 \SystemRoot\System32\Drivers\Msfs.SYS 0x93031000 \SystemRoot\System32\Drivers\Npfs.SYS 0x9303F000 \SystemRoot\system32\DRIVERS\tdx.sys 0x93056000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x93061000 \SystemRoot\System32\DRIVERS\netbt.sys 0x93093000 \SystemRoot\system32\drivers\afd.sys 0x930ED000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x930F4000 \SystemRoot\system32\DRIVERS\pacer.sys 0x93113000 \SystemRoot\system32\DRIVERS\netbios.sys 0x93121000 \SystemRoot\System32\Drivers\tosrfcom.sys 0x93131000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x93144000 \SystemRoot\System32\drivers\truecrypt.sys 0x93179000 \SystemRoot\system32\DRIVERS\termdd.sys 0x93189000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x931AB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x931B1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x931F2000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8342A000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x92E1F000 \SystemRoot\System32\drivers\discache.sys 0x92E2B000 \SystemRoot\system32\drivers\csc.sys 0x92E8F000 \SystemRoot\System32\Drivers\dfsc.sys 0x92EA7000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x92EB5000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x92ED6000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x92EE8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x92EF1000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x9342E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x93937000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x92EF5000 \SystemRoot\System32\drivers\dxgmms1.sys 0x93400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x93C31000 \SystemRoot\system32\DRIVERS\netw5v32.sys 0x94044000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x9404F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x9409A000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x940A9000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0x940BA000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x940E6000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x940FF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x9410D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x94121000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x94172000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x9418A000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x941B5000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x941B7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x941C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x941D1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x941D7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x941ED000 \SystemRoot\system32\drivers\vad.sys 0x93C00000 \SystemRoot\system32\drivers\portcls.sys 0x92F2E000 \SystemRoot\system32\drivers\drmk.sys 0x92F47000 \SystemRoot\system32\drivers\ks.sys 0x939EE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x92F7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x941F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x92F93000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x92FB5000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x92FCD000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x92FE4000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x9341F000 \SystemRoot\system32\DRIVERS\connctfy.sys 0x941FC000 \SystemRoot\system32\DRIVERS\pnetmdm.sys 0x92E00000 \SystemRoot\system32\drivers\modem.sys 0x92E0D000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x93C2F000 \SystemRoot\system32\DRIVERS\swenum.sys 0x9463C000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9464A000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x9468E000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x946A8000 \SystemRoot\system32\drivers\stwrt.sys 0x9474B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x94400000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x94503000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x945B7000 \SystemRoot\system32\DRIVERS\tosporte.sys 0x945C2000 \SystemRoot\System32\Drivers\crashdmp.sys 0x945CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x945DA000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x945E3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x95D90000 \SystemRoot\System32\win32k.sys 0x945F4000 \SystemRoot\System32\drivers\Dxapi.sys 0x95FF0000 \SystemRoot\System32\TSDDD.dll 0x95C20000 \SystemRoot\System32\cdd.dll 0x95C40000 \SystemRoot\System32\ATMFD.DLL 0x94793000 \SystemRoot\system32\drivers\luafv.sys 0x947AE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0x945FE000 \SystemRoot\System32\DLA\DLADResM.SYS 0x947B9000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0x947D1000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0x947D6000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0x947D8000 \SystemRoot\system32\drivers\WudfPf.sys 0x947F2000 \SystemRoot\System32\DLA\DLABMFSM.SYS 0x947F9000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0x94600000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0x94616000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0x8BFC5000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x97C01000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x97C47000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x97C57000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x97C6A000 \SystemRoot\system32\drivers\HTTP.sys 0x97CEF000 \SystemRoot\system32\DRIVERS\bowser.sys 0x97D08000 \SystemRoot\System32\drivers\mpsdrv.sys 0x97D1A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x97D3D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x97D78000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x97DAB000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys 0x97DAD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xAF215000 \SystemRoot\system32\drivers\peauth.sys 0xAF2AC000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAF2B6000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xAF2D7000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAF2E4000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xAF2EC000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAF33B000 \SystemRoot\System32\DRIVERS\srv.sys 0xAF38D000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys 0xAF392000 \SystemRoot\System32\Drivers\fastfat.SYS 0xBF0A5000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xBF0C4000 \SystemRoot\system32\DRIVERS\monitor.sys 0x77590000 \Windows\System32\ntdll.dll 0x47B00000 \Windows\System32\smss.exe 0x777D0000 \Windows\System32\apisetschema.dll Processes (total 52): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 436 csrss.exe 488 C:\Windows\System32\wininit.exe 500 csrss.exe 552 C:\Windows\System32\services.exe 576 C:\Windows\System32\winlogon.exe 588 C:\Windows\System32\lsass.exe 596 C:\Windows\System32\lsm.exe 712 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\svchost.exe 892 C:\Windows\System32\svchost.exe 952 C:\Windows\System32\svchost.exe 980 C:\Windows\System32\svchost.exe 1092 C:\Windows\System32\svchost.exe 1260 C:\Windows\System32\svchost.exe 1484 C:\Windows\System32\spoolsv.exe 1524 C:\Windows\System32\svchost.exe 1616 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1636 C:\Program Files\Bonjour\mDNSResponder.exe 1700 C:\Program Files\Connectify\Connectifyd.exe 1888 C:\Windows\System32\svchost.exe 1912 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 1964 C:\Windows\System32\taskhost.exe 376 C:\Windows\System32\dwm.exe 484 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 1740 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 2112 C:\Program Files\Dell Support Center\bin\sprtsvc.exe 2144 C:\Windows\System32\stacsv.exe 2280 C:\Windows\System32\svchost.exe 2360 C:\Windows\System32\drivers\XAudio.exe 2428 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 3796 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3816 C:\Windows\sttray.exe 3828 C:\Windows\System32\hkcmd.exe 3840 C:\Windows\System32\igfxpers.exe 3852 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 3868 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe 3896 C:\Program Files\PdaNet for Android\PdaNetPC.exe 3944 C:\Windows\System32\igfxsrvc.exe 2872 C:\Windows\System32\SearchIndexer.exe 3836 C:\Windows\System32\svchost.exe 4508 C:\Windows\System32\wuauclt.exe 2844 C:\Windows\explorer.exe 3340 C:\Users\Deb\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe 5960 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 4208 C:\Program Files\Internet Explorer\iexplore.exe 3588 C:\Program Files\Internet Explorer\iexplore.exe 4092 C:\Users\Deb\Desktop\MBRCheck.exe 5688 C:\Windows\System32\conhost.exe 4100 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC74P Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes: [ 0] Default (Windows 7) [ 1] Windows XP [ 2] Windows Server 2003 [ 3] Windows Vista [ 4] Windows 2008 [ 5] Windows 7 [-1] Cancel Please select the MBR code to write to this drive: 5 Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES Successfully wrote new MBR code! Please reboot your computer to complete the fix. Done! I am still getting redirected on searches. I'm thinking maybe a good swift kick to the hard drive might cure it.... THanks.
  14. And a side note: I am able to click on links in my search engines now and get to a page but it's a redirect.
  15. Good morning, D-Fred (morning here anyway) Here this morning's MBRcheck log. I am still unable to get TDSSKiller to run. MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: MXC062 Logical Drives Mask: 0x0000001c Kernel Drivers (total 179): 0x82E3B000 \SystemRoot\system32\ntkrnlpa.exe 0x82E04000 \SystemRoot\system32\halmacpi.dll 0x80BA9000 \SystemRoot\system32\kdcom.dll 0x83434000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x834AC000 \SystemRoot\system32\PSHED.dll 0x834BD000 \SystemRoot\system32\BOOTVID.dll 0x834C5000 \SystemRoot\system32\CLFS.SYS 0x83507000 \SystemRoot\system32\CI.dll 0x8361D000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8368E000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8369C000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x836E4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x836ED000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x836F5000 \SystemRoot\system32\DRIVERS\pci.sys 0x8371F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8372A000 \SystemRoot\System32\drivers\partmgr.sys 0x8373B000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x83743000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8374E000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8375E000 \SystemRoot\System32\drivers\volmgrx.sys 0x837A9000 \SystemRoot\system32\DRIVERS\intelide.sys 0x837B0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x837BE000 \SystemRoot\System32\drivers\mountmgr.sys 0x837D4000 \SystemRoot\system32\DRIVERS\atapi.sys 0x837DD000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x83600000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x835B2000 \SystemRoot\system32\drivers\fltmgr.sys 0x83609000 \SystemRoot\system32\drivers\fileinfo.sys 0x835E6000 \SystemRoot\System32\Drivers\DRVMCDB.SYS 0x83400000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8BC2F000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BD5E000 \SystemRoot\System32\Drivers\msrpc.sys 0x8BD89000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8BD9C000 \SystemRoot\System32\Drivers\cng.sys 0x8BC00000 \SystemRoot\System32\drivers\pcw.sys 0x8BC0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8BE27000 \SystemRoot\system32\drivers\ndis.sys 0x8BEDE000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BF1C000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8C02C000 \SystemRoot\System32\drivers\tcpip.sys 0x8C175000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8C1A6000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8C1AF000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8C1EE000 \SystemRoot\System32\Drivers\spldr.sys 0x8BF41000 \SystemRoot\System32\drivers\rdyboost.sys 0x8C000000 \SystemRoot\System32\Drivers\mup.sys 0x8C010000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BF6E000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8C018000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BFA0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BE00000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8BE1F000 \??\C:\Windows\system32\SAVRKBootTasks.sys 0x8C029000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0x8BFEE000 \SystemRoot\System32\Drivers\Null.SYS 0x8BFF5000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BC17000 \SystemRoot\System32\Drivers\DLARTL_M.SYS 0x8BC1D000 \SystemRoot\System32\drivers\vga.sys 0x83409000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x93001000 \SystemRoot\System32\drivers\watchdog.sys 0x9300E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x93016000 \SystemRoot\system32\drivers\rdpencdd.sys 0x9301E000 \SystemRoot\system32\drivers\rdprefmp.sys 0x93026000 \SystemRoot\System32\Drivers\Msfs.SYS 0x93031000 \SystemRoot\System32\Drivers\Npfs.SYS 0x9303F000 \SystemRoot\system32\DRIVERS\tdx.sys 0x93056000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x93061000 \SystemRoot\System32\DRIVERS\netbt.sys 0x93093000 \SystemRoot\system32\drivers\afd.sys 0x930ED000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x930F4000 \SystemRoot\system32\DRIVERS\pacer.sys 0x93113000 \SystemRoot\system32\DRIVERS\netbios.sys 0x93121000 \SystemRoot\System32\Drivers\tosrfcom.sys 0x93131000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x93144000 \SystemRoot\System32\drivers\truecrypt.sys 0x93179000 \SystemRoot\system32\DRIVERS\termdd.sys 0x93189000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x931AB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x931B1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x931F2000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8342A000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x92E1F000 \SystemRoot\System32\drivers\discache.sys 0x92E2B000 \SystemRoot\system32\drivers\csc.sys 0x92E8F000 \SystemRoot\System32\Drivers\dfsc.sys 0x92EA7000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x92EB5000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x92ED6000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x92EE8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x92EF1000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x9342E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x93937000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x92EF5000 \SystemRoot\System32\drivers\dxgmms1.sys 0x93400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x93C31000 \SystemRoot\system32\DRIVERS\netw5v32.sys 0x94044000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x9404F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x9409A000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x940A9000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0x940BA000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x940E6000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x940FF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x9410D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x94121000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x94172000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x9418A000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x941B5000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x941B7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x941C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x941D1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x941D7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x941ED000 \SystemRoot\system32\drivers\vad.sys 0x93C00000 \SystemRoot\system32\drivers\portcls.sys 0x92F2E000 \SystemRoot\system32\drivers\drmk.sys 0x92F47000 \SystemRoot\system32\drivers\ks.sys 0x939EE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x92F7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x941F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x92F93000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x92FB5000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x92FCD000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x92FE4000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x9341F000 \SystemRoot\system32\DRIVERS\connctfy.sys 0x941FC000 \SystemRoot\system32\DRIVERS\pnetmdm.sys 0x92E00000 \SystemRoot\system32\drivers\modem.sys 0x92E0D000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x93C2F000 \SystemRoot\system32\DRIVERS\swenum.sys 0x9463C000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9464A000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x9468E000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x946A8000 \SystemRoot\system32\drivers\stwrt.sys 0x9474B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x94400000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x94503000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x945B7000 \SystemRoot\system32\DRIVERS\tosporte.sys 0x945C2000 \SystemRoot\System32\Drivers\crashdmp.sys 0x945CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x945DA000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x945E3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x95D90000 \SystemRoot\System32\win32k.sys 0x945F4000 \SystemRoot\System32\drivers\Dxapi.sys 0x95FF0000 \SystemRoot\System32\TSDDD.dll 0x95C20000 \SystemRoot\System32\cdd.dll 0x95C40000 \SystemRoot\System32\ATMFD.DLL 0x94793000 \SystemRoot\system32\drivers\luafv.sys 0x947AE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0x945FE000 \SystemRoot\System32\DLA\DLADResM.SYS 0x947B9000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0x947D1000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0x947D6000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0x947D8000 \SystemRoot\system32\drivers\WudfPf.sys 0x947F2000 \SystemRoot\System32\DLA\DLABMFSM.SYS 0x947F9000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0x94600000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0x94616000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0x8BFC5000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x97C01000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x97C47000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x97C57000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x97C6A000 \SystemRoot\system32\drivers\HTTP.sys 0x97CEF000 \SystemRoot\system32\DRIVERS\bowser.sys 0x97D08000 \SystemRoot\System32\drivers\mpsdrv.sys 0x97D1A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x97D3D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x97D78000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x97DAB000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys 0x97DAD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xAF215000 \SystemRoot\system32\drivers\peauth.sys 0xAF2AC000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAF2B6000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xAF2D7000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAF2E4000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xAF2EC000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAF33B000 \SystemRoot\System32\DRIVERS\srv.sys 0xAF38D000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys 0xAF392000 \SystemRoot\System32\Drivers\fastfat.SYS 0xBF0A5000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xBF0AE000 \SystemRoot\system32\DRIVERS\monitor.sys 0x77590000 \Windows\System32\ntdll.dll 0x47B00000 \Windows\System32\smss.exe 0x777D0000 \Windows\System32\apisetschema.dll Processes (total 53): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 436 csrss.exe 488 C:\Windows\System32\wininit.exe 500 csrss.exe 552 C:\Windows\System32\services.exe 576 C:\Windows\System32\winlogon.exe 588 C:\Windows\System32\lsass.exe 596 C:\Windows\System32\lsm.exe 712 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\svchost.exe 892 C:\Windows\System32\svchost.exe 952 C:\Windows\System32\svchost.exe 980 C:\Windows\System32\svchost.exe 1092 C:\Windows\System32\svchost.exe 1260 C:\Windows\System32\svchost.exe 1484 C:\Windows\System32\spoolsv.exe 1524 C:\Windows\System32\svchost.exe 1616 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1636 C:\Program Files\Bonjour\mDNSResponder.exe 1700 C:\Program Files\Connectify\Connectifyd.exe 1888 C:\Windows\System32\svchost.exe 1912 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 1964 C:\Windows\System32\taskhost.exe 376 C:\Windows\System32\dwm.exe 484 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 1740 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 2112 C:\Program Files\Dell Support Center\bin\sprtsvc.exe 2144 C:\Windows\System32\stacsv.exe 2280 C:\Windows\System32\svchost.exe 2360 C:\Windows\System32\drivers\XAudio.exe 2428 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 2944 WmiPrvSE.exe 3796 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3816 C:\Windows\sttray.exe 3828 C:\Windows\System32\hkcmd.exe 3840 C:\Windows\System32\igfxpers.exe 3852 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 3868 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe 3896 C:\Program Files\PdaNet for Android\PdaNetPC.exe 3944 C:\Windows\System32\igfxsrvc.exe 2872 C:\Windows\System32\SearchIndexer.exe 3836 C:\Windows\System32\svchost.exe 4508 C:\Windows\System32\wuauclt.exe 2844 C:\Windows\explorer.exe 5904 C:\Program Files\Internet Explorer\iexplore.exe 2448 C:\Program Files\Internet Explorer\iexplore.exe 5220 C:\Windows\System32\audiodg.exe 4760 C:\Users\Deb\Desktop\MBRCheck.exe 4596 C:\Windows\System32\conhost.exe 5324 C:\Windows\System32\dllhost.exe 4028 C:\Windows\System32\SearchProtocolHost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC74P Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done!
  16. Here's the Combofix log, the redirect seems to be gone but when clicking on a search link, a blank window comes up. For instance, a search for Food Network yields this web address: ]http://www.google.com/search?sclient=psy&hl=en&source=hp&q=food+network&aq=0&aqi=g5&aql=&oq=foo&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=6a63bd3f03970b03&biw=1280&bih=627&tch=3&ech=2ψ=0WUaTqHTHsjr0QHdvpg5.1310352855015.1&wrapid=tlif131035285501510 but shows a blank page when clicked on. Combofix ComboFix 11-07-10.05 - Deb 07/10/2011 20:52:25.4.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3318.1713 [GMT -5:00] Running from: C:\Users\Deb\Desktop\ComboFix.exe Command switches used :: C:\Users\Deb\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FILE :: "c:\windows\system32\2656.tmp" "c:\windows\system32\8FA2.tmp" "c:\windows\system32\drivers\1962172.sys" "c:\windows\system32\drivers\19621721.sys" "c:\windows\system32\drivers\19621722.sys" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) c:\windows\system32\2656.tmp c:\windows\system32\8FA2.tmp c:\windows\system32\drivers\1962172.sys c:\windows\system32\drivers\19621721.sys c:\windows\system32\drivers\19621722.sys ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_19621721 -------\Legacy_19621722 -------\Service_19621721 -------\Service_19621722 -------\Service_MEMSWEEP2 ((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 ))))))))))))))))))))))))))))))) 2011-07-11 02:27:43 . 2011-07-11 02:33:21 -------- d-----w- C:\Users\Deb\AppData\Local\temp 2011-07-11 02:27:43 . 2011-07-11 02:27:43 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp 2011-07-11 02:27:43 . 2011-07-11 02:27:43 -------- d-----w- C:\Users\Guest\AppData\Local\temp 2011-07-11 02:27:43 . 2011-07-11 02:27:43 -------- d-----w- C:\Users\Default\AppData\Local\temp 2011-07-10 21:28:18 . 2011-07-10 21:28:18 309320 ----a-w- C:\Windows\system32\drivers\TrufosAlt.sys 2011-07-10 19:52:25 . 2011-07-11 02:30:38 -------- d-----w- C:\Users\Chuck\AppData\Local\temp 2011-07-10 18:43:05 . 2011-06-20 13:57:22 7074640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D58ADFF-C461-4595-A493-E649FE996BE4}\mpengine.dll 2011-07-09 01:47:54 . 2011-07-09 01:47:54 24416 ----a-w- C:\Windows\system32\drivers\regguard.sys 2011-07-09 01:43:03 . 2011-07-09 01:43:03 39192 ----a-w- C:\Windows\system32\Partizan.exe 2011-07-09 01:43:03 . 2011-07-09 01:43:03 35816 ----a-w- C:\Windows\system32\drivers\Partizan.sys 2011-07-09 01:41:59 . 2011-07-09 01:41:59 2 --shatr- C:\Windows\winstart.bat 2011-07-09 01:41:53 . 2011-07-09 01:41:53 -------- d-----w- C:\Program Files\Greatis 2011-07-07 18:52:39 . 2011-07-07 18:52:39 -------- d-----w- C:\$AVG 2011-07-06 03:46:16 . 2011-07-06 03:46:16 -------- d-----w- C:\Users\Deb\DoctorWeb 2011-07-06 00:31:34 . 2011-07-06 00:31:34 -------- d-----w- C:\Users\Chuck\AppData\Roaming\SUPERAntiSpyware.com 2011-07-06 00:31:25 . 2011-07-06 00:31:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-07-06 00:29:09 . 2010-05-26 15:45:04 18816 ------w- C:\Windows\system32\SAVRKBootTasks.sys 2011-07-05 22:18:36 . 2011-07-05 22:18:36 -------- d-----w- C:\Program Files\Sophos 2011-07-05 20:46:56 . 2011-07-05 20:46:56 -------- d-----w- C:\Users\Guest\AppData\Roaming\AVG10 2011-07-02 16:55:50 . 2011-07-02 16:55:50 -------- d-----w- C:\Users\Chuck\AppData\Roaming\AVG10 2011-07-02 02:05:28 . 2011-07-02 02:05:28 -------- d-----w- C:\Users\Deb\AppData\Roaming\AVG10 2011-07-02 02:02:34 . 2011-07-10 18:02:39 -------- d-----w- C:\ProgramData\AVG10 2011-07-02 01:53:24 . 2011-07-10 17:57:58 -------- d-----w- C:\ProgramData\MFAData 2011-07-01 20:20:34 . 2011-07-02 01:40:24 -------- d-----w- C:\ProgramData\Kaspersky Lab 2011-07-01 18:57:04 . 2011-07-01 18:57:04 -------- d-----w- C:\Users\Deb\AppData\Roaming\SUPERAntiSpyware.com 2011-07-01 18:57:04 . 2011-07-01 18:57:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2011-06-30 23:02:52 . 2011-07-10 17:58:24 -------- d-----w- C:\ProgramData\STOPzilla! 2011-06-30 19:16:38 . 2011-06-30 19:16:38 -------- d-----w- C:\Users\Deb\AppData\Roaming\Malwarebytes 2011-06-29 22:41:49 . 2011-06-29 22:41:49 -------- d--h--w- C:\Users\Deb\AppData\Local\Apple Computer 2011-06-29 19:44:36 . 2011-05-24 10:35:34 294912 ----a-w- C:\Windows\system32\umpnpmgr.dll 2011-06-16 13:01:50 . 2011-05-03 04:50:29 740864 ----a-w- C:\Windows\system32\inetcomm.dll 2011-06-16 13:01:49 . 2010-12-18 05:31:23 571904 ----a-w- C:\Windows\system32\oleaut32.dll 2011-06-16 13:01:48 . 2011-04-27 02:33:46 78336 ----a-w- C:\Windows\system32\drivers\dfsc.sys 2011-06-16 13:00:38 . 2011-04-29 02:57:34 311296 ----a-w- C:\Windows\system32\drivers\srv.sys 2011-06-16 13:00:38 . 2011-04-29 02:57:21 309760 ----a-w- C:\Windows\system32\drivers\srv2.sys 2011-06-16 13:00:38 . 2011-04-29 02:57:13 114176 ----a-w- C:\Windows\system32\drivers\srvnet.sys 2011-06-16 13:00:38 . 2011-04-25 04:56:06 1286016 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2011-06-16 13:00:37 . 2011-04-25 02:35:40 338944 ----a-w- C:\Windows\system32\drivers\afd.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2011-05-29 14:11:30 . 2010-07-18 20:27:57 39984 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys 2011-05-25 00:14:10 . 2009-10-03 21:56:20 222080 ------w- C:\Windows\system32\MpSigStub.exe ((((((((((((((((((((((((((((( SnapShot_2011-07-10_19.36.14 ))))))))))))))))))))))))))))))))))))))))) - 2011-07-06 02:05:40 . 2011-07-10 18:23:49 32768 C:\Windows\temp\Temporary Internet Files\Content.IE5\index.dat + 2011-07-06 02:05:40 . 2011-07-11 02:31:11 32768 C:\Windows\temp\Temporary Internet Files\Content.IE5\index.dat + 2011-07-06 02:05:40 . 2011-07-11 02:31:11 16384 C:\Windows\temp\History\History.IE5\index.dat - 2011-07-06 02:05:40 . 2011-07-10 18:23:49 16384 C:\Windows\temp\History\History.IE5\index.dat + 2011-07-06 02:05:40 . 2011-07-11 02:31:11 16384 C:\Windows\temp\Cookies\index.dat - 2011-07-06 02:05:40 . 2011-07-10 18:23:49 16384 C:\Windows\temp\Cookies\index.dat + 2009-12-28 04:15:01 . 2011-07-10 20:48:07 70370 C:\Windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2010-03-29 13:44:04 . 2011-07-10 21:22:23 33638 C:\Windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 04:55:35 . 2011-07-10 18:25:34 44840 C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55:35 . 2011-07-11 02:33:01 44840 C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-08-04 02:25:45 . 2011-07-11 02:30:53 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-04 02:25:45 . 2011-07-10 18:23:31 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:34:52 . 2011-07-10 21:27:46 65840 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2010-08-04 02:25:45 . 2011-07-11 02:30:53 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-08-04 02:25:45 . 2011-07-10 18:23:31 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-08-04 02:25:45 . 2011-07-10 18:23:31 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-08-04 02:25:45 . 2011-07-11 02:30:53 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-12-28 01:57:37 . 2011-07-10 19:03:45 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-28 01:57:37 . 2011-07-11 02:03:38 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-28 01:57:37 . 2011-07-10 19:03:45 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-12-28 01:57:37 . 2011-07-11 02:03:38 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-07-10 18:23:25 . 2011-07-10 18:23:25 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-07-10 21:20:09 . 2011-07-11 02:30:52 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-07-10 21:20:09 . 2011-07-11 02:30:52 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-07-10 18:23:25 . 2011-07-10 18:23:25 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-07-11 02:31:04 . 2009-10-07 07:47:22 109080 C:\Windows\temp\logishrd\LVPrcInj01.dll - 2009-07-14 02:03:41 . 2011-07-10 18:53:37 7077888 C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:03:41 . 2011-07-10 21:33:47 7077888 C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 03:49:58 213816] [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36:00 94208 ---ha-w- C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36:00 94208 ---ha-w- C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36:00 94208 ---ha-w- C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36:00 94208 ---ha-w- C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 13:50:31 2424192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 17:51:10 815104] "SigmatelSysTrayApp"="sttray.exe" [2010-04-08 14:08:14 303104] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-24 00:30:48 173592] "Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-24 00:30:48 150552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNjY5ODU1NzQ1LVQxNC1CQSsxLUtWMys3LUZQOSs2LVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzUtRjlNMTBCKzEtRjlNMisxLUREVCswLUZMMTArMQ∏=90&ver=10.0.1388" [?] C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] PdaNet Desktop.lnk - C:\Program Files\PdaNet for Android\PdaNetPC.exe [2010-6-12 447952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 05:07:44 932288 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 10:47:04 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2006-11-12 07:19:46 446976 ----a-w- C:\Program Files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 15:55:32 206064 ----a-w- C:\Program Files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 14:24:00 16384 ----a-w- C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-08-11 21:32:58 30192 ---ha-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-10-03 16:37:04 81920 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng] 2009-07-22 18:40:40 83336 ----a-w- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-24 06:10:52 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 19:36:56 2793304 ----a-w- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-05-02 23:16:54 184320 ----a-w- C:\Program Files\Dell\MediaDirect\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-02-26 01:23:34 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 15:17:42 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-04-21 19:39:16 24264488 ----a-r- C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] 2010-11-11 18:55:46 159472 ----a-w- C:\Program Files\Zune\ZuneLauncher.exe R3 CFcatchme;CFcatchme;C:\Users\Deb\AppData\Local\Temp\CFcatchme.sys [x] R3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys [2010-06-14 12:05:20 29248] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-11 21:32:58 30192] R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 16:01:26 174720] R3 Partizan;Partizan;C:\Windows\system32\drivers\Partizan.sys [2011-07-09 01:43:03 35816] R3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2011-07-09 01:47:54 24416] R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [2009-03-21 01:03:36 32408] R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-10 11:42:58 1343400] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 18:57:04 268528] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 18:25:48 12872] S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 18:41:30 67656] S1 SAVRKBootTasks;Boot Tasks Driver;C:\Windows\system32\SAVRKBootTasks.sys [2010-05-26 15:45:04 18816] S2 Connectify;Connectify;C:\Program Files\Connectify\Connectifyd.exe [2011-03-09 22:17:16 892992] S3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys [2010-06-14 12:05:20 29248] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 22:02:51 4231168] S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 20:32:14 9472] S3 VAD_DEV;Virtual Audio Service;C:\Windows\system32\drivers\vad.sys [2010-11-19 00:13:38 16256] ------- Supplementary Scan ------- uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.altavista.com/ mStart Page = hxxp://www.yahoo.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\ydno7wt2.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e0e7c9e&i=23&tp=ab&nt=1&q= --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(2844) C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll C:\Windows\system32\DLAAPI_W.DLL C:\Program Files\Roxio\Drag-to-Disc\ShellRes.dll ------------------------ Other Running Processes ------------------------ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\System32\STacSV.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Windows\sttray.exe C:\Windows\system32\igfxsrvc.exe ************************************************************************** Completion time: 2011-07-10 21:50:27 - machine was rebooted
  17. Ok, after a rather long scan, I wasn't able to zip the DAT file and I received a message saying I was not allowed to upload that type of file. I renamed to 'mbr.txt' and it's attached. Log file: aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software Run date: 2011-07-10 18:07:58 ----------------------------- 18:07:58.385 OS Version: Windows 6.1.7600 18:07:58.385 Number of processors: 2 586 0xF02 18:07:58.386 ComputerName: DEB-PC UserName: Deb 18:07:59.894 Initialize success 18:09:28.525 AVAST engine defs: 11071001 18:09:32.840 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 18:09:32.843 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC74P Size: 76319MB BusType: 3 18:09:34.875 Disk 0 MBR read successfully 18:09:34.878 Disk 0 MBR scan 18:09:34.883 Disk 0 Windows 7 default MBR code 18:09:36.888 Disk 0 scanning sectors +156299264 18:09:36.933 Disk 0 scanning C:\Windows\system32\drivers 18:09:51.733 Service scanning 18:09:53.225 Disk 0 trace - called modules: 18:09:53.257 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86738f16]<< 18:09:53.263 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8671c860] 18:09:53.268 3 CLASSPNP.SYS[8bfa659e] -> nt!IofCallDriver -> [0x8627d918] 18:09:53.275 5 ACPI.sys[8361a3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8597b610] 18:09:53.283 \Driver\atapi[0x86263688] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86738f16 18:09:55.148 AVAST engine scan C:\Windows 18:58:22.558 AVAST engine scan C:\Users\Deb 19:15:38.153 AVAST engine scan C:\ProgramData 19:18:33.648 Scan finished successfully 19:24:31.402 Disk 0 MBR has been saved successfully to "C:\Users\Deb\Desktop\MBR.dat" 19:24:31.409 The log file has been saved successfully to "C:\Users\Deb\Desktop\aswMBR.txt" MBR.txt
  18. Another successful scan: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: MXC062 Logical Drives Mask: 0x0000001c Kernel Drivers (total 181): 0x82E14000 \SystemRoot\system32\ntkrnlpa.exe 0x83224000 \SystemRoot\system32\halmacpi.dll 0x80B99000 \SystemRoot\system32\kdcom.dll 0x83406000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8347E000 \SystemRoot\system32\PSHED.dll 0x8348F000 \SystemRoot\system32\BOOTVID.dll 0x83497000 \SystemRoot\system32\CLFS.SYS 0x834D9000 \SystemRoot\system32\CI.dll 0x83584000 \SystemRoot\system32\drivers\Wdf01000.sys 0x83603000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x83611000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x83659000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x83662000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8366A000 \SystemRoot\system32\DRIVERS\pci.sys 0x83694000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8369F000 \SystemRoot\System32\drivers\partmgr.sys 0x836B0000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x836B8000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x836C3000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x836D3000 \SystemRoot\System32\drivers\volmgrx.sys 0x8371E000 \SystemRoot\system32\DRIVERS\intelide.sys 0x83725000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x83733000 \SystemRoot\System32\drivers\mountmgr.sys 0x83749000 \SystemRoot\system32\DRIVERS\atapi.sys 0x83752000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x83775000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8377E000 \SystemRoot\system32\drivers\fltmgr.sys 0x837B2000 \SystemRoot\system32\drivers\fileinfo.sys 0x837C3000 \SystemRoot\System32\Drivers\DRVMCDB.SYS 0x837D9000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8BC0F000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BD3E000 \SystemRoot\System32\Drivers\msrpc.sys 0x8BD69000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8BD7C000 \SystemRoot\System32\Drivers\cng.sys 0x8BDD9000 \SystemRoot\System32\drivers\pcw.sys 0x8BDE7000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8BE29000 \SystemRoot\system32\drivers\ndis.sys 0x8BEE0000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BF1E000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8C023000 \SystemRoot\System32\drivers\tcpip.sys 0x8C16C000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8C19D000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8C1A6000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8C1E5000 \SystemRoot\System32\Drivers\spldr.sys 0x8BF43000 \SystemRoot\System32\drivers\rdyboost.sys 0x8C1ED000 \SystemRoot\System32\Drivers\mup.sys 0x8C000000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BF70000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8C008000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BFA2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BFC7000 \SystemRoot\system32\DRIVERS\19621722.sys 0x8BE00000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8BE1F000 \??\C:\Windows\system32\SAVRKBootTasks.sys 0x8C1FD000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0x8BDF0000 \SystemRoot\System32\Drivers\Null.SYS 0x8BDF7000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BC00000 \SystemRoot\System32\Drivers\DLARTL_M.SYS 0x837E2000 \SystemRoot\System32\drivers\vga.sys 0x90E09000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x90E2A000 \SystemRoot\System32\drivers\watchdog.sys 0x90E37000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90E3F000 \SystemRoot\system32\drivers\rdpencdd.sys 0x90E47000 \SystemRoot\system32\drivers\rdprefmp.sys 0x90E4F000 \SystemRoot\System32\Drivers\Msfs.SYS 0x90E5A000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90E68000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90E7F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x90E8A000 \SystemRoot\System32\DRIVERS\netbt.sys 0x90EBC000 \SystemRoot\system32\drivers\afd.sys 0x90F16000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x90F1D000 \SystemRoot\system32\DRIVERS\pacer.sys 0x90F3C000 \SystemRoot\system32\DRIVERS\netbios.sys 0x90F4A000 \SystemRoot\System32\Drivers\tosrfcom.sys 0x90F5A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x90F6D000 \SystemRoot\System32\drivers\truecrypt.sys 0x90FA2000 \SystemRoot\system32\DRIVERS\termdd.sys 0x90FB2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x90FD4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x91A2D000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x91A6E000 \SystemRoot\system32\drivers\nsiproxy.sys 0x91A78000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x91A82000 \SystemRoot\System32\drivers\discache.sys 0x91A8E000 \SystemRoot\system32\drivers\csc.sys 0x91AF2000 \SystemRoot\System32\Drivers\dfsc.sys 0x91B0A000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x9200C000 \SystemRoot\system32\DRIVERS\19621721.sys 0x9252C000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x9254D000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x9255F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x92568000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x92626000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x92B2F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x9256C000 \SystemRoot\System32\drivers\dxgmms1.sys 0x92600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x92E23000 \SystemRoot\system32\DRIVERS\netw5v32.sys 0x93236000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x93241000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x9328C000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x9329B000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0x932AC000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x932D8000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x932F1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x932FF000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x93313000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x93364000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x9337C000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x933A7000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x933A9000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x933B6000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x933C3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x933C9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x933DF000 \SystemRoot\system32\drivers\vad.sys 0x925A5000 \SystemRoot\system32\drivers\portcls.sys 0x933E3000 \SystemRoot\system32\drivers\drmk.sys 0x91B18000 \SystemRoot\system32\drivers\ks.sys 0x92E00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x92BE6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x92E12000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x925D4000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x91B4C000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x91B64000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x91B7B000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x925F6000 \SystemRoot\system32\DRIVERS\connctfy.sys 0x92E1D000 \SystemRoot\system32\DRIVERS\pnetmdm.sys 0x91B92000 \SystemRoot\system32\drivers\modem.sys 0x92000000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x92E20000 \SystemRoot\system32\DRIVERS\swenum.sys 0x91B9F000 \SystemRoot\system32\DRIVERS\umbus.sys 0x91BAD000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x91A00000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9183E000 \SystemRoot\system32\drivers\stwrt.sys 0x918E1000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x9340B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x9350E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x935C2000 \SystemRoot\system32\DRIVERS\tosporte.sys 0x935CD000 \SystemRoot\System32\Drivers\crashdmp.sys 0x935DA000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x935E5000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x935EE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x94DA0000 \SystemRoot\System32\win32k.sys 0x93400000 \SystemRoot\System32\drivers\Dxapi.sys 0x9191E000 \SystemRoot\system32\DRIVERS\monitor.sys 0x94C00000 \SystemRoot\System32\TSDDD.dll 0x94C30000 \SystemRoot\System32\cdd.dll 0x94C50000 \SystemRoot\System32\ATMFD.DLL 0x91929000 \SystemRoot\system32\drivers\luafv.sys 0x91944000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0x9340A000 \SystemRoot\System32\DLA\DLADResM.SYS 0x9194F000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0x91967000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0x9196C000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0x9196E000 \SystemRoot\system32\drivers\WudfPf.sys 0x91988000 \SystemRoot\System32\DLA\DLABMFSM.SYS 0x9198F000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0x91996000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0x919AC000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0x919C3000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA9A24000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA9A6A000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA9A7A000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA9A8D000 \SystemRoot\system32\drivers\HTTP.sys 0xA9B12000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA9B2B000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA9B3D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA9B60000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA9B9B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA9BCE000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys 0xA9BD0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xACC0A000 \SystemRoot\system32\drivers\peauth.sys 0xACCA1000 \SystemRoot\System32\Drivers\secdrv.SYS 0xACCAB000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xACCCC000 \SystemRoot\System32\drivers\tcpipreg.sys 0xACCD9000 \SystemRoot\system32\DRIVERS\xaudio.sys 0xACCE1000 \SystemRoot\System32\DRIVERS\srv2.sys 0xACD30000 \SystemRoot\System32\DRIVERS\srv.sys 0xACD82000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys 0xACD87000 \SystemRoot\System32\Drivers\fastfat.SYS 0xB8E77000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x76F80000 \Windows\System32\ntdll.dll 0x479D0000 \Windows\System32\smss.exe 0x771C0000 \Windows\System32\apisetschema.dll Processes (total 53): 0 System Idle Process 4 System 292 C:\Windows\System32\smss.exe 436 csrss.exe 492 C:\Windows\System32\wininit.exe 500 csrss.exe 552 C:\Windows\System32\services.exe 576 C:\Windows\System32\winlogon.exe 588 C:\Windows\System32\lsass.exe 596 C:\Windows\System32\lsm.exe 716 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\svchost.exe 884 C:\Windows\System32\svchost.exe 944 C:\Windows\System32\svchost.exe 968 C:\Windows\System32\svchost.exe 1140 C:\Windows\System32\svchost.exe 1308 C:\Windows\System32\svchost.exe 1472 C:\Windows\System32\spoolsv.exe 1508 C:\Windows\System32\svchost.exe 1592 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1620 C:\Program Files\Bonjour\mDNSResponder.exe 1640 C:\Program Files\Connectify\Connectifyd.exe 1800 C:\Windows\System32\svchost.exe 1824 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 1916 C:\Windows\System32\taskhost.exe 408 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 504 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 1172 C:\Windows\System32\dwm.exe 1348 C:\Windows\explorer.exe 2044 C:\Program Files\Dell Support Center\bin\sprtsvc.exe 2076 C:\Windows\System32\stacsv.exe 2184 C:\Windows\System32\svchost.exe 2252 C:\Windows\System32\drivers\XAudio.exe 2412 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 2612 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2652 C:\Windows\sttray.exe 2660 C:\Windows\System32\hkcmd.exe 2676 C:\Windows\System32\igfxpers.exe 2756 C:\Windows\System32\igfxsrvc.exe 2804 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 2872 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe 3092 C:\Program Files\PdaNet for Android\PdaNetPC.exe 3360 C:\Windows\System32\SearchIndexer.exe 912 C:\Windows\System32\svchost.exe 1740 C:\Windows\System32\wuauclt.exe 3392 C:\Program Files\Internet Explorer\iexplore.exe 3764 C:\Program Files\Internet Explorer\iexplore.exe 3064 C:\Windows\System32\audiodg.exe 2392 C:\Windows\System32\SearchFilterHost.exe 3892 C:\Windows\System32\SearchProtocolHost.exe 1860 C:\Users\Deb\Desktop\MBRCheck.exe 904 C:\Windows\System32\conhost.exe 3544 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC74P Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Done!
  19. Here ya go, nice to see something run normally ******************************** Microsoft Signature Verification Log file generated on 7/10/2011 at 5:28 PM OS Platform: Windows (x86), Version: 6.1, Build: 7600, CSDVersion: Scan Results: Total Files: 208, Signed: 202, Unsigned: 5, Not Scanned: 1 File Modified Version Status Catalog Signed By ------------------ ------------ ----------- ------------ ----------- ------------------- [c:\program files\conexant\cnxt_modem_hdaudio_ven_14f1&dev_2bfa&subsys_14f100c3] hxfsetup.exe 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher [c:\program files\dellsupport\drivers] dsunidrv.sys 8/17/2006 1.0.0.9 Not Signed N/A [c:\program files\dellsupport\gtaction\triggers] dsproct.sys 10/5/2006 2.0.0.30 Not Signed N/A [c:\program files\superantispyware] sasdifsv.sys 2/17/2010 None Signed N/A saskutil.sys 5/10/2010 None Signed N/A [c:\program files\synaptics\syntp] instnt.exe 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher syncntxt.rtf 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher synisdll.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher synmood.exe 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher syntpcom.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher syntpcpl.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher syntpenh.exe 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher syntpres.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher synunst.ini 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher synzmetr.exe 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher tutorial.exe 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher [c:\program files\verizon wireless\vzaccess manager] smsivzam5.sys 3/20/2009 None Signed N/A [c:\windows\system32] batt.dll 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows clfs.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows ctapo32.dll 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher ctppld.dll 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher hccutils.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher hkcmd.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher ig4dev32.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher ig4icd32.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igdumd32.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxcfg.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxcoin_v1930.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxcpl.cpl 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxdev.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxdo.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxexps.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxext.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxpers.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxpph.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrara.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrchs.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrcht.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrcsy.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrdan.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrdeu.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrell.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrenu.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxresp.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxress.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrfin.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrfra.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrheb.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrhun.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrita.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrjpn.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrkor.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrnld.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrnor.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrplk.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrptb.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrptg.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrrus.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrsky.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrslv.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrsve.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrtha.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxrtrk.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxsrvc.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxsrvc.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxtmm.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher igfxtray.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher iglhxa32.cpa 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher iglhxa32.vp 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher iglhxc32.vp 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher iglhxg32.vp 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher iglhxo32.vp 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher iglhxs32.vp 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher mdmxsdk.dll 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher oemdspif.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher rixdicon.dll 11/20/2006 2:5.00 Signed rixdptsk.cat Microsoft Windows Hardware Compatibility Publisher savrkboottasks.sys 5/26/2010 1.5.3.1 Not Signed N/A snymsico.dll 11/20/2006 2:5.00 Signed rimsptsk.cat Microsoft Windows Hardware Compatibility Publisher staco.dll 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher stapi32.dll 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher stapo.dll 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher storprop.dll 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows streamci.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows syncom.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher synctrl.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher syntpapi.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher syntpco4.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher sysfxui.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows tvwsetup.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher uci32113.dll 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher wdfcoinstaller01000. 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher wmalfxgfxdsp.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows [c:\windows\system32\drivers] 1394ohci.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows 19621721.sys 9/25/2009 None Signed N/A 19621722.sys 10/22/2009 None Signed N/A acpi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows afd.sys 4/24/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_5_for_KB2503Microsoft Windows agilevpn.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows asyncmac.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows atapi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows ataport.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows battc.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows bcm4sbxp.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows blbdrive.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows cdrom.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows cmbatt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows cng.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows compbatt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows compositebus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows connctfy.sys 6/14/2010 None Signed N/A csc.sys 7/13/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-OfMicrosoft Windows del1028.cty 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher discache.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows disk.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows drmk.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows drmkaud.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows dxgkrnl.sys 10/1/2009 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB9744Microsoft Windows fvevol.sys 7/13/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-SeMicrosoft Windows hdaudbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows hsx_cnxt.sys 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher hsx_dpv.sys 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher hsxhwazl.sys 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher http.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows hwpolicy.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows i8042prt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows igdkmd32.sys 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher intelide.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows intelppm.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows ipnat.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows kbdclass.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows ksecdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows ksecpkg.sys 12/11/2009 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB9804Microsoft Windows lltdio.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows lvpr2mon.sys 10/7/2009 None Signed N/A mdmxsdk.sys 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher modem.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows monitor.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows mouclass.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows mountmgr.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows mpsdrv.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows msisadrv.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows mskssrv.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows mspclock.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows mspqm.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows mssmbios.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows mstee.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows ndis.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows ndistapi.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows ndisuio.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows ndiswan.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows netbt.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows netw5v32.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows nsiproxy.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows nwifi.sys 7/13/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-ClMicrosoft Windows pacer.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows partizan.sys 7/8/2011 None Signed N/A pci.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows pciidex.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows pcw.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows peauth.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows pnetmdm.sys 9/28/2006 4.0.0.0 Not Signed N/A portcls.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows rasl2tp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows raspppoe.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows raspptp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows rassstp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows rdpbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows rdpcdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows rdpencdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows rdprefmp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows rimmptsk.sys 11/20/2006 2:5.00 Signed rimmptsk.cat Microsoft Windows Hardware Compatibility Publisher rimsptsk.sys 11/20/2006 2:5.00 Signed rimsptsk.cat Microsoft Windows Hardware Compatibility Publisher rixdptsk.sys 11/20/2006 2:5.00 Signed rixdptsk.cat Microsoft Windows Hardware Compatibility Publisher rspndr.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows sdbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows sermouse.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows stwrt.sys 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher swenum.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows syntp.sys 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher tcpip.sys 4/24/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_5_for_KB2503Microsoft Windows tcpipreg.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows tdx.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows termdd.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows tosporte.sys 6/17/2009 2:5.00 Signed tosporte.cat Microsoft Windows Hardware Compatibility Publisher tosrfcom.sys 7/28/2009 2:5.00 Signed tosrfcom.cat Microsoft Windows Hardware Compatibility Publisher truecrypt.sys 11/21/2009 None Signed N/A tunnel.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows umbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows usbd.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows usbehci.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows usbhub.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows usbport.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows usbuhci.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows vad.sys 11/18/2010 1.0.1.2 Not Signed N/A vdrvroot.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows vga.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows vmstorfl.sys 7/13/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Hyper-V-GuMicrosoft Windows volmgr.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows volmgrx.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows volsnap.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows wanarp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows wdf01000.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows wfplwf.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows wmiacpi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows wudfpf.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows xaudio.exe 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher xaudio.sys 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher Unscanned Files: ------------------ [c:\windows\c:\users\deb\appdata\local\temp] catchme.sys The directory name is invalid.
  20. Had to download the 32 bit version, scanned and found no infection.
  21. Rebooted to Safe mode, tried again, no luck. Also tried renaming with no result. This thing is getting to me...
  22. Renamed to cheese.exe, no luck. Also tried as cheese.com just for grins, again no luck.
  23. D-Fred, First, thank you very much for your willingness to help. I've uninstalled the software you suggested and run the scans. I am not able to get TDSSKiller to run: I double clicked and also right clicked and attempted run as administrator. The browser is still redirecting. Here are the Combofix and Security Check logs: ComboFix 11-07-10.03 - Deb 07/10/2011 13:56:39.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3318.2279 [GMT -5:00] Running from: c:\users\Deb\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data c:\data\default\us_sres.data . . ((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 ))))))))))))))))))))))))))))))) . . 2011-07-10 19:33 . 2011-07-10 19:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2011-07-10 19:33 . 2011-07-10 19:33 -------- d-----w- c:\users\Guest\AppData\Local\temp 2011-07-10 19:33 . 2011-07-10 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-10 19:33 . 2011-07-10 19:33 -------- d-----w- c:\users\Chuck\AppData\Local\temp 2011-07-10 18:43 . 2011-06-20 13:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D58ADFF-C461-4595-A493-E649FE996BE4}\mpengine.dll 2011-07-09 01:47 . 2011-07-09 01:47 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2011-07-09 01:43 . 2011-07-09 01:43 39192 ----a-w- c:\windows\system32\Partizan.exe 2011-07-09 01:43 . 2011-07-09 01:43 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2011-07-09 01:41 . 2011-07-09 01:41 2 --shatr- c:\windows\winstart.bat 2011-07-09 01:41 . 2011-07-09 01:41 -------- d-----w- c:\program files\Greatis 2011-07-07 18:52 . 2011-07-07 18:52 -------- d-----w- C:\$AVG 2011-07-06 03:46 . 2011-07-06 03:46 -------- d-----w- c:\users\Deb\DoctorWeb 2011-07-06 00:31 . 2011-07-06 00:31 -------- d-----w- c:\users\Chuck\AppData\Roaming\SUPERAntiSpyware.com 2011-07-06 00:31 . 2011-07-06 00:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-07-06 00:29 . 2010-05-26 15:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2011-07-05 22:30 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\2656.tmp 2011-07-05 22:18 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\8FA2.tmp 2011-07-05 22:18 . 2011-07-05 22:18 -------- d-----w- c:\program files\Sophos 2011-07-05 20:46 . 2011-07-05 20:46 -------- d-----w- c:\users\Guest\AppData\Roaming\AVG10 2011-07-02 16:55 . 2011-07-02 16:55 -------- d-----w- c:\users\Chuck\AppData\Roaming\AVG10 2011-07-02 02:05 . 2011-07-02 02:05 -------- d-----w- c:\users\Deb\AppData\Roaming\AVG10 2011-07-02 02:02 . 2011-07-10 18:02 -------- d-----w- c:\programdata\AVG10 2011-07-02 01:53 . 2011-07-10 17:57 -------- d-----w- c:\programdata\MFAData 2011-07-01 20:20 . 2011-07-02 01:40 -------- d-----w- c:\programdata\Kaspersky Lab 2011-07-01 20:17 . 2009-10-22 18:54 37392 ----a-w- c:\windows\system32\drivers\19621722.sys 2011-07-01 20:17 . 2009-10-10 04:31 311312 ----a-w- c:\windows\system32\drivers\1962172.sys 2011-07-01 20:17 . 2009-09-25 22:59 128016 ----a-w- c:\windows\system32\drivers\19621721.sys 2011-07-01 18:57 . 2011-07-01 18:57 -------- d-----w- c:\users\Deb\AppData\Roaming\SUPERAntiSpyware.com 2011-07-01 18:57 . 2011-07-01 18:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-06-30 23:02 . 2011-07-10 17:58 -------- d-----w- c:\programdata\STOPzilla! 2011-06-30 19:16 . 2011-06-30 19:16 -------- d-----w- c:\users\Deb\AppData\Roaming\Malwarebytes 2011-06-29 22:41 . 2011-06-29 22:41 -------- d--h--w- c:\users\Deb\AppData\Local\Apple Computer 2011-06-29 19:44 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-16 13:01 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 13:01 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 13:01 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-16 13:00 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-16 13:00 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 13:00 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 13:00 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-16 13:00 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 14:11 . 2010-07-18 20:27 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-25 00:14 . 2009-10-03 21:56 222080 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-07-01_22.26.33 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-02 02:00 . 2011-07-02 02:00 51008 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a\vcomp90.dll + 2011-07-02 02:00 . 2011-07-02 02:00 59728 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90RUS.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 42832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90KOR.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 43344 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90JPN.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 61264 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ITA.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 62800 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90FRA.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 61760 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ESP.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 61776 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ESN.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 53568 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 63296 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90DEU.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 36688 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90CHT.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 35648 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90CHS.DLL + 2011-07-02 02:00 . 2011-07-02 02:00 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90u.dll + 2011-07-02 02:00 . 2011-07-02 02:00 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90.dll + 2011-07-05 20:56 . 2011-07-05 20:56 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll + 2011-07-05 20:56 . 2011-07-05 20:56 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80KOR.dll + 2011-07-05 20:56 . 2011-07-05 20:56 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80JPN.dll + 2011-07-05 20:56 . 2011-07-05 20:56 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ITA.dll + 2011-07-05 20:56 . 2011-07-05 20:56 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80FRA.dll + 2011-07-05 20:56 . 2011-07-05 20:56 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ESP.dll + 2011-07-05 20:56 . 2011-07-05 20:56 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll + 2011-07-05 20:56 . 2011-07-05 20:56 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80DEU.dll + 2011-07-05 20:56 . 2011-07-05 20:56 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80CHT.dll + 2011-07-05 20:56 . 2011-07-05 20:56 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80CHS.dll + 2011-07-05 20:56 . 2011-07-05 20:56 57856 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfcm80u.dll + 2011-07-05 20:56 . 2011-07-05 20:56 69632 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfcm80.dll + 2011-07-05 20:56 . 2011-07-05 20:56 97280 c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll + 2011-07-06 02:05 . 2011-07-10 18:23 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat + 2011-07-06 02:05 . 2011-07-10 18:23 16384 c:\windows\temp\History\History.IE5\index.dat + 2011-07-06 02:05 . 2011-07-10 18:23 16384 c:\windows\temp\Cookies\index.dat + 2010-03-29 13:44 . 2011-07-10 18:25 33614 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2011-07-10 18:25 44840 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-08-04 02:25 . 2011-07-01 21:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-04 02:25 . 2011-07-10 18:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:34 . 2011-07-10 18:27 65632 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2010-08-04 02:25 . 2011-07-01 21:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-08-04 02:25 . 2011-07-10 18:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-08-04 02:25 . 2011-07-01 21:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-08-04 02:25 . 2011-07-10 18:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-12-28 01:57 . 2011-07-01 20:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-28 01:57 . 2011-07-10 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-28 01:57 . 2011-07-10 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-12-28 01:57 . 2011-07-01 20:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-12-28 02:57 . 2011-07-10 18:25 7378 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3487078606-40491123-2078983663-1001_UserData.bin + 2010-01-02 16:17 . 2011-07-08 01:22 7384 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3487078606-40491123-2078983663-1000_UserData.bin - 2011-07-01 21:32 . 2011-07-01 21:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-07-10 18:23 . 2011-07-10 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-07-01 21:32 . 2011-07-01 21:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-07-10 18:23 . 2011-07-10 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-07-05 20:56 . 2011-07-05 20:56 632656 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll + 2011-07-05 20:56 . 2011-07-05 20:56 554832 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll + 2011-07-05 20:56 . 2011-07-05 20:56 479232 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll + 2009-12-30 14:47 . 2011-07-04 15:00 308364 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2009-12-28 04:15 . 2011-07-10 14:17 302850 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 04:47 . 2011-07-09 01:43 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:47 . 2011-06-30 18:12 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-15 23:17 . 2011-07-09 01:43 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3487078606-40491123-2078983663-1001-12288.dat - 2011-05-15 23:17 . 2011-06-30 18:12 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3487078606-40491123-2078983663-1001-12288.dat + 2011-05-15 23:17 . 2011-07-09 01:43 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3487078606-40491123-2078983663-1000-12288.dat - 2011-05-15 23:17 . 2011-05-15 23:17 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3487078606-40491123-2078983663-1000-12288.dat + 2011-07-02 02:00 . 2011-07-02 02:00 223232 c:\windows\Installer\cfecb.msi + 2011-07-02 02:00 . 2011-07-02 02:00 3780424 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll + 2011-07-02 02:00 . 2011-07-02 02:00 3765048 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90.dll + 2011-07-05 20:56 . 2011-07-05 20:56 1093120 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll + 2011-07-05 20:56 . 2011-07-05 20:56 1101824 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll + 2009-07-14 02:03 . 2011-07-10 18:53 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:03 . 2011-07-01 20:29 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 04:34 . 2011-06-30 23:12 3472553 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:34 . 2011-07-10 18:27 3472553 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-04-16 13:44 . 2011-04-16 13:44 2770944 c:\windows\Installer\3d35500.msi + 2011-05-19 16:02 . 2011-07-05 21:07 115780448 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}] [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ---ha-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ---ha-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ---ha-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ---ha-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104] "SigmatelSysTrayApp"="sttray.exe" [2010-04-08 303104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNjY5ODU1NzQ1LVQxNC1CQSsxLUtWMys3LUZQOSs2LVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzUtRjlNMTBCKzEtRjlNMisxLUREVCswLUZMMTArMQ∏=90&ver=10.0.1388" [?] . c:\users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-6-12 447952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 05:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 10:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2010-08-11 21:32 30192 ---ha-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng] 2009-07-22 18:40 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] 2007-05-02 23:16 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2008-02-26 01:23 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-04-21 19:39 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] 2010-11-11 18:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe . R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-06-14 29248] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-11 30192] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2656.tmp [2010-05-26 6144] R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 174720] R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-07-09 35816] R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2011-07-09 24416] R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\program files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [2009-03-21 32408] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1343400] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 268528] S0 19621722;19621722 Boot Guard Driver;c:\windows\system32\DRIVERS\19621722.sys [2009-10-22 37392] S1 19621721;19621721;c:\windows\system32\DRIVERS\19621721.sys [2009-09-25 128016] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816] S2 Connectify;Connectify;c:\program files\Connectify\Connectifyd.exe [2011-03-09 892992] S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-06-14 29248] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472] S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-11-19 16256] . . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.altavista.com/ mStart Page = hxxp://www.yahoo.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\ydno7wt2.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e0e7c9e&i=23&tp=ab&nt=1&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2656.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-07-10 14:51:50 ComboFix-quarantined-files.txt 2011-07-10 19:51 ComboFix2.txt 2011-07-02 01:36 ComboFix3.txt 2011-07-01 22:43 . Pre-Run: 5,261,942,784 bytes free Post-Run: 4,839,673,856 bytes free . - - End Of File - - 48DAAE8B31D8B7434972BBEBECB7DE91 Results of screen317's Security Check version 0.99.17 Windows 7 (UAC is disabled!) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Java SE Runtime Environment 6 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.1.102.64 Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log````````````
  24. Got the Win 7 Repair virus on wife's laptop, think I eradicated it but can't get rid of the redirect rootkit. Appreciate any help. Thanks Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6997 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 7/1/2011 2:48:43 PM mbam-log-2011-07-01 (14-48-43).txt Scan type: Quick scan Objects scanned: 192222 Time elapsed: 11 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21 Run by Deb at 21:59:45 on 2011-07-07 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3318.1802 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Connectify\Connectifyd.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Windows\System32\STacSV.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AVG\AVG10\avgchsvx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\sttray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Users\Deb\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\REGSVR32.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: : {c90dbb52-46e0-4e65-92bc-799adee54c86} - c:\progra~1\flash2x\flashp~1\FLASHP~1.DLL BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRunOnce: [spchecker] "c:\program files\avg\avg10\notification\SPCheckerTE.exe" mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [sigmatelSysTrayApp] sttray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAxADUANQAxADAAMQA3ADQALQBUADEANAAtAEIAQQArADEALQBLAFYAMwArADcALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.894 StartupFolder: c:\users\deb\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\deb\appdata\roaming\dropbox\bin\Dropbox.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\055726C69636 : DhcpNameServer = 63.144.60.89 64.81.219.242 TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\2375942554234303 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\354727165726022456163686 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\4584257657563747 : DhcpNameServer = 151.164.1.8 151.164.11.201 4.2.2.3 TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\8496C647F6E684561646 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\C63636167657563747 : DhcpNameServer = 205.173.240.18 205.173.240.19 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\deb\appdata\roaming\mozilla\firefox\profiles\ydno7wt2.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e0e7c9e&i=23&tp=ab&nt=1&q= FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox 3.6 beta 3\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox 3.6 beta 3\plugins\npEModelPlugin.dll FF - plugin: c:\program files\mozilla firefox 3.6 beta 3\plugins\npPDFXCviewNPPlugin.dll FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll . ============= SERVICES / DRIVERS =============== . R0 19621722;19621722 Boot Guard Driver;c:\windows\system32\drivers\19621722.sys [2011-7-1 37392] R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328] R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280] R1 19621721;19621721;c:\windows\system32\drivers\19621721.sys [2011-7-1 128016] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-7-5 18816] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 Connectify;Connectify;c:\program files\connectify\Connectifyd.exe [2011-3-9 892992] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968] R3 connctfyMP;connctfyMP;c:\windows\system32\drivers\connctfy.sys [2010-6-14 29248] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-6-12 9472] R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-12-21 16256] S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 connctfy;Connectify Service;c:\windows\system32\drivers\connctfy.sys [2010-6-14 29248] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-6-19 30192] S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2656.tmp [2011-7-5 6144] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720] S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\program files\verizon wireless\vzaccess manager\SMSIVZAM5.sys [2009-3-20 32408] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-10 1343400] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528] . =============== Created Last 30 ================ . 2011-07-07 18:52:39 -------- d--h--w- C:\$AVG 2011-07-07 02:59:47 -------- d-----w- C:\Data 2011-07-06 03:46:16 -------- d-----w- c:\users\deb\DoctorWeb 2011-07-06 00:31:25 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-07-06 00:29:09 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2011-07-05 22:30:22 6144 ------w- c:\windows\system32\2656.tmp 2011-07-05 22:18:48 6144 ------w- c:\windows\system32\8FA2.tmp 2011-07-05 22:18:36 -------- d-----w- c:\program files\Sophos 2011-07-02 02:05:28 -------- d-----w- c:\users\deb\appdata\roaming\AVG10 2011-07-02 02:02:34 -------- d-----w- c:\windows\system32\drivers\AVG 2011-07-02 02:02:34 -------- d-----w- c:\programdata\AVG10 2011-07-02 01:53:24 -------- d-----w- c:\programdata\MFAData 2011-07-02 01:32:43 -------- d-sh--w- C:\$RECYCLE.BIN 2011-07-02 00:37:27 -------- d-----w- C:\ComboFix 2011-07-01 21:40:28 98816 ----a-w- c:\windows\sed.exe 2011-07-01 21:40:28 518144 ----a-w- c:\windows\SWREG.exe 2011-07-01 21:40:28 256000 ----a-w- c:\windows\PEV.exe 2011-07-01 21:40:28 208896 ----a-w- c:\windows\MBR.exe 2011-07-01 20:20:34 -------- d-----w- c:\programdata\Kaspersky Lab 2011-07-01 20:17:04 37392 ----a-w- c:\windows\system32\drivers\19621722.sys 2011-07-01 20:17:03 311312 ----a-w- c:\windows\system32\drivers\1962172.sys 2011-07-01 20:17:03 128016 ----a-w- c:\windows\system32\drivers\19621721.sys 2011-07-01 18:57:04 -------- d-----w- c:\users\deb\appdata\roaming\SUPERAntiSpyware.com 2011-07-01 18:57:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-06-30 23:02:53 -------- d-----w- c:\program files\STOPzilla! 2011-06-30 23:02:52 -------- d-----w- c:\programdata\STOPzilla! 2011-06-30 23:02:52 -------- d-----w- c:\program files\common files\iS3 2011-06-30 19:16:38 -------- d-----w- c:\users\deb\appdata\roaming\Malwarebytes 2011-06-29 22:41:49 -------- d--h--w- c:\users\deb\appdata\local\Apple Computer 2011-06-29 19:44:36 294912 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-28 22:58:32 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll 2011-06-28 22:58:30 546256 ----a-r- c:\windows\system32\SZComp5.dll 2011-06-28 22:58:30 456144 ----a-r- c:\windows\system32\SZBase5.dll 2011-06-28 22:58:30 398800 ----a-r- c:\windows\system32\IS3DBA5.dll 2011-06-28 22:58:30 28624 ----a-r- c:\windows\system32\IS3XDat5.dll 2011-06-28 22:58:30 22992 ----a-r- c:\windows\system32\SZIO5.dll 2011-06-28 22:58:28 99792 ----a-r- c:\windows\system32\IS3Svc5.dll 2011-06-28 22:58:28 99792 ----a-r- c:\windows\system32\IS3Inet5.dll 2011-06-28 22:58:28 67024 ----a-r- c:\windows\system32\IS3Hks5.dll 2011-06-28 22:58:28 390608 ----a-r- c:\windows\system32\IS3UI5.dll 2011-06-28 22:58:28 230864 ----a-r- c:\windows\system32\IS3Win325.dll 2011-06-28 22:58:26 738768 ----a-r- c:\windows\system32\IS3Base5.dll 2011-06-16 13:01:50 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 13:01:49 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 13:01:48 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-16 13:00:38 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-16 13:00:38 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 13:00:38 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-16 13:00:38 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 13:00:37 338944 ----a-w- c:\windows\system32\drivers\afd.sys . ==================== Find3M ==================== . 2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll 2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec 2011-04-15 02:28:30 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys 2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe . ============= FINISH: 22:06:49.61 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.