Undetectable browser hijack (9newstoday)

[Maniac]

You have a problem with step 1 or with both of them?

[3ntrh0py]

Well with step 1. Haven't tried step 2 since it requires step 1 to be done.

[Maniac]

In this case, skip it and proceed with step 2.

[3ntrh0py]

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Gigabyte Technology Co., Ltd.

BIOS Manufacturer: Award Software International, Inc.

System Manufacturer: Gigabyte Technology Co., Ltd.

System Product Name: GA-MA790GPT-UD3H

Logical Drives Mask: 0x0000003d

Kernel Drivers (total 170):

0x03456000 \SystemRoot\system32\ntoskrnl.exe

0x0340D000 \SystemRoot\system32\hal.dll

0x00B9C000 \SystemRoot\system32\kdcom.dll

0x00CAC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

0x00CB9000 \SystemRoot\system32\PSHED.dll

0x00CCD000 \SystemRoot\system32\CLFS.SYS

0x00D2B000 \SystemRoot\system32\CI.dll

0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00DEB000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00EB3000 \SystemRoot\System32\Drivers\spuc.sys

0x00FD9000 \SystemRoot\System32\Drivers\WMILIB.SYS

0x00E00000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

0x00E2F000 \SystemRoot\system32\drivers\ACPI.sys

0x00E86000 \SystemRoot\system32\drivers\msisadrv.sys

0x00E90000 \SystemRoot\system32\drivers\vdrvroot.sys

0x010B8000 \SystemRoot\system32\drivers\pci.sys

0x010EB000 \SystemRoot\System32\drivers\partmgr.sys

0x01100000 \SystemRoot\system32\drivers\volmgr.sys

0x01115000 \SystemRoot\System32\drivers\volmgrx.sys

0x01171000 \SystemRoot\system32\drivers\pciide.sys

0x01178000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x01188000 \SystemRoot\System32\Drivers\DiskSec.sys

0x01192000 \SystemRoot\System32\drivers\mountmgr.sys

0x011AC000 \SystemRoot\system32\drivers\vmbus.sys

0x011E8000 \SystemRoot\system32\drivers\winhv.sys

0x01000000 \SystemRoot\system32\drivers\atapi.sys

0x01009000 \SystemRoot\system32\drivers\ataport.SYS

0x01033000 \SystemRoot\system32\drivers\amdxata.sys

0x0103E000 \SystemRoot\system32\drivers\fltmgr.sys

0x0108A000 \SystemRoot\system32\drivers\fileinfo.sys

0x0109E000 \SystemRoot\system32\DRIVERS\Lbd.sys

0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys

0x014FD000 \SystemRoot\System32\Drivers\msrpc.sys

0x0155B000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01576000 \SystemRoot\System32\Drivers\cng.sys

0x015E8000 \SystemRoot\System32\drivers\pcw.sys

0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x0140A000 \SystemRoot\system32\drivers\ndis.sys

0x01623000 \SystemRoot\system32\drivers\NETIO.SYS

0x01683000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x0186D000 \SystemRoot\System32\drivers\tcpip.sys

0x01A71000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01ABB000 \SystemRoot\system32\drivers\vmstorfl.sys

0x01ACB000 \SystemRoot\system32\drivers\volsnap.sys

0x01B17000 \SystemRoot\System32\Drivers\spldr.sys

0x01B1F000 \SystemRoot\System32\drivers\rdyboost.sys

0x01B59000 \SystemRoot\System32\Drivers\mup.sys

0x01B6B000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01B74000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01BAE000 \SystemRoot\system32\DRIVERS\disk.sys

0x01BC4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01836000 \SystemRoot\system32\drivers\cdrom.sys

0x016AE000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x01860000 \SystemRoot\System32\Drivers\Null.SYS

0x01BF4000 \SystemRoot\System32\Drivers\Beep.SYS

0x016DF000 \SystemRoot\System32\drivers\vga.sys

0x016ED000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01712000 \SystemRoot\System32\drivers\watchdog.sys

0x01722000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x0172B000 \SystemRoot\system32\drivers\rdpencdd.sys

0x01734000 \SystemRoot\system32\drivers\rdprefmp.sys

0x0173D000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01748000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01759000 \SystemRoot\system32\DRIVERS\tdx.sys

0x0177B000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01788000 \SystemRoot\System32\DRIVERS\netbt.sys

0x04000000 \SystemRoot\system32\drivers\afd.sys

0x04089000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x04094000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x0409D000 \SystemRoot\system32\DRIVERS\pacer.sys

0x040C3000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x040D9000 \SystemRoot\system32\DRIVERS\netbios.sys

0x040E8000 \SystemRoot\system32\DRIVERS\serial.sys

0x04105000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

0x04148000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04163000 \SystemRoot\system32\drivers\termdd.sys

0x04177000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x041C8000 \SystemRoot\system32\drivers\nsiproxy.sys

0x041D4000 \SystemRoot\system32\drivers\mssmbios.sys

0x041DF000 \SystemRoot\System32\drivers\discache.sys

0x06E17000 \SystemRoot\system32\drivers\csc.sys

0x06E9A000 \SystemRoot\System32\Drivers\dfsc.sys

0x06EB8000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x06EC9000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x06EEF000 \SystemRoot\system32\DRIVERS\amdppm.sys

0x06F04000 \SystemRoot\system32\drivers\wmiacpi.sys

0x06F0D000 \SystemRoot\system32\DRIVERS\atikmpag.sys

0x074DE000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x06C1F000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x06D13000 \SystemRoot\System32\drivers\dxgmms1.sys

0x06D59000 \SystemRoot\system32\drivers\HDAudBus.sys

0x07F44000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x06D7D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x06D8A000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x06D95000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x06DEB000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x07400000 \SystemRoot\system32\drivers\1394ohci.sys

0x06C00000 \SystemRoot\system32\DRIVERS\fdc.sys

0x06C0D000 \SystemRoot\system32\DRIVERS\serenum.sys

0x0743E000 \SystemRoot\system32\drivers\CompositeBus.sys

0x0744E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x07464000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x07488000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x07494000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x074C3000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x07FC9000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x06F62000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x07FF5000 \SystemRoot\system32\DRIVERS\VKbms.sys

0x06F7C000 \SystemRoot\System32\drivers\mshidkmdf.sys

0x06F84000 \SystemRoot\System32\drivers\HIDCLASS.SYS

0x06F9D000 \SystemRoot\System32\drivers\HIDPARSE.SYS

0x06FA6000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x06FB1000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x06FC0000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x06C19000 \SystemRoot\system32\drivers\swenum.sys

0x01200000 \SystemRoot\system32\drivers\ks.sys

0x06FCF000 \SystemRoot\system32\DRIVERS\amdiox64.sys

0x06FE3000 \SystemRoot\system32\drivers\umbus.sys

0x090FA000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x09154000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0x0915F000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x09174000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x09181000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x0918F000 \SystemRoot\system32\drivers\AtihdW76.sys

0x091A9000 \SystemRoot\system32\drivers\portcls.sys

0x09000000 \SystemRoot\system32\drivers\drmk.sys

0x09022000 \SystemRoot\system32\drivers\ksthunk.sys

0x09819000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x09028000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x09800000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x0980E000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x09045000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x09062000 \SystemRoot\system32\drivers\usbaudio.sys

0x0907D000 \SystemRoot\system32\drivers\WRfiltv.sys

0x09810000 \SystemRoot\system32\drivers\danew.sys

0x000C0000 \SystemRoot\System32\win32k.sys

0x0908B000 \SystemRoot\System32\drivers\Dxapi.sys

0x09097000 \SystemRoot\System32\Drivers\crashdmp.sys

0x090A5000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x090B1000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x090BA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x090CD000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00510000 \SystemRoot\System32\TSDDD.dll

0x00740000 \SystemRoot\System32\cdd.dll

0x00930000 \SystemRoot\System32\ATMFD.DLL

0x01800000 \SystemRoot\system32\drivers\luafv.sys

0x017CD000 \SystemRoot\system32\drivers\WudfPf.sys

0x090DB000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x048E0000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x04933000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x04946000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x04800000 \SystemRoot\system32\drivers\HTTP.sys

0x0495E000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x0498F000 \SystemRoot\system32\DRIVERS\bowser.sys

0x049AD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x08E22000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x08E70000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x08E94000 \SystemRoot\System32\DRIVERS\srv2.sys

0x08EFD000 \SystemRoot\System32\DRIVERS\srv.sys

0x0C0FD000 \SystemRoot\system32\DRIVERS\netr7364.sys

0x0C1B3000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x0C1C0000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

0x0C000000 \SystemRoot\system32\drivers\peauth.sys

0x0C0A6000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0C0B1000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0C0C3000 \??\C:\Windows\gdrv.sys

0x0C0CC000 \SystemRoot\system32\DRIVERS\hamachi.sys

0x777B0000 \Windows\System32\ntdll.dll

0x475C0000 \Windows\System32\smss.exe

0xFFAD0000 \Windows\System32\apisetschema.dll

Processes (total 60):

0 System Idle Process

4 System

316 C:\Windows\System32\smss.exe

460 csrss.exe

532 C:\Windows\System32\wininit.exe

564 csrss.exe

588 C:\Windows\System32\services.exe

604 C:\Windows\System32\lsass.exe

612 C:\Windows\System32\lsm.exe

736 C:\Windows\System32\winlogon.exe

768 C:\Windows\System32\svchost.exe

844 C:\Windows\System32\svchost.exe

908 C:\Windows\System32\atiesrxx.exe

972 C:\Windows\System32\svchost.exe

1016 C:\Windows\System32\svchost.exe

340 C:\Windows\System32\svchost.exe

1044 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

1080 C:\Windows\System32\svchost.exe

1172 C:\Windows\System32\atieclxx.exe

1188 C:\Windows\System32\svchost.exe

1444 C:\Windows\System32\spoolsv.exe

1472 C:\Windows\System32\svchost.exe

1624 C:\Windows\System32\taskhost.exe

1700 C:\Windows\System32\dwm.exe

1812 C:\Windows\explorer.exe

1964 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1984 C:\Windows\SysWOW64\svchost.exe

2004 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

548 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2064 C:\Program Files\Bonjour\mDNSResponder.exe

2120 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe

2268 C:\Windows\SysWOW64\PnkBstrA.exe

2364 C:\Windows\System32\svchost.exe

2488 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2568 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

2660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

1780 C:\Windows\System32\svchost.exe

3544 C:\Windows\System32\SearchIndexer.exe

3608 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

3776 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

3784 C:\Program Files\Microsoft IntelliType Pro\itype.exe

3940 C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

3324 C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

3524 C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

1592 C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

2780 C:\Windows\System32\svchost.exe

3832 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2856 C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

456 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

2436 C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe

648 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

2684 C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.124\deploy\LolClient.exe

3112 C:\Windows\System32\audiodg.exe

3600 C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe

2984 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

784 C:\Windows\System32\SearchProtocolHost.exe

2308 C:\Windows\System32\SearchFilterHost.exe

984 C:\Users\Max\Desktop\MBRCheck.exe

2104 C:\Windows\System32\conhost.exe

2840 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000049`3e096000 (NTFS)

PhysicalDrive0 Model Number: ST3750528AS, Rev: CC38

Size Device Name MBR Status

--------------------------------------------

698 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done!

[Maniac]

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter >>choice<< and press Enter

The following dialog will be presented:

Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive:

Enter >>choice<< and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:

Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit...

Press Enter. A report will be produced on the desktop. Post that report in your next reply.

[3ntrh0py]

Done. Computer bluescreened on restart, guess it was really my RAM and I have been on a lucky streak for a couple of days...

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:  
Windows Version:  Windows 7 Ultimate Edition
Windows Information:  Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer:  Award Software International, Inc.
System Manufacturer:  Gigabyte Technology Co., Ltd.
System Product Name:  GA-MA790GPT-UD3H
Logical Drives Mask:  0x0000003d
Kernel Drivers (total 170):
  0x03456000 \SystemRoot\system32\ntoskrnl.exe
  0x0340D000 \SystemRoot\system32\hal.dll
  0x00B9C000 \SystemRoot\system32\kdcom.dll
  0x00CAC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00CB9000 \SystemRoot\system32\PSHED.dll
  0x00CCD000 \SystemRoot\system32\CLFS.SYS
  0x00D2B000 \SystemRoot\system32\CI.dll
  0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00DEB000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00EB3000 \SystemRoot\System32\Drivers\spuc.sys
  0x00FD9000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x00E00000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x00E2F000 \SystemRoot\system32\drivers\ACPI.sys
  0x00E86000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00E90000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x010B8000 \SystemRoot\system32\drivers\pci.sys
  0x010EB000 \SystemRoot\System32\drivers\partmgr.sys
  0x01100000 \SystemRoot\system32\drivers\volmgr.sys
  0x01115000 \SystemRoot\System32\drivers\volmgrx.sys
  0x01171000 \SystemRoot\system32\drivers\pciide.sys
  0x01178000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x01188000 \SystemRoot\System32\Drivers\DiskSec.sys
  0x01192000 \SystemRoot\System32\drivers\mountmgr.sys
  0x011AC000 \SystemRoot\system32\drivers\vmbus.sys
  0x011E8000 \SystemRoot\system32\drivers\winhv.sys
  0x01000000 \SystemRoot\system32\drivers\atapi.sys
  0x01009000 \SystemRoot\system32\drivers\ataport.SYS
  0x01033000 \SystemRoot\system32\drivers\amdxata.sys
  0x0103E000 \SystemRoot\system32\drivers\fltmgr.sys
  0x0108A000 \SystemRoot\system32\drivers\fileinfo.sys
  0x0109E000 \SystemRoot\system32\DRIVERS\Lbd.sys
  0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x014FD000 \SystemRoot\System32\Drivers\msrpc.sys
  0x0155B000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01576000 \SystemRoot\System32\Drivers\cng.sys
  0x015E8000 \SystemRoot\System32\drivers\pcw.sys
  0x01400000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0140A000 \SystemRoot\system32\drivers\ndis.sys
  0x01623000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01683000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x0186D000 \SystemRoot\System32\drivers\tcpip.sys
  0x01A71000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01ABB000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x01ACB000 \SystemRoot\system32\drivers\volsnap.sys
  0x01B17000 \SystemRoot\System32\Drivers\spldr.sys
  0x01B1F000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01B59000 \SystemRoot\System32\Drivers\mup.sys
  0x01B6B000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01B74000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01BAE000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01BC4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01836000 \SystemRoot\system32\drivers\cdrom.sys
  0x016AE000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x01860000 \SystemRoot\System32\Drivers\Null.SYS
  0x01BF4000 \SystemRoot\System32\Drivers\Beep.SYS
  0x016DF000 \SystemRoot\System32\drivers\vga.sys
  0x016ED000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x01712000 \SystemRoot\System32\drivers\watchdog.sys
  0x01722000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x0172B000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x01734000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x0173D000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x01748000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x01759000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x0177B000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x01788000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x04000000 \SystemRoot\system32\drivers\afd.sys
  0x04089000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x04094000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x0409D000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x040C3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x040D9000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x040E8000 \SystemRoot\system32\DRIVERS\serial.sys
  0x04105000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x04148000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x04163000 \SystemRoot\system32\drivers\termdd.sys
  0x04177000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x041C8000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x041D4000 \SystemRoot\system32\drivers\mssmbios.sys
  0x041DF000 \SystemRoot\System32\drivers\discache.sys
  0x06E17000 \SystemRoot\system32\drivers\csc.sys
  0x06E9A000 \SystemRoot\System32\Drivers\dfsc.sys
  0x06EB8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x06EC9000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x06EEF000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x06F04000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x06F0D000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x074DE000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x06C1F000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x06D13000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x06D59000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x07F44000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x06D7D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x06D8A000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x06D95000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x06DEB000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x07400000 \SystemRoot\system32\drivers\1394ohci.sys
  0x06C00000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x06C0D000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x0743E000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x0744E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x07464000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x07488000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x07494000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x074C3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x07FC9000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x06F62000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x07FF5000 \SystemRoot\system32\DRIVERS\VKbms.sys
  0x06F7C000 \SystemRoot\System32\drivers\mshidkmdf.sys
  0x06F84000 \SystemRoot\System32\drivers\HIDCLASS.SYS
  0x06F9D000 \SystemRoot\System32\drivers\HIDPARSE.SYS
  0x06FA6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x06FB1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x06FC0000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x06C19000 \SystemRoot\system32\drivers\swenum.sys
  0x01200000 \SystemRoot\system32\drivers\ks.sys
  0x06FCF000 \SystemRoot\system32\DRIVERS\amdiox64.sys
  0x06FE3000 \SystemRoot\system32\drivers\umbus.sys
  0x090FA000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x09154000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x0915F000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x09174000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x09181000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x0918F000 \SystemRoot\system32\drivers\AtihdW76.sys
  0x091A9000 \SystemRoot\system32\drivers\portcls.sys
  0x09000000 \SystemRoot\system32\drivers\drmk.sys
  0x09022000 \SystemRoot\system32\drivers\ksthunk.sys
  0x09819000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x09028000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x09800000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x0980E000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x09045000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x09062000 \SystemRoot\system32\drivers\usbaudio.sys
  0x0907D000 \SystemRoot\system32\drivers\WRfiltv.sys
  0x09810000 \SystemRoot\system32\drivers\danew.sys
  0x000C0000 \SystemRoot\System32\win32k.sys
  0x0908B000 \SystemRoot\System32\drivers\Dxapi.sys
  0x09097000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x090A5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x090B1000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x090BA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x090CD000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x00510000 \SystemRoot\System32\TSDDD.dll
  0x00740000 \SystemRoot\System32\cdd.dll
  0x00930000 \SystemRoot\System32\ATMFD.DLL
  0x01800000 \SystemRoot\system32\drivers\luafv.sys
  0x017CD000 \SystemRoot\system32\drivers\WudfPf.sys
  0x090DB000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x048E0000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x04933000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x04946000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x04800000 \SystemRoot\system32\drivers\HTTP.sys
  0x0495E000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x0498F000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x049AD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x08E22000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x08E70000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x08E94000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x08EFD000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0C0FD000 \SystemRoot\system32\DRIVERS\netr7364.sys
  0x0C1B3000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x0C1C0000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
  0x0C000000 \SystemRoot\system32\drivers\peauth.sys
  0x0C0A6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x0C0B1000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x0C0C3000 \??\C:\Windows\gdrv.sys
  0x0C0CC000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x777B0000 \Windows\System32\ntdll.dll
  0x475C0000 \Windows\System32\smss.exe
  0xFFAD0000 \Windows\System32\apisetschema.dll
Processes (total 61):
	   0 System Idle Process
	   4 System
	 316 C:\Windows\System32\smss.exe
	 460 csrss.exe
	 532 C:\Windows\System32\wininit.exe
	 564 csrss.exe
	 588 C:\Windows\System32\services.exe
	 604 C:\Windows\System32\lsass.exe
	 612 C:\Windows\System32\lsm.exe
	 736 C:\Windows\System32\winlogon.exe
	 768 C:\Windows\System32\svchost.exe
	 844 C:\Windows\System32\svchost.exe
	 908 C:\Windows\System32\atiesrxx.exe
	 972 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
	 340 C:\Windows\System32\svchost.exe
    1044 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1080 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\atieclxx.exe
    1188 C:\Windows\System32\svchost.exe
    1444 C:\Windows\System32\spoolsv.exe
    1472 C:\Windows\System32\svchost.exe
    1624 C:\Windows\System32\taskhost.exe
    1700 C:\Windows\System32\dwm.exe
    1812 C:\Windows\explorer.exe
    1964 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1984 C:\Windows\SysWOW64\svchost.exe
    2004 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
	 548 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2064 C:\Program Files\Bonjour\mDNSResponder.exe
    2120 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
    2268 C:\Windows\SysWOW64\PnkBstrA.exe
    2364 C:\Windows\System32\svchost.exe
    2488 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2568 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    2660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    1780 C:\Windows\System32\svchost.exe
    3544 C:\Windows\System32\SearchIndexer.exe
    3608 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    3776 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    3784 C:\Program Files\Microsoft IntelliType Pro\itype.exe
    3940 C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    3324 C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
    3524 C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
    1592 C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    2780 C:\Windows\System32\svchost.exe
    3832 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2856 C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
	 456 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    2436 C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
	 648 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2684 C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.124\deploy\LolClient.exe
    3112 C:\Windows\System32\audiodg.exe
    3600 C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
    2984 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    3988 <unknown>
    2204 C:\Windows\System32\SearchProtocolHost.exe
    2060 C:\Windows\System32\SearchFilterHost.exe
    3732 C:\Users\Max\Desktop\MBRCheck.exe
    1168 C:\Windows\System32\conhost.exe
    1740 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000049`3e096000  (NTFS)
PhysicalDrive0 Model Number: ST3750528AS, Rev: CC38   
	  Size  Device Name		  MBR Status
  --------------------------------------------
    698 GB  \\.\PhysicalDrive0   MBR Code Faked!
		    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

[Maniac]

It would be a problem. Please try the same way in Safe Mode:

http://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode

[3ntrh0py]

Done, didn't BSOD.

Here's the log:

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:  
Windows Version:  Windows 7 Ultimate Edition
Windows Information:  Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer:  Award Software International, Inc.
System Manufacturer:  Gigabyte Technology Co., Ltd.
System Product Name:  GA-MA790GPT-UD3H
Logical Drives Mask:  0x0000003d
Kernel Drivers (total 102):
  0x0281F000 \SystemRoot\system32\ntoskrnl.exe
  0x02E08000 \SystemRoot\system32\hal.dll
  0x00BA7000 \SystemRoot\system32\kdcom.dll
  0x00C26000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00C33000 \SystemRoot\system32\PSHED.dll
  0x00C47000 \SystemRoot\system32\CLFS.SYS
  0x00CA5000 \SystemRoot\system32\CI.dll
  0x00E74000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F18000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x0115C000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x01165000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x01194000 \SystemRoot\system32\drivers\ACPI.sys
  0x011EB000 \SystemRoot\system32\drivers\msisadrv.sys
  0x01000000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00F27000 \SystemRoot\system32\drivers\pci.sys
  0x0100D000 \SystemRoot\System32\drivers\partmgr.sys
  0x00F5A000 \SystemRoot\system32\drivers\volmgr.sys
  0x00F6F000 \SystemRoot\System32\drivers\volmgrx.sys
  0x01022000 \SystemRoot\system32\drivers\pciide.sys
  0x00FCB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x01029000 \SystemRoot\System32\Drivers\DiskSec.sys
  0x00FDB000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00E00000 \SystemRoot\system32\drivers\vmbus.sys
  0x00E3C000 \SystemRoot\system32\drivers\winhv.sys
  0x011F5000 \SystemRoot\system32\drivers\atapi.sys
  0x00D65000 \SystemRoot\system32\drivers\ataport.SYS
  0x00E50000 \SystemRoot\system32\drivers\amdxata.sys
  0x00D8F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x00E5B000 \SystemRoot\system32\drivers\fileinfo.sys
  0x00DDB000 \SystemRoot\system32\DRIVERS\Lbd.sys
  0x01246000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01405000 \SystemRoot\System32\Drivers\msrpc.sys
  0x01463000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x0147E000 \SystemRoot\System32\Drivers\cng.sys
  0x014F0000 \SystemRoot\System32\drivers\pcw.sys
  0x01501000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0150B000 \SystemRoot\system32\drivers\ndis.sys
  0x01688000 \SystemRoot\system32\drivers\NETIO.SYS
  0x016E8000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x0183E000 \SystemRoot\System32\drivers\tcpip.sys
  0x01A42000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01A8C000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x01A9C000 \SystemRoot\system32\drivers\volsnap.sys
  0x01AF0000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01B2A000 \SystemRoot\System32\Drivers\mup.sys
  0x01B3C000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01B45000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01B7F000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01B95000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01800000 \SystemRoot\System32\Drivers\Null.SYS
  0x01809000 \SystemRoot\System32\Drivers\Beep.SYS
  0x01810000 \SystemRoot\System32\drivers\vga.sys
  0x01713000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x0181E000 \SystemRoot\System32\drivers\watchdog.sys
  0x0182E000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x01738000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x01749000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x01752000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x01776000 \SystemRoot\system32\drivers\cdrom.sys
  0x017A0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x017AD000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x01600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x01656000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x017B8000 \SystemRoot\system32\drivers\1394ohci.sys
  0x01667000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x01674000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x013E9000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x01200000 \SystemRoot\system32\drivers\mssmbios.sys
  0x0120B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x01216000 \SystemRoot\system32\drivers\termdd.sys
  0x0122A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x01033000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x01839000 \SystemRoot\system32\drivers\swenum.sys
  0x01042000 \SystemRoot\system32\drivers\ks.sys
  0x01085000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x010C8000 \SystemRoot\system32\DRIVERS\amdiox64.sys
  0x010DC000 \SystemRoot\system32\drivers\umbus.sys
  0x010EE000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x01239000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x01BC5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x01BE2000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x01BE4000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x00C00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x01BF2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x09E29000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x09E46000 \SystemRoot\system32\drivers\danew.sys
  0x09E49000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x000A0000 \SystemRoot\System32\win32k.sys
  0x09E56000 \SystemRoot\System32\drivers\Dxapi.sys
  0x005B0000 \SystemRoot\System32\drivers\dxg.sys
  0x006B0000 \SystemRoot\System32\TSDDD.dll
  0x09E62000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x008C0000 \SystemRoot\System32\framebuf.dll
  0x00A70000 \SystemRoot\System32\ATMFD.DLL
  0x09E70000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x09E7E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x09E8A000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x09E93000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x09EA6000 \SystemRoot\system32\drivers\WudfPf.sys
  0x773E0000 \Windows\System32\ntdll.dll
  0x47F20000 \Windows\System32\smss.exe
  0xFF700000 \Windows\System32\apisetschema.dll
Processes (total 24):
	   0 System Idle Process
	   4 System
	 288 C:\Windows\System32\smss.exe
	 384 csrss.exe
	 412 C:\Windows\System32\wininit.exe
	 436 csrss.exe
	 472 C:\Windows\System32\services.exe
	 488 C:\Windows\System32\lsass.exe
	 496 C:\Windows\System32\lsm.exe
	 580 C:\Windows\System32\winlogon.exe
	 644 C:\Windows\System32\svchost.exe
	 724 C:\Windows\System32\svchost.exe
	 808 C:\Windows\System32\svchost.exe
	 860 C:\Windows\System32\svchost.exe
	 900 C:\Windows\System32\svchost.exe
	 988 C:\Windows\System32\svchost.exe
    1036 C:\Windows\explorer.exe
    1144 WmiPrvSE.exe
    1292 C:\Windows\System32\ctfmon.exe
    1348 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
    1660 C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
    1712 C:\Users\Max\Desktop\MBRCheck.exe
    1720 C:\Windows\System32\conhost.exe
    1736 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000049`3e096000  (NTFS)
PhysicalDrive0 Model Number: ST3750528AS, Rev: CC38   
	  Size  Device Name		  MBR Status
  --------------------------------------------
    698 GB  \\.\PhysicalDrive0   MBR Code Faked!
		    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

[3ntrh0py]

Have we hit a dead-end?

[Maniac]

No, I just want some time to thinking about the situation.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[3ntrh0py]

Alright, done. I had to burn a repair disk since I didn't have the option in Advanced Boot Options and my roommate (owner of the infected computer) lost his windows cd.

By the way, I noticed something. When I start firefox on his computer after a reboot it always asks me if I want it to be my default browser. Like if it was not keeping the setting. Might give you a hint on how the malware works. I don't know... You're the virus guru, not me! ^^

Here's your log:

Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-07 20:07:19
Running from G:\
Windows 7 Ultimate   (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873256 2011-08-10] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248320 2011-03-21] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1987976 2012-02-02] (LogMeIn Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
==================== Services (Whitelisted) ======
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd)
2 ES lite Service; "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE" [68136 2009-08-24] ()
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2011-05-26] (Macrovision Europe Ltd.)
2 gupdate1caaf6b7c225119; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2010-02-16] (Google Inc.)
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2343816 2012-02-02] (LogMeIn Inc.)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2012-01-08] (Lavasoft Limited)
3 maconfservice; "C:\Program Files (x86)\ma-config.com\maconfservice.exe" [251248 2010-09-12] (CybelSoft)
2 MAGIX StartUp Analyze Service; C:\Program Files (x86)\MAGIX\PC_Check_Tuning_2011_Download_Version\MXSAS.exe [196096 2010-11-18] (MAGIX AG)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 .1265402454; C:\Program Files (x86)\1265402454\Max1265402454L.exe [x]
2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_e286960.dll [x]
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]
========================== Drivers (Whitelisted) =============
3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10567680 2011-11-09] (Advanced Micro Devices, Inc.)
2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10567680 2011-11-09] (Advanced Micro Devices, Inc.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
0 DiskSec; C:\Windows\System32\Drivers\DiskSec.sys [27616 2009-09-23] (MAGIX)
3 driverhardwarev2x64; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [15872 2010-05-01] (CybelSoft)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-06-24] (DT Soft Ltd)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-02-07] (Windows (R) Server 2003 DDK provider)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2012-01-08] ()
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-12-23] (Lavasoft AB)
3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [1241952 2010-07-27] (Ralink Technology Corp.)
3 netr7364; C:\Windows\System32\DRIVERS\netr7364.sys [707072 2009-06-10] (Ralink Technology, Corp.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [19936 2011-09-02] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [13280 2011-09-02] ()
3 Razerlow; C:\Windows\System32\drivers\DB3G.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-06] (Duplex Secure Ltd.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 VKbms; C:\Windows\System32\DRIVERS\VKbms.sys [13312 2010-09-30] (Windows (R) Win 7 DDK provider)
3 WRfiltv; C:\Windows\System32\drivers\WRfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
2 BHDrvx64;  [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 cpuz132; \??\C:\Users\Max\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
3 dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 npggsvc; C:\Windows\system32\GameMon.des -service [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 X6va005; \??\C:\Users\Max\AppData\Local\Temp\005781B.tmp [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-02-07 14:41 - 2012-02-07 16:55 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-02-07 14:41 - 2012-02-07 16:55 - 0000392 ____A C:\Windows\Tasks\Ad-Aware Scan (Normal).job
2012-02-06 11:39 - 2012-02-06 11:39 - 0007939 ____A C:\Users\Max\Desktop\MBRCheck_02.06.12_14.39.25.txt
2012-02-06 11:39 - 2012-02-06 11:39 - 0000512 ____A C:\Users\Max\Desktop\MBRCheck_MBR_Backup_02-06-12_14-39-45.bak
2012-02-06 11:26 - 2012-02-06 11:26 - 0000512 ____A C:\Users\Max\Desktop\MBRCheck_MBR_Backup_02-06-12_14-26-43.bak
2012-02-06 11:25 - 2012-02-06 11:26 - 0013941 ____A C:\Users\Max\Desktop\MBRCheck_02.06.12_14.25.23.txt
2012-02-06 11:18 - 2012-02-06 11:19 - 0013477 ____A C:\Users\Max\Desktop\MBRCheck_02.06.12_14.18.27.txt
2012-02-06 11:18 - 2012-02-06 11:18 - 0080384 ____A C:\Users\Max\Desktop\MBRCheck.exe
2012-02-06 11:00 - 2012-02-06 11:00 - 4733440 ____A (AVAST Software) C:\Users\Max\Desktop\aswMBR.exe
2012-02-06 10:29 - 2012-02-06 10:29 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-02-06 10:26 - 2012-02-06 10:26 - 0000000 ____D C:\_OTL
2012-02-05 09:24 - 2012-02-05 09:24 - 0106532 ____A C:\Users\Max\Downloads\OTL.Txt
2012-02-05 09:24 - 2012-02-05 09:24 - 0049920 ____A C:\Users\Max\Downloads\Extras.Txt
2012-02-05 09:20 - 2012-02-05 09:20 - 0584192 ____A (OldTimer Tools) C:\Users\Max\Downloads\OTL.exe
2012-02-03 20:12 - 2012-02-03 20:12 - 0001403 ____A C:\Users\Max\Desktop\1.txt
2012-02-02 17:20 - 2012-02-02 17:20 - 1274150 ____A C:\Users\Max\Downloads\LOLReplay-0.7.6.4.exe
2012-02-01 12:26 - 2012-02-01 12:26 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-02-01 12:26 - 2012-02-01 12:26 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-02-01 12:22 - 2012-02-01 12:23 - 117637704 ____A C:\Users\Max\Downloads\setup_11.0.0.1245.x01_2012_02_01_22_48.exe
2012-01-31 16:33 - 2012-01-31 16:33 - 0000000 __SHD C:\$RECYCLE.BIN
2012-01-31 16:23 - 2012-01-31 16:23 - 0000000 ____D C:\Program Files (x86)\ESET
2012-01-31 15:00 - 2012-01-31 15:00 - 0023995 ____A C:\ComboFix.txt
2012-01-31 13:59 - 2012-01-31 15:00 - 0000000 ____D C:\ComboFix
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-01-31 13:04 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-01-31 13:04 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-01-31 13:04 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-01-31 13:04 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-01-31 13:04 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-01-31 13:04 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-01-31 13:04 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-01-31 13:04 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-01-31 13:01 - 2012-01-31 14:45 - 0000000 ____D C:\Windows\ERDNT
2012-01-31 12:58 - 2012-01-31 15:00 - 0000000 ____D C:\Qoobox
2012-01-30 13:27 - 2012-01-30 13:27 - 0013486 ____A C:\Windows\SysWOW64\hs_err_pid7320.log
2012-01-29 13:11 - 2012-01-29 13:11 - 0007614 ____A C:\Users\Max\Desktop\Attach.txt
2012-01-29 13:10 - 2012-01-29 13:10 - 0028444 ____A C:\Users\Max\Desktop\DDS.txt
2012-01-29 12:53 - 2012-01-29 12:53 - 0607260 ____R (Swearware) C:\Users\Max\Downloads\dds.com
2012-01-27 16:40 - 2012-01-27 16:42 - 0000000 ____D C:\Program Files (x86)\NCSoft
2012-01-25 10:30 - 2012-01-31 14:39 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-17 17:54 - 2012-02-07 16:54 - 0014551 ____A C:\aaw7boot.log
2012-01-17 17:25 - 2012-01-08 22:31 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2012-01-17 17:20 - 2012-01-17 17:20 - 0000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2012-01-17 17:20 - 2012-01-17 17:20 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-17 17:20 - 2012-01-17 17:20 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-17 17:20 - 2012-01-17 17:20 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-17 17:19 - 2012-01-17 17:19 - 10847608 ____A (Malwarebytes Corporation								    ) C:\Users\Max\Downloads\mbam-setup-1.60.0.1800.exe
2012-01-17 13:09 - 2011-11-16 22:49 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-17 13:09 - 2011-11-16 22:49 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-17 13:09 - 2011-11-16 22:44 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-17 13:09 - 2011-11-16 22:35 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-17 13:09 - 2011-11-16 22:35 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-17 13:09 - 2011-11-16 22:35 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-17 13:09 - 2011-11-16 22:35 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-17 13:09 - 2011-11-16 22:35 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-17 13:09 - 2011-11-16 22:35 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-17 13:09 - 2011-11-16 22:33 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-17 13:09 - 2011-11-16 21:35 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-01-17 13:09 - 2011-11-16 21:34 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-01-17 13:09 - 2011-11-16 21:34 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-01-17 13:09 - 2011-11-16 21:28 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-01-11 13:56 - 2011-11-19 06:58 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-11 13:56 - 2011-11-19 06:01 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-11 13:56 - 2011-11-16 22:41 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-11 13:56 - 2011-11-16 21:38 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-11 13:56 - 2011-10-25 21:25 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-11 13:56 - 2011-10-25 21:25 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-11 13:56 - 2011-10-25 20:32 - 1328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-11 13:56 - 2011-10-25 20:32 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-11 04:26 - 2012-01-11 04:26 - 0000000 ___AH C:\Users\Max\AppData\Local\{E7188838-4620-498D-AB3D-8D3AA87B5EF2}
2012-01-09 12:48 - 2012-01-09 12:48 - 0000000 ___AH C:\Users\Max\AppData\Local\{AE365B0B-0791-43A8-ACDC-458DC536F61A}
2012-01-08 22:31 - 2012-01-08 22:31 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-01-08 22:27 - 2012-02-06 11:41 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-01-08 22:27 - 2012-02-06 11:41 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-01-08 22:26 - 2012-01-08 22:26 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-01-08 22:26 - 2012-01-08 22:26 - 0000000 ____D C:\ProgramData\Lavasoft
2012-01-08 22:26 - 2012-01-08 22:26 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2012-01-08 22:26 - 2011-12-23 04:12 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
2012-01-08 22:25 - 2012-01-08 22:25 - 0000000 ____D C:\Users\All Users\ATI
2012-01-08 22:25 - 2012-01-08 22:25 - 0000000 ____D C:\ProgramData\ATI
2012-01-08 22:24 - 2012-01-08 22:24 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-01-08 22:15 - 2012-01-08 22:16 - 12410880 ____A C:\Users\Max\Downloads\Ad-Aware96Install.msi
2012-01-08 22:00 - 2012-01-11 04:10 - 0000573 ____A C:\Windows\wininit.ini

============ 3 Months Modified Files and Folders =============
2055-09-18 22:29 - 2009-09-18 22:00 - 0002012 ____A C:\Windows\SysWOW64\NAV_75_cltDynam.dat
2012-02-07 20:07 - 2012-02-07 20:07 - 0000000 ____D C:\FRST
2012-02-07 17:01 - 2010-02-16 16:59 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-02-07 16:58 - 2010-02-05 12:40 - 1788862 ____A C:\Windows\WindowsUpdate.log
2012-02-07 16:55 - 2012-02-07 14:41 - 0000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-02-07 16:55 - 2012-02-07 14:41 - 0000392 ____A C:\Windows\Tasks\Ad-Aware Scan (Normal).job
2012-02-07 16:55 - 2011-10-21 21:10 - 0000000 ____D C:\Users\Max\AppData\Local\LogMeIn Hamachi
2012-02-07 16:55 - 2011-09-15 15:12 - 0000322 ____A C:\Windows\Tasks\PCCT - MAGIX AG.job
2012-02-07 16:55 - 2010-02-16 16:59 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-02-07 16:55 - 2010-02-05 13:24 - 0025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-02-07 16:55 - 2010-02-05 13:15 - 0000144 ____A C:\service.log
2012-02-07 16:55 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-07 16:55 - 2009-07-13 20:51 - 0102875 ____A C:\Windows\setupact.log
2012-02-07 16:54 - 2012-01-17 17:54 - 0014551 ____A C:\aaw7boot.log
2012-02-07 16:54 - 2010-02-05 15:34 - 3220037632 __ASH C:\hiberfil.sys
2012-02-07 16:47 - 2011-10-05 16:18 - 0000000 ___HD C:\Users\Max\AppData\Local\PMB Files
2012-02-07 16:47 - 2009-07-13 21:13 - 0795618 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-07 16:38 - 2011-07-26 12:28 - 0000000 ____D C:\Users\Max\riotsGamesLogs
2012-02-07 14:48 - 2009-07-13 20:45 - 0017360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-07 14:48 - 2009-07-13 20:45 - 0017360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-07 14:41 - 2011-12-26 09:15 - 0288231 ____N C:\Windows\Minidump\020712-21762-01.dmp
2012-02-07 14:41 - 2010-07-28 16:52 - 0000000 ____D C:\Windows\Minidump
2012-02-07 14:25 - 2011-10-05 16:18 - 0000000 ____D C:\Users\All Users\PMB Files
2012-02-07 14:25 - 2011-10-05 16:18 - 0000000 ____D C:\ProgramData\PMB Files
2012-02-07 14:23 - 2011-12-26 09:15 - 0287783 ____N C:\Windows\Minidump\020712-21496-01.dmp
2012-02-07 14:16 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\020712-23290-01.dmp
2012-02-06 11:41 - 2012-01-08 22:27 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-02-06 11:41 - 2012-01-08 22:27 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-02-06 11:39 - 2012-02-06 11:39 - 0007939 ____A C:\Users\Max\Desktop\MBRCheck_02.06.12_14.39.25.txt
2012-02-06 11:39 - 2012-02-06 11:39 - 0000512 ____A C:\Users\Max\Desktop\MBRCheck_MBR_Backup_02-06-12_14-39-45.bak
2012-02-06 11:39 - 2010-04-25 11:49 - 13201694 ____A C:\Windows\ntbtlog.txt
2012-02-06 11:27 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\020612-24804-01.dmp
2012-02-06 11:26 - 2012-02-06 11:26 - 0000512 ____A C:\Users\Max\Desktop\MBRCheck_MBR_Backup_02-06-12_14-26-43.bak
2012-02-06 11:26 - 2012-02-06 11:25 - 0013941 ____A C:\Users\Max\Desktop\MBRCheck_02.06.12_14.25.23.txt
2012-02-06 11:19 - 2012-02-06 11:18 - 0013477 ____A C:\Users\Max\Desktop\MBRCheck_02.06.12_14.18.27.txt
2012-02-06 11:18 - 2012-02-06 11:18 - 0080384 ____A C:\Users\Max\Desktop\MBRCheck.exe
2012-02-06 11:00 - 2012-02-06 11:00 - 4733440 ____A (AVAST Software) C:\Users\Max\Desktop\aswMBR.exe
2012-02-06 10:29 - 2012-02-06 10:29 - 0000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-02-06 10:26 - 2012-02-06 10:26 - 0000000 ____D C:\_OTL
2012-02-05 09:24 - 2012-02-05 09:24 - 0106532 ____A C:\Users\Max\Downloads\OTL.Txt
2012-02-05 09:24 - 2012-02-05 09:24 - 0049920 ____A C:\Users\Max\Downloads\Extras.Txt
2012-02-05 09:20 - 2012-02-05 09:20 - 0584192 ____A (OldTimer Tools) C:\Users\Max\Downloads\OTL.exe
2012-02-05 09:20 - 2010-04-23 12:29 - 0000000 ____D C:\Users\Max\AppData\Roaming\Skype
2012-02-03 20:12 - 2012-02-03 20:12 - 0001403 ____A C:\Users\Max\Desktop\1.txt
2012-02-03 12:33 - 2010-02-06 09:29 - 0303734 ____A C:\Windows\PFRO.log
2012-02-03 12:33 - 2009-07-13 21:08 - 0032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-02 17:21 - 2011-07-29 11:21 - 0001995 ____A C:\Users\All Users\Start Menu\Programs\Startup\LOLRecorder.lnk
2012-02-02 17:21 - 2011-07-29 11:21 - 0000000 ____D C:\Program Files (x86)\LOLReplay
2012-02-02 17:20 - 2012-02-02 17:20 - 1274150 ____A C:\Users\Max\Downloads\LOLReplay-0.7.6.4.exe
2012-02-01 12:49 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\020112-25506-01.dmp
2012-02-01 12:26 - 2012-02-01 12:26 - 0000000 ____D C:\Users\All Users\Kaspersky Lab
2012-02-01 12:26 - 2012-02-01 12:26 - 0000000 ____D C:\ProgramData\Kaspersky Lab
2012-02-01 12:23 - 2012-02-01 12:22 - 117637704 ____A C:\Users\Max\Downloads\setup_11.0.0.1245.x01_2012_02_01_22_48.exe
2012-02-01 07:41 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\020112-35069-01.dmp
2012-02-01 07:14 - 2010-04-24 14:34 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-01 03:03 - 2011-12-26 09:15 - 0287719 ____N C:\Windows\Minidump\020112-37377-01.dmp
2012-02-01 03:02 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\020112-36067-01.dmp
2012-01-31 18:21 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\013112-28938-01.dmp
2012-01-31 16:33 - 2012-01-31 16:33 - 0000000 __SHD C:\$RECYCLE.BIN
2012-01-31 16:32 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\013112-36239-01.dmp
2012-01-31 16:23 - 2012-01-31 16:23 - 0000000 ____D C:\Program Files (x86)\ESET
2012-01-31 16:23 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-01-31 15:00 - 2012-01-31 15:00 - 0023995 ____A C:\ComboFix.txt
2012-01-31 15:00 - 2012-01-31 13:59 - 0000000 ____D C:\ComboFix
2012-01-31 15:00 - 2012-01-31 12:58 - 0000000 ____D C:\Qoobox
2012-01-31 15:00 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-01-31 15:00 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-01-31 14:45 - 2012-01-31 13:01 - 0000000 ____D C:\Windows\ERDNT
2012-01-31 14:41 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-01-31 14:39 - 2012-01-25 10:30 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-31 13:54 - 2011-12-26 09:15 - 0287847 ____N C:\Windows\Minidump\013112-26176-01.dmp
2012-01-31 13:51 - 2010-04-09 23:05 - 0000000 ____D C:\Program Files\Google
2012-01-31 13:51 - 2009-07-13 18:34 - 73662464 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-01-31 13:51 - 2009-07-13 18:34 - 22282240 ____A C:\Windows\System32\config\SYSTEM.bak
2012-01-31 13:51 - 2009-07-13 18:34 - 0786432 ____A C:\Windows\System32\config\DEFAULT.bak
2012-01-31 13:51 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-01-31 13:51 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-01-31 13:50 - 2012-01-31 13:50 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-01-31 13:45 - 2010-02-05 12:40 - 0000000 ____D C:\users\Max
2012-01-31 12:48 - 2010-04-09 23:05 - 0000000 ____D C:\Users\All Users\Google
2012-01-31 12:48 - 2010-04-09 23:05 - 0000000 ____D C:\ProgramData\Google
2012-01-31 12:48 - 2010-02-16 16:52 - 0000000 ____D C:\Users\Max\AppData\Local\Google
2012-01-31 12:48 - 2010-02-16 16:52 - 0000000 ____D C:\Program Files (x86)\Google
2012-01-31 12:46 - 2010-02-05 12:40 - 0000000 ____D C:\Users\Max\AppData\LocalLow
2012-01-30 13:27 - 2012-01-30 13:27 - 0013486 ____A C:\Windows\SysWOW64\hs_err_pid7320.log
2012-01-29 13:11 - 2012-01-29 13:11 - 0007614 ____A C:\Users\Max\Desktop\Attach.txt
2012-01-29 13:10 - 2012-01-29 13:10 - 0028444 ____A C:\Users\Max\Desktop\DDS.txt
2012-01-29 12:53 - 2012-01-29 12:53 - 0607260 ____R (Swearware) C:\Users\Max\Downloads\dds.com
2012-01-29 09:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-01-29 09:36 - 2011-02-12 12:49 - 0000000 ____D C:\Users\Max\AppData\Local\ApplicationHistory
2012-01-29 09:35 - 2011-12-26 13:13 - 0000000 ____D C:\Users\Max\AppData\Roaming\Razer
2012-01-29 09:35 - 2011-12-16 01:32 - 0000000 ____D C:\Users\Max\AppData\Roaming\PunkBuster
2012-01-29 09:35 - 2011-11-09 16:56 - 0000000 ____D C:\Users\Max\AppData\Local\Akamai
2012-01-29 09:35 - 2011-08-23 19:07 - 0000000 ____D C:\Users\Max\AppData\Roaming\TS3Client
2012-01-29 09:35 - 2011-04-30 05:43 - 0000000 ____D C:\Users\Max\AppData\Roaming\Notepad++
2012-01-29 09:35 - 2010-12-25 11:17 - 0000000 ____D C:\Users\Max\AppData\Local\Nero_AG
2012-01-29 09:35 - 2010-07-17 16:17 - 0000000 ____D C:\Users\Max\AppData\Roaming\ijjigame
2012-01-29 09:35 - 2010-04-15 20:08 - 0000000 ____D C:\Users\Max\AppData\Roaming\Bioshock
2012-01-29 09:35 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-01-29 09:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-01-29 09:31 - 2011-10-05 19:38 - 0000000 ____D C:\Users\Max\AppData\Local\PunkBuster
2012-01-29 09:31 - 2011-01-18 18:19 - 0000000 ____D C:\Users\Max\AppData\Local\2K Games
2012-01-29 09:31 - 2010-04-24 14:34 - 0000000 ____D C:\Users\Max\AppData\Local\Mozilla
2012-01-29 09:31 - 2010-04-23 20:01 - 0000000 ____D C:\Users\Max\AppData\Local\Ironclad Games
2012-01-29 09:31 - 2010-04-09 23:05 - 0000000 ____D C:\Users\Max\AppData\Local\Adobe
2012-01-29 09:31 - 2010-02-06 13:21 - 0000000 ____D C:\Users\Max\AppData\Local\Microsoft Games
2012-01-28 06:57 - 2010-02-12 22:17 - 0000000 ___HD C:\Users\Max\AppData\Local\CrashDumps
2012-01-27 16:42 - 2012-01-27 16:40 - 0000000 ____D C:\Program Files (x86)\NCSoft
2012-01-25 10:29 - 2011-04-30 07:05 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-01-25 10:29 - 2011-04-30 07:05 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-01-24 05:29 - 2011-08-23 19:07 - 0000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2012-01-22 19:10 - 2010-02-06 09:56 - 0000000 ____D C:\Program Files (x86)\Steam
2012-01-22 18:18 - 2011-12-26 09:15 - 0287335 ____N C:\Windows\Minidump\012212-31278-01.dmp
2012-01-22 18:17 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\012212-22698-01.dmp
2012-01-22 04:20 - 2011-12-26 09:15 - 0287911 ____N C:\Windows\Minidump\012212-22854-01.dmp
2012-01-22 03:14 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\012212-23571-01.dmp
2012-01-22 00:12 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\012212-27830-01.dmp
2012-01-21 14:37 - 2011-12-26 09:15 - 0287847 ____N C:\Windows\Minidump\012112-25381-01.dmp
2012-01-21 14:34 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\012112-30466-01.dmp
2012-01-21 09:59 - 2011-12-26 09:15 - 0288551 ____N C:\Windows\Minidump\012112-21668-01.dmp
2012-01-20 22:54 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\012112-23072-01.dmp
2012-01-20 16:43 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\012012-20436-01.dmp
2012-01-20 05:08 - 2011-06-24 22:10 - 0000000 ____D C:\Users\Max\Desktop\Random Stuff
2012-01-19 16:38 - 2011-12-26 09:15 - 0288103 ____N C:\Windows\Minidump\011912-19531-01.dmp
2012-01-19 16:23 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011912-21606-01.dmp
2012-01-19 15:09 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011912-21730-01.dmp
2012-01-18 22:34 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011912-21949-01.dmp
2012-01-18 14:17 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011812-24960-01.dmp
2012-01-18 09:16 - 2011-12-26 09:15 - 0288039 ____N C:\Windows\Minidump\011812-21278-01.dmp
2012-01-18 08:06 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011812-21668-01.dmp
2012-01-18 07:24 - 2011-12-26 09:15 - 0287335 ____N C:\Windows\Minidump\011812-20030-01.dmp
2012-01-18 07:23 - 2011-12-26 09:15 - 0288039 ____N C:\Windows\Minidump\011812-20420-01.dmp
2012-01-17 17:25 - 2010-02-06 11:41 - 0000000 ____D C:\Program Files (x86)\1265402454
2012-01-17 17:20 - 2012-01-17 17:20 - 0000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2012-01-17 17:20 - 2012-01-17 17:20 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-17 17:20 - 2012-01-17 17:20 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-17 17:20 - 2012-01-17 17:20 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-17 17:19 - 2012-01-17 17:19 - 10847608 ____A (Malwarebytes Corporation								    ) C:\Users\Max\Downloads\mbam-setup-1.60.0.1800.exe
2012-01-17 17:15 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011712-24866-01.dmp
2012-01-17 15:02 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011712-24180-01.dmp
2012-01-17 05:46 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011712-23696-01.dmp
2012-01-16 15:35 - 2011-12-26 09:15 - 0293175 ____N C:\Windows\Minidump\011612-19874-01.dmp
2012-01-16 01:41 - 2011-12-26 09:15 - 0287527 ____N C:\Windows\Minidump\011612-21902-01.dmp
2012-01-16 01:39 - 2011-12-26 09:15 - 0288295 ____N C:\Windows\Minidump\011612-21652-01.dmp
2012-01-16 01:26 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011612-24226-01.dmp
2012-01-15 22:50 - 2011-12-26 09:15 - 0288103 ____N C:\Windows\Minidump\011612-22011-01.dmp
2012-01-15 22:31 - 2011-12-26 09:15 - 0288231 ____N C:\Windows\Minidump\011612-23072-01.dmp
2012-01-15 20:01 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011512-28423-01.dmp
2012-01-15 00:08 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011512-30778-01.dmp
2012-01-12 04:06 - 2011-01-18 10:52 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-12 04:06 - 2011-01-18 10:52 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-12 04:04 - 2010-02-06 00:32 - 0789342 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-12 04:04 - 2010-02-06 00:27 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-11 23:08 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011212-27736-01.dmp
2012-01-11 23:03 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\011212-26223-01.dmp
2012-01-11 04:32 - 2011-12-26 09:15 - 0287399 ____N C:\Windows\Minidump\011112-29842-01.dmp
2012-01-11 04:28 - 2011-12-26 09:15 - 0287399 ____N C:\Windows\Minidump\011112-23946-01.dmp
2012-01-11 04:26 - 2012-01-11 04:26 - 0000000 ___AH C:\Users\Max\AppData\Local\{E7188838-4620-498D-AB3D-8D3AA87B5EF2}
2012-01-11 04:10 - 2012-01-08 22:00 - 0000573 ____A C:\Windows\wininit.ini
2012-01-09 12:49 - 2011-12-26 09:15 - 0287335 ____N C:\Windows\Minidump\010912-28828-01.dmp
2012-01-09 12:48 - 2012-01-09 12:48 - 0000000 ___AH C:\Users\Max\AppData\Local\{AE365B0B-0791-43A8-ACDC-458DC536F61A}
2012-01-08 22:31 - 2012-01-17 17:25 - 0016432 ____A C:\Windows\System32\lsdelete.exe
2012-01-08 22:31 - 2012-01-08 22:31 - 0055384 ____A (Sunbelt Software) C:\Windows\System32\Drivers\SBREDrv.sys
2012-01-08 22:26 - 2012-01-08 22:26 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-01-08 22:26 - 2012-01-08 22:26 - 0000000 ____D C:\ProgramData\Lavasoft
2012-01-08 22:26 - 2012-01-08 22:26 - 0000000 ____D C:\Program Files (x86)\Lavasoft
2012-01-08 22:25 - 2012-01-08 22:25 - 0000000 ____D C:\Users\All Users\ATI
2012-01-08 22:25 - 2012-01-08 22:25 - 0000000 ____D C:\ProgramData\ATI
2012-01-08 22:24 - 2012-01-08 22:24 - 0000000 ____D C:\Program Files (x86)\AMD APP
2012-01-08 22:24 - 2011-06-24 20:36 - 0000000 ____D C:\Users\All Users\AMD
2012-01-08 22:24 - 2011-06-24 20:36 - 0000000 ____D C:\ProgramData\AMD
2012-01-08 22:24 - 2010-02-05 13:21 - 0000000 ____D C:\Program Files\ATI Technologies
2012-01-08 22:16 - 2012-01-08 22:15 - 12410880 ____A C:\Users\Max\Downloads\Ad-Aware96Install.msi
2012-01-08 21:42 - 2010-04-25 11:52 - 0000000 ___HD C:\Users\Max\AppData\Local\ElevatedDiagnostics
2012-01-05 12:52 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\010512-19687-01.dmp
2012-01-04 19:15 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\010412-21028-01.dmp
2012-01-02 11:10 - 2011-12-26 09:15 - 0286703 ____N C:\Windows\Minidump\010212-25240-01.dmp
2011-12-31 08:08 - 2011-12-26 09:15 - 0288807 ____N C:\Windows\Minidump\123111-24242-01.dmp
2011-12-30 15:32 - 2011-12-30 15:32 - 0000000 ___HD C:\Users\Max\AppData\Local\WB Games
2011-12-30 15:25 - 2011-12-30 15:25 - 0000000 ____D C:\Users\All Users\RELOADED
2011-12-30 15:25 - 2011-12-30 15:25 - 0000000 ____D C:\ProgramData\RELOADED
2011-12-30 07:56 - 2011-12-30 07:56 - 0001375 ____A C:\Users\Public\Desktop\Lord of the Rings - War in the North.lnk
2011-12-30 07:46 - 2011-12-30 07:46 - 0000000 ____D C:\Program Files (x86)\Snowblind Studios
2011-12-29 17:20 - 2011-12-29 17:19 - 0000000 ____D C:\Program Files\iTunes
2011-12-29 17:20 - 2011-12-29 17:19 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-12-29 17:19 - 2011-12-29 17:19 - 0000000 ____D C:\Program Files\iPod
2011-12-29 17:18 - 2011-12-29 17:16 - 71316336 ____A (Apple Inc.) C:\Users\Max\Downloads\iTunes64Setup.exe
2011-12-29 17:03 - 2011-10-04 16:19 - 0041880 ____A C:\Users\Max\Downloads\umbrella.log
2011-12-29 17:03 - 2011-10-04 16:19 - 0040913 ____A C:\Users\Max\umbrella0.log
2011-12-29 17:03 - 2011-10-04 16:19 - 0001208 ____A C:\Windows\System32\Drivers\etc\hosts.umbrella
2011-12-26 14:02 - 2011-12-26 14:01 - 0922248 ____A (Skype Technologies S.A.) C:\Users\Max\Downloads\SkypeSetup(1).exe
2011-12-26 14:02 - 2010-04-23 12:29 - 0000000 ___RD C:\Program Files (x86)\Skype
2011-12-26 14:02 - 2010-04-23 12:29 - 0000000 ____D C:\Users\All Users\Skype
2011-12-26 14:02 - 2010-04-23 12:29 - 0000000 ____D C:\ProgramData\Skype
2011-12-26 13:55 - 2011-12-26 13:55 - 0980104 ____A (Skype Technologies S.A.) C:\Users\Max\Downloads\SkypeSetup.exe
2011-12-26 13:36 - 2011-12-26 13:25 - 0000000 ____D C:\Users\All Users\Creative
2011-12-26 13:36 - 2011-12-26 13:25 - 0000000 ____D C:\ProgramData\Creative
2011-12-26 13:31 - 2011-12-26 13:31 - 0000000 ___HD C:\Users\Max\AppData\Local\Creative
2011-12-26 13:29 - 2011-12-26 13:29 - 0000000 ____D C:\Users\All Users\Creative Labs
2011-12-26 13:29 - 2011-12-26 13:29 - 0000000 ____D C:\ProgramData\Creative Labs
2011-12-26 13:27 - 2011-12-26 13:27 - 0000000 ____D C:\Users\Max\AppData\Roaming\Creative
2011-12-26 13:23 - 2011-12-26 13:22 - 0000000 ___HD C:\Program Files (x86)\Creative Installation Information
2011-12-26 13:23 - 2011-12-26 13:21 - 0000000 ____D C:\Program Files\Creative
2011-12-26 13:23 - 2011-12-26 13:21 - 0000000 ____D C:\Program Files (x86)\Creative
2011-12-26 13:23 - 2010-02-05 12:59 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2011-12-26 13:22 - 2011-12-26 13:22 - 0466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2011-12-26 13:22 - 2011-12-26 13:22 - 0444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2011-12-26 13:22 - 2011-12-26 13:22 - 0122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2011-12-26 13:22 - 2011-12-26 13:22 - 0109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2011-12-26 13:22 - 2011-12-26 13:22 - 0000267 __RAH C:\Windows\ctfile.rfc
2011-12-26 13:13 - 2010-03-06 12:02 - 0019596 ____A C:\Windows\DPINST.LOG
2011-12-26 13:12 - 2011-12-26 13:12 - 0000000 ____D C:\Program Files (x86)\Razer
2011-12-26 13:12 - 2011-12-26 13:08 - 69891992 ____A (Creative Technology Ltd) C:\Users\Max\Downloads\SBWH_PCUSBDRV1_LB_1_01_0001.exe
2011-12-26 13:11 - 2011-12-26 13:11 - 12821736 ____A C:\Users\Max\Downloads\DeathAdder_driver_v3.03_eng.exe
2011-12-26 12:57 - 2011-12-26 09:58 - 33883681 ____A C:\Users\Max\Downloads\iPhone3,1_5.0.1_9A405_Restore.ipsw.part
2011-12-24 18:33 - 2011-12-24 18:33 - 0695296 ____A (AnjoCaido) C:\Users\Max\Downloads\Minecraft(1).exe
2011-12-24 18:31 - 2011-12-24 18:31 - 0695296 ____A (AnjoCaido) C:\Users\Max\Downloads\Minecraft.exe
2011-12-23 04:12 - 2012-01-08 22:26 - 0069376 ____A (Lavasoft AB) C:\Windows\System32\Drivers\Lbd.sys
2011-12-22 00:19 - 2011-07-29 11:21 - 0000000 ____D C:\Users\Max\Documents\LOLReplay
2011-12-21 09:48 - 2011-12-21 09:48 - 1245574 ____A C:\Users\Max\Downloads\LOLReplay-0.7.5.15.exe
2011-12-18 08:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2011-12-18 05:07 - 2011-12-18 05:07 - 0000000 ___HD C:\Users\Max\AppData\Local\DDMSettings
2011-12-18 00:12 - 2009-07-13 20:45 - 2340336 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-17 06:11 - 2011-12-17 06:11 - 0927072 ____A (DivX, LLC) C:\Users\Max\Downloads\DivXInstaller.exe
2011-12-17 06:08 - 2010-07-08 03:30 - 0000000 ____D C:\Users\All Users\DivX
2011-12-17 06:08 - 2010-07-08 03:30 - 0000000 ____D C:\ProgramData\DivX
2011-12-17 06:08 - 2010-02-16 16:52 - 0000000 ____D C:\Program Files (x86)\DivX
2011-12-17 06:07 - 2010-07-08 03:32 - 0000000 ____D C:\Program Files\DivX
2011-12-16 03:06 - 2011-12-16 02:14 - 0000000 ___HD C:\Users\Max\AppData\Local\Ubisoft Game Launcher
2011-12-16 02:14 - 2011-12-16 02:14 - 0000000 ____D C:\Users\Max\Documents\Assassin's Creed Revelations
2011-12-16 02:14 - 2011-12-16 01:38 - 0000000 ____D C:\Users\All Users\Ubisoft
2011-12-16 02:14 - 2011-12-16 01:38 - 0000000 ____D C:\ProgramData\Ubisoft
2011-12-16 02:10 - 2010-02-06 14:28 - 0239050 ____A C:\Windows\DirectX.log
2011-12-16 01:32 - 2011-12-16 01:23 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2011-12-16 01:32 - 2011-10-05 19:35 - 0189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2011-12-16 01:32 - 2011-10-05 19:35 - 0075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2011-12-16 01:16 - 2011-12-16 01:16 - 0057466 ____A C:\Users\Max\Downloads\x360ce.vibmod.3.1.4.1.rar
2011-12-15 04:00 - 2011-12-15 04:00 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{dcd95f58-eddc-11e0-9620-00241dced8b5}.TxR.blf
2011-12-14 16:27 - 2010-02-08 00:05 - 0000000 ____D C:\Users\Max\AppData\Roaming\vlc
2011-12-08 20:51 - 2011-12-08 20:51 - 0000000 ____D C:\Users\Max\Documents\Egosoft
2011-12-08 20:42 - 2011-12-08 20:30 - 248094036 ____A (EGOSOFT													 ) C:\Users\Max\Downloads\X3TCUpdate1.0.1_to_3.0.exe
2011-12-08 20:26 - 2011-12-08 20:26 - 0001177 ____A C:\Users\Max\Desktop\X3 Terran Conflict.lnk
2011-12-08 20:21 - 2011-12-08 20:21 - 0000000 ____D C:\Program Files (x86)\EGOSOFT
2011-11-30 03:10 - 2011-11-30 03:10 - 0000000 ___HD C:\Users\Max\AppData\Local\Chromium
2011-11-30 03:10 - 2011-11-30 03:10 - 0000000 ____D C:\Users\Max\Documents\Rockstar Games
2011-11-30 03:10 - 2011-10-22 23:43 - 0000000 ___HD C:\Users\Max\AppData\Local\SKIDROW
2011-11-30 03:09 - 2011-11-30 03:09 - 0002133 ____A C:\Users\Public\Desktop\L.A. Noire.lnk
2011-11-30 02:59 - 2011-11-30 02:59 - 0000000 ____D C:\Users\All Users\Rockstar Games
2011-11-30 02:59 - 2011-11-30 02:59 - 0000000 ____D C:\ProgramData\Rockstar Games
2011-11-30 02:59 - 2011-11-30 02:58 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2011-11-29 12:19 - 2010-02-06 04:29 - 0000000 ____D C:\Users\Max\Tracing
2011-11-26 15:02 - 2011-11-26 14:56 - 0000000 ____D C:\Program Files (x86)\Dead Island
2011-11-26 14:54 - 2011-11-26 14:54 - 0000560 ____A C:\Windows\wmsetup.log
2011-11-25 02:28 - 2011-11-25 02:28 - 0700085 ____A (Alexander Vigovsky										  ) C:\Users\Max\Downloads\ac3filter_1_63b_lite.exe
2011-11-25 02:28 - 2011-11-25 02:28 - 0000000 ____D C:\Program Files (x86)\AC3Filter
2011-11-23 20:52 - 2011-12-14 15:53 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-20 00:24 - 2011-11-15 13:19 - 0000000 ____D C:\Program Files (x86)\The Elder Scrolls V Skyrim
2011-11-19 17:30 - 2011-11-16 01:48 - 0000654 ___AH C:\Users\Max\AppData\Local\PMB Files.?an
2011-11-19 06:58 - 2012-01-11 13:56 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 06:01 - 2012-01-11 13:56 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-16 22:49 - 2012-01-17 13:09 - 0152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2011-11-16 22:49 - 2012-01-17 13:09 - 0095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2011-11-16 22:44 - 2012-01-17 13:09 - 0459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2011-11-16 22:41 - 2012-01-11 13:56 - 1731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-16 22:35 - 2012-01-17 13:09 - 1447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2011-11-16 22:35 - 2012-01-17 13:09 - 0395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2011-11-16 22:35 - 2012-01-17 13:09 - 0340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2011-11-16 22:35 - 2012-01-17 13:09 - 0136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2011-11-16 22:35 - 2012-01-17 13:09 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2011-11-16 22:35 - 2012-01-17 13:09 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2011-11-16 22:33 - 2012-01-17 13:09 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2011-11-16 21:38 - 2012-01-11 13:56 - 1292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-16 21:35 - 2012-01-17 13:09 - 0314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2011-11-16 21:34 - 2012-01-17 13:09 - 0224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2011-11-16 21:34 - 2012-01-17 13:09 - 0022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2011-11-16 21:28 - 2012-01-17 13:09 - 0096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2011-11-15 13:27 - 2011-11-15 13:27 - 0000000 ___HD C:\Users\Max\AppData\Local\Skyrim
2011-11-15 13:27 - 2010-06-04 05:18 - 0000000 ____D C:\Users\Max\Documents\My Games
2011-11-11 02:38 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
========================= Memory info ======================
Percentage of memory in use: 15%
Total physical RAM: 4094.49 MB
Available physical RAM: 3467.87 MB
Total Pagefile: 4092.64 MB
Available Pagefile: 3443.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: (OS) (Fixed) (Total:292.87 GB) (Free:77.5 GB) NTFS
3 Drive e: (Storage) (Fixed) (Total:405.67 GB) (Free:186.07 GB) NTFS
4 Drive f: (Repair disc  64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
5 Drive g: () (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
  Disk ###  Status		 Size	 Free	 Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online		  698 GB	  0 B		
  Disk 1    Online		  981 MB	  0 B		
Partitions of Disk 0:
===============
  Partition ###  Type			  Size	 Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary		    100 MB  1024 KB
  Partition 2    Primary		    292 GB   101 MB
  Partition 3    Primary		    405 GB   292 GB
  Partition 4    Primary		   3016 KB   698 GB
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label	    Fs	 Type	    Size	 Status	 Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1	 Y   System Rese  NTFS   Partition    100 MB  Healthy		   
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label	    Fs	 Type	    Size	 Status	 Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2	 C   OS		   NTFS   Partition    292 GB  Healthy		   
Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label	    Fs	 Type	    Size	 Status	 Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3	 E   Storage	  NTFS   Partition    405 GB  Healthy		   
Disk: 0
Partition 4
Type  : 17 (Suspicious Type)
Hidden: Yes
Active: Yes
There is no volume associated with this partition.
Partitions of Disk 1:
===============
  Partition ###  Type			  Size	 Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary		    980 MB    31 KB
Disk: 1
Partition 1
Type  : 06
Hidden: No
Active: Yes
  Volume ###  Ltr  Label	    Fs	 Type	    Size	 Status	 Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4	 G			    FAT    Removable    980 MB  Healthy		   
==========================================================
Last Boot: 2012-01-29 21:13
======================= End Of Log ==========================

[Maniac]

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.

Right-click in the open notepad and select Paste).

Save it on the flashdrive as fixlist.txt

2 .1265402454; C:\Program Files (x86)\1265402454\Max1265402454L.exe [x]
2012-01-17 17:25 - 2010-02-06 11:41 - 0000000 ____D C:\Program Files (x86)\1265402454
CMD: bootrec /FixMbr

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Now please enter System Recovery Options.

[3ntrh0py]

Done, I presume that I need to run Farbar again and fix?

[Maniac]

Yep, Run FRST and press the Fix button just once and wait, after type the script of course.

[3ntrh0py]

Ok so I ran the fix.

Here's a couple thoughts on the problem. I discussed this with a friend and we came to an hypothesis. Since the malware is redirecting to a webpage, this page might be reinstalling the files we already suppressed by running a script. Could we just block that webpage while we work on the problem, just to be sure? Oh, and I noticed it connects to a different site every time and that site redirects to the webpage.

Ah, and Catalyst (ATI GPU control center) keeps crashing on computer startup. I don't know if it's related to the issue but my roommate tells me it started doing that right when the problem begun. I would've simply reinstalled the driver but you told me to modify the system as little as possible so I wasn't sure if it was a good idea.

Anyway, here's the fixlog.txt :

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-09 22:58:05 R:1
Running from G:\
==============================================
.1265402454 service deleted successfully.
C:\Program Files (x86)\1265402454 moved successfully.
=========  bootrec /FixMbr =========
ÿþT h e   o p e r a t i o n   c o m p l e t e d   s u c c e s s f u l l y .

========= End of CMD: =========

==== End of Fixlog ====

[Maniac]

Please post a new fresh MBRCheck and let me know if there is any progress.

[3ntrh0py]

Here. Still redirecting

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:  
Windows Version:  Windows 7 Ultimate Edition
Windows Information:  Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer:  Award Software International, Inc.
System Manufacturer:  Gigabyte Technology Co., Ltd.
System Product Name:  GA-MA790GPT-UD3H
Logical Drives Mask:  0x0000007d
Kernel Drivers (total 174):
  0x03461000 \SystemRoot\system32\ntoskrnl.exe
  0x03418000 \SystemRoot\system32\hal.dll
  0x00BCC000 \SystemRoot\system32\kdcom.dll
  0x00C05000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00C12000 \SystemRoot\system32\PSHED.dll
  0x00C26000 \SystemRoot\system32\CLFS.SYS
  0x00C84000 \SystemRoot\system32\CI.dll
  0x00D44000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00DE8000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00ECD000 \SystemRoot\System32\Drivers\spho.sys
  0x00FF3000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x00E00000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x00E2F000 \SystemRoot\system32\drivers\ACPI.sys
  0x00E86000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00E90000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x0101C000 \SystemRoot\system32\drivers\pci.sys
  0x0104F000 \SystemRoot\System32\drivers\partmgr.sys
  0x01064000 \SystemRoot\system32\drivers\volmgr.sys
  0x01079000 \SystemRoot\System32\drivers\volmgrx.sys
  0x010D5000 \SystemRoot\system32\drivers\pciide.sys
  0x010DC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x010EC000 \SystemRoot\System32\Drivers\DiskSec.sys
  0x010F6000 \SystemRoot\System32\drivers\mountmgr.sys
  0x01110000 \SystemRoot\system32\drivers\vmbus.sys
  0x0114C000 \SystemRoot\system32\drivers\winhv.sys
  0x01160000 \SystemRoot\system32\drivers\atapi.sys
  0x01169000 \SystemRoot\system32\drivers\ataport.SYS
  0x01193000 \SystemRoot\system32\drivers\amdxata.sys
  0x0119E000 \SystemRoot\system32\drivers\fltmgr.sys
  0x011EA000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01000000 \SystemRoot\system32\DRIVERS\Lbd.sys
  0x01254000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01490000 \SystemRoot\System32\Drivers\msrpc.sys
  0x014EE000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01509000 \SystemRoot\System32\Drivers\cng.sys
  0x0157B000 \SystemRoot\System32\drivers\pcw.sys
  0x0158C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x016E1000 \SystemRoot\system32\drivers\ndis.sys
  0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x0183E000 \SystemRoot\System32\drivers\tcpip.sys
  0x01A42000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01A8C000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x01A9C000 \SystemRoot\system32\drivers\volsnap.sys
  0x01AE8000 \SystemRoot\System32\Drivers\spldr.sys
  0x01AF0000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01B2A000 \SystemRoot\System32\Drivers\mup.sys
  0x01B3C000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01B45000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01B7F000 \SystemRoot\system32\DRIVERS\disk.sys
  0x01B95000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01800000 \SystemRoot\system32\drivers\cdrom.sys
  0x0168B000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x0182A000 \SystemRoot\System32\Drivers\Null.SYS
  0x01833000 \SystemRoot\System32\Drivers\Beep.SYS
  0x016BC000 \SystemRoot\System32\drivers\vga.sys
  0x017D4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x016CA000 \SystemRoot\System32\drivers\watchdog.sys
  0x01596000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x0159F000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x015A8000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x015B1000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x015BC000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x015CD000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x015EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x01400000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x040BE000 \SystemRoot\system32\drivers\afd.sys
  0x04147000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x04152000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x0415B000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x04181000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x04197000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x041A6000 \SystemRoot\system32\DRIVERS\serial.sys
  0x04000000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x04043000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x0405E000 \SystemRoot\system32\drivers\termdd.sys
  0x01200000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x04072000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0407E000 \SystemRoot\system32\drivers\mssmbios.sys
  0x04089000 \SystemRoot\System32\drivers\discache.sys
  0x02EC5000 \SystemRoot\system32\drivers\csc.sys
  0x02F48000 \SystemRoot\System32\Drivers\dfsc.sys
  0x02F66000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x02F77000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x02F9D000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x02FB2000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x02E00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x07488000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x07EEE000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x07400000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x07446000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x06C5C000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x06CE1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x06CEE000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x06CF9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x06D4F000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x06D60000 \SystemRoot\system32\drivers\1394ohci.sys
  0x06D9E000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x06DAB000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x06DB7000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x06DC7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x06C00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x06C24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x02E55000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x06C30000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x06DDD000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x0746A000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x07FE2000 \SystemRoot\system32\DRIVERS\VKbms.sys
  0x07FED000 \SystemRoot\System32\drivers\mshidkmdf.sys
  0x02E84000 \SystemRoot\System32\drivers\HIDCLASS.SYS
  0x07FF5000 \SystemRoot\System32\drivers\HIDPARSE.SYS
  0x02E9D000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x02EA8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x02FBB000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x06C56000 \SystemRoot\system32\drivers\swenum.sys
  0x01445000 \SystemRoot\system32\drivers\ks.sys
  0x02FCA000 \SystemRoot\system32\DRIVERS\amdiox64.sys
  0x02FDE000 \SystemRoot\system32\drivers\umbus.sys
  0x090BD000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x09117000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x09122000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x09137000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x09144000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x09152000 \SystemRoot\system32\drivers\AtihdW76.sys
  0x0916C000 \SystemRoot\system32\drivers\portcls.sys
  0x091A9000 \SystemRoot\system32\drivers\drmk.sys
  0x091CB000 \SystemRoot\system32\drivers\ksthunk.sys
  0x09810000 \SystemRoot\system32\drivers\RTKVHD64.sys
  0x09000000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x09800000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x0980E000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x09055000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x00090000 \SystemRoot\System32\win32k.sys
  0x099F3000 \SystemRoot\System32\drivers\Dxapi.sys
  0x09070000 \SystemRoot\system32\drivers\danew.sys
  0x09073000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x09090000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x004C0000 \SystemRoot\System32\TSDDD.dll
  0x0909E000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x090AC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x091D1000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x091DA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x00760000 \SystemRoot\System32\cdd.dll
  0x00900000 \SystemRoot\System32\ATMFD.DLL
  0x04098000 \SystemRoot\system32\drivers\luafv.sys
  0x041C3000 \SystemRoot\system32\drivers\WudfPf.sys
  0x041E4000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x05655000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x056A8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x056BB000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x056D3000 \SystemRoot\system32\drivers\HTTP.sys
  0x0579C000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x057CD000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x0C4F4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0C542000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x0C566000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0C400000 \SystemRoot\system32\DRIVERS\netr7364.sys
  0x0D636000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0D6CE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x0D6DB000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x0D711000 \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
  0x0D742000 \SystemRoot\system32\drivers\peauth.sys
  0x0D7E8000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x0D600000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x0D612000 \??\C:\Windows\gdrv.sys
  0x0C4B6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x0D623000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0x0D62E000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
  0x0C5CF000 \SystemRoot\system32\drivers\usbaudio.sys
  0x0C5EA000 \SystemRoot\system32\drivers\WRfiltv.sys
  0x776D0000 \Windows\System32\ntdll.dll
  0x48240000 \Windows\System32\smss.exe
  0xFF9F0000 \Windows\System32\apisetschema.dll
Processes (total 59):
	   0 System Idle Process
	   4 System
	 316 C:\Windows\System32\smss.exe
	 456 csrss.exe
	 528 C:\Windows\System32\wininit.exe
	 564 csrss.exe
	 588 C:\Windows\System32\services.exe
	 608 C:\Windows\System32\lsass.exe
	 616 C:\Windows\System32\lsm.exe
	 740 C:\Windows\System32\winlogon.exe
	 776 C:\Windows\System32\svchost.exe
	 848 C:\Windows\System32\svchost.exe
	 916 C:\Windows\System32\atiesrxx.exe
	 984 C:\Windows\System32\svchost.exe
	 116 C:\Windows\System32\svchost.exe
	 404 C:\Windows\System32\svchost.exe
    1036 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1080 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\atieclxx.exe
    1188 C:\Windows\System32\svchost.exe
    1348 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    1492 C:\Windows\System32\spoolsv.exe
    1512 C:\Windows\System32\dwm.exe
    1576 C:\Windows\System32\svchost.exe
    1620 C:\Windows\explorer.exe
    1792 C:\Windows\System32\taskhost.exe
    1912 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    1208 C:\Program Files\Microsoft IntelliType Pro\itype.exe
    1876 C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
    1428 C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
    2088 C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
    2096 C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
    2156 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    2356 C:\Windows\SysWOW64\svchost.exe
    2376 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    2532 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2560 C:\Program Files\Bonjour\mDNSResponder.exe
    2620 C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
    2764 C:\Windows\SysWOW64\PnkBstrA.exe
    2804 C:\Windows\System32\svchost.exe
    2828 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3008 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    3016 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2468 unsecapp.exe
    3112 C:\Windows\System32\SearchIndexer.exe
    3184 WmiPrvSE.exe
    3328 WUDFHost.exe
    3460 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    3588 C:\Windows\System32\svchost.exe
    3788 C:\Windows\System32\svchost.exe
    2680 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4024 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    1772 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    1452 C:\Windows\System32\audiodg.exe
    3256 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    4372 <unknown>
    3436 C:\Users\Max\Desktop\MBRCheck.exe
    3892 C:\Windows\System32\conhost.exe
    3356 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000049`3e096000  (NTFS)
PhysicalDrive0 Model Number: ST3750528AS, Rev: CC38   
	  Size  Device Name		  MBR Status
  --------------------------------------------
    698 GB  \\.\PhysicalDrive0   MBR Code Faked!
		    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code?  Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

[Maniac]

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Also, please try to re-run aswMBR and post it if you can get it. Post both of them in your next reply.

[3ntrh0py]

Oh well seems like we have a nasty mofo here... TDSSKiller wont run either. Tried safe mode without networking, running as an administrator and renaming the file. Nothing worked. Seems like the processed is getting killed instantly (busy mouse, then nothing, not even a process in the task manager)

[3ntrh0py]

The process**

[Maniac]

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center
    
  • Windows Update

  [*]Press "Scan".

  [*]It will create a log (FSS.txt) in the same directory the tool is run.

  [*]Please copy and paste the log to your reply.

[3ntrh0py]

We might have something though if the malware won't let aswMBR and TDSSKiller run then it must be afraid of them.

[3ntrh0py]

Farbar Service Scanner Version: 08-02-2012
Ran by Max (administrator) on 10-02-2012 at 04:51:15
Running from "C:\Users\Max\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
===========
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[Maniac]

Please uninstall your Java:

http://www.java.com/en/download/uninstall.jsp

Next, download and install the latest Java version:

http://java.com/en/download/manual.jsp?locale=en

Reboot your PC and check out again.

[3ntrh0py]

Done. Reinstalled Java but got the following error message at the end of the installation: Wrapper.CreateFile failed with error 5 : Access is Denied.