Jump to content

redirect problem


Recommended Posts

When ever I go to a search engine and click on a topic it redirects me to some other site.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Nate and Erin at 22:57:05 on 2011-07-01

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2590 [GMT -7:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Windows\system32\dlbkcoms.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe

C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe

C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Java\jre1.6.0_04\bin\jucheck.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Nate and Erin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P48HVS9O\Defogger[1].exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?ilc=1

mWinlogon: Userinit=userinit.exe

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [iXL_MiddleWare] C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u4-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.2

TCP: Interfaces\{04829D47-94C5-4BCC-AAA0-7E312FDDCD5D} : DhcpNameServer = 10.0.0.2

TCP: Interfaces\{342884CF-52BE-476D-B8E1-02509CDC7A79} : DhcpNameServer = 10.0.0.2

TCP: Interfaces\{7C1714B1-E3C5-4919-BD26-2677153A61F9} : DhcpNameServer = 10.0.0.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe"

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [iXL_MiddleWare] C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe

mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun-x64: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]

R2 dlbk_device;dlbk_device;C:\Windows\system32\dlbkcoms.exe -service --> C:\Windows\system32\dlbkcoms.exe -service [?]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-1-2 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-1-2 128512]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-5 635416]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys --> C:\Windows\system32\DRIVERS\wg111v2.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-07-02 04:55:21 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-02 04:41:53 8802128 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1F37C2FD-48AF-47DB-AFDF-76D8F0617915}\mpengine.dll

2011-07-01 14:30:56 -------- d-----w- C:\ProgramData\AVG Security Toolbar

2011-06-29 15:45:05 0 ---ha-w- C:\Users\Nate and Erin\AppData\Local\Tdogohowob.bin

2011-06-29 15:45:04 -------- d-----w- C:\Users\Nate and Erin\AppData\Local\{6A5423BA-180F-429F-9C28-942D224969DF}

2011-06-06 00:11:40 -------- d--h--w- C:\Users\Nate and Erin\AppData\Roaming\Windows Live Writer

2011-06-06 00:11:39 -------- d--h--w- C:\Users\Nate and Erin\AppData\Local\Windows Live Writer

.

==================== Find3M ====================

.

.

============= FINISH: 23:04:42.37 ===============

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6705

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

7/1/2011 10:12:29 PM

mbam-log-2011-07-01 (22-12-29).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 299868

Time elapsed: 16 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Attach.zip

ark.zip

Link to post
Share on other sites

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Hello twobullz and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

The computer is doing the same thing. here comes all the results. Thank you again

2011/07/02 12:21:34.0994 4932 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/07/02 12:21:35.0727 4932 ================================================================================

2011/07/02 12:21:35.0727 4932 SystemInfo:

2011/07/02 12:21:35.0727 4932

2011/07/02 12:21:35.0727 4932 OS Version: 6.1.7600 ServicePack: 0.0

2011/07/02 12:21:35.0727 4932 Product type: Workstation

2011/07/02 12:21:35.0727 4932 ComputerName: NATEANDERIN-HP

2011/07/02 12:21:35.0727 4932 UserName: Nate and Erin

2011/07/02 12:21:35.0727 4932 Windows directory: C:\Windows

2011/07/02 12:21:35.0727 4932 System windows directory: C:\Windows

2011/07/02 12:21:35.0727 4932 Running under WOW64

2011/07/02 12:21:35.0727 4932 Processor architecture: Intel x64

2011/07/02 12:21:35.0727 4932 Number of processors: 2

2011/07/02 12:21:35.0727 4932 Page size: 0x1000

2011/07/02 12:21:35.0727 4932 Boot type: Normal boot

2011/07/02 12:21:35.0727 4932 ================================================================================

2011/07/02 12:21:36.0757 4932 Initialize success

2011/07/02 12:21:40.0937 3216 ================================================================================

2011/07/02 12:21:40.0937 3216 Scan started

2011/07/02 12:21:40.0937 3216 Mode: Manual;

2011/07/02 12:21:40.0937 3216 ================================================================================

2011/07/02 12:21:41.0483 3216 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/07/02 12:21:41.0546 3216 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2011/07/02 12:21:41.0593 3216 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/07/02 12:21:41.0639 3216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/02 12:21:41.0671 3216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/02 12:21:41.0686 3216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/02 12:21:41.0717 3216 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2011/07/02 12:21:41.0749 3216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2011/07/02 12:21:41.0764 3216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2011/07/02 12:21:41.0795 3216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2011/07/02 12:21:41.0811 3216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/02 12:21:41.0842 3216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/02 12:21:41.0889 3216 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys

2011/07/02 12:21:41.0920 3216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/02 12:21:41.0936 3216 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys

2011/07/02 12:21:41.0951 3216 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2011/07/02 12:21:41.0998 3216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/07/02 12:21:42.0014 3216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/02 12:21:42.0123 3216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/02 12:21:42.0201 3216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2011/07/02 12:21:42.0263 3216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/07/02 12:21:42.0326 3216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/02 12:21:42.0357 3216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/07/02 12:21:42.0404 3216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/02 12:21:42.0466 3216 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/02 12:21:42.0497 3216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/02 12:21:42.0513 3216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/02 12:21:42.0529 3216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/07/02 12:21:42.0560 3216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/02 12:21:42.0575 3216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/02 12:21:42.0591 3216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/02 12:21:42.0622 3216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/02 12:21:42.0653 3216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/02 12:21:42.0669 3216 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/02 12:21:42.0716 3216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/02 12:21:42.0747 3216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/07/02 12:21:42.0825 3216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/02 12:21:42.0841 3216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2011/07/02 12:21:42.0872 3216 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2011/07/02 12:21:42.0887 3216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/02 12:21:42.0934 3216 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/07/02 12:21:42.0965 3216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/02 12:21:42.0997 3216 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2011/07/02 12:21:43.0028 3216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/07/02 12:21:43.0075 3216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/07/02 12:21:43.0137 3216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/07/02 12:21:43.0184 3216 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/02 12:21:43.0277 3216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/07/02 12:21:43.0355 3216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/02 12:21:43.0418 3216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2011/07/02 12:21:43.0465 3216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/07/02 12:21:43.0480 3216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/07/02 12:21:43.0511 3216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/02 12:21:43.0543 3216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/07/02 12:21:43.0574 3216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/07/02 12:21:43.0589 3216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/02 12:21:43.0636 3216 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2011/07/02 12:21:43.0699 3216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/07/02 12:21:43.0714 3216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/02 12:21:43.0730 3216 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/02 12:21:43.0761 3216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/02 12:21:43.0792 3216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/02 12:21:43.0855 3216 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2011/07/02 12:21:43.0917 3216 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/02 12:21:43.0933 3216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/02 12:21:43.0964 3216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/02 12:21:43.0979 3216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/02 12:21:44.0011 3216 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/02 12:21:44.0151 3216 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/07/02 12:21:44.0198 3216 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2011/07/02 12:21:44.0229 3216 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/02 12:21:44.0276 3216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/02 12:21:44.0307 3216 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/07/02 12:21:44.0666 3216 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/07/02 12:21:44.0869 3216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/02 12:21:45.0025 3216 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

2011/07/02 12:21:45.0243 3216 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys

2011/07/02 12:21:45.0383 3216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2011/07/02 12:21:45.0430 3216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/02 12:21:45.0586 3216 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/02 12:21:45.0617 3216 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/07/02 12:21:45.0633 3216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/07/02 12:21:45.0758 3216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/07/02 12:21:45.0789 3216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2011/07/02 12:21:45.0805 3216 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/02 12:21:45.0851 3216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/02 12:21:45.0883 3216 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/02 12:21:45.0914 3216 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/02 12:21:45.0929 3216 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/02 12:21:45.0945 3216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/07/02 12:21:46.0023 3216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/02 12:21:46.0085 3216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/02 12:21:46.0101 3216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/02 12:21:46.0117 3216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/02 12:21:46.0132 3216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/02 12:21:46.0163 3216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/07/02 12:21:46.0210 3216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/02 12:21:46.0226 3216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/02 12:21:46.0257 3216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/07/02 12:21:46.0319 3216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/02 12:21:46.0351 3216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/02 12:21:46.0397 3216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/02 12:21:46.0413 3216 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2011/07/02 12:21:46.0444 3216 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2011/07/02 12:21:46.0460 3216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/02 12:21:46.0491 3216 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2011/07/02 12:21:46.0522 3216 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/02 12:21:46.0538 3216 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/02 12:21:46.0553 3216 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/02 12:21:46.0569 3216 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2011/07/02 12:21:46.0600 3216 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2011/07/02 12:21:46.0741 3216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/07/02 12:21:46.0756 3216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/02 12:21:46.0787 3216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/07/02 12:21:46.0834 3216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/02 12:21:46.0850 3216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/02 12:21:46.0881 3216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/07/02 12:21:46.0897 3216 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2011/07/02 12:21:46.0928 3216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/02 12:21:46.0959 3216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/07/02 12:21:46.0975 3216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/02 12:21:47.0006 3216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/07/02 12:21:47.0068 3216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/02 12:21:47.0099 3216 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2011/07/02 12:21:47.0131 3216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/02 12:21:47.0177 3216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/02 12:21:47.0209 3216 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/02 12:21:47.0224 3216 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/02 12:21:47.0255 3216 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2011/07/02 12:21:47.0302 3216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/02 12:21:47.0318 3216 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/02 12:21:47.0396 3216 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys

2011/07/02 12:21:47.0552 3216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/02 12:21:47.0599 3216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/07/02 12:21:47.0614 3216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/02 12:21:47.0692 3216 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys

2011/07/02 12:21:47.0848 3216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/07/02 12:21:47.0911 3216 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys

2011/07/02 12:21:47.0989 3216 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys

2011/07/02 12:21:48.0020 3216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/07/02 12:21:48.0067 3216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/07/02 12:21:48.0098 3216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/07/02 12:21:48.0129 3216 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2011/07/02 12:21:48.0160 3216 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2011/07/02 12:21:48.0191 3216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2011/07/02 12:21:48.0223 3216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/02 12:21:48.0238 3216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/07/02 12:21:48.0269 3216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/07/02 12:21:48.0347 3216 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/02 12:21:48.0363 3216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/07/02 12:21:48.0425 3216 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/02 12:21:48.0457 3216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/02 12:21:48.0488 3216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/02 12:21:48.0519 3216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/02 12:21:48.0535 3216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/02 12:21:48.0566 3216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/02 12:21:48.0597 3216 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/02 12:21:48.0613 3216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/02 12:21:48.0628 3216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/02 12:21:48.0659 3216 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/02 12:21:48.0675 3216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/02 12:21:48.0706 3216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/02 12:21:48.0737 3216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/02 12:21:48.0753 3216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/02 12:21:48.0784 3216 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2011/07/02 12:21:48.0831 3216 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2011/07/02 12:21:48.0862 3216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/02 12:21:48.0909 3216 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/07/02 12:21:48.0956 3216 RTL8187 (a48b769dec76629bd1a021d33c257b17) C:\Windows\system32\DRIVERS\wg111v2.sys

2011/07/02 12:21:48.0987 3216 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/07/02 12:21:49.0018 3216 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/02 12:21:49.0049 3216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/02 12:21:49.0081 3216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/02 12:21:49.0112 3216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/07/02 12:21:49.0127 3216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/02 12:21:49.0174 3216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/07/02 12:21:49.0190 3216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/07/02 12:21:49.0205 3216 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/07/02 12:21:49.0221 3216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/02 12:21:49.0268 3216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/02 12:21:49.0283 3216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/02 12:21:49.0299 3216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/07/02 12:21:49.0346 3216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/07/02 12:21:49.0393 3216 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2011/07/02 12:21:49.0408 3216 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/02 12:21:49.0439 3216 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/02 12:21:49.0486 3216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/02 12:21:49.0517 3216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/02 12:21:49.0595 3216 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2011/07/02 12:21:49.0642 3216 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/02 12:21:49.0673 3216 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/02 12:21:49.0720 3216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/07/02 12:21:49.0736 3216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/07/02 12:21:49.0783 3216 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/02 12:21:49.0798 3216 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/02 12:21:49.0845 3216 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/02 12:21:49.0892 3216 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/02 12:21:49.0907 3216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/02 12:21:49.0939 3216 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/02 12:21:49.0985 3216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/07/02 12:21:50.0001 3216 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/02 12:21:50.0032 3216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/02 12:21:50.0048 3216 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/02 12:21:50.0095 3216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2011/07/02 12:21:50.0126 3216 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/02 12:21:50.0141 3216 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/02 12:21:50.0173 3216 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/02 12:21:50.0219 3216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/02 12:21:50.0251 3216 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/02 12:21:50.0266 3216 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/02 12:21:50.0282 3216 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/02 12:21:50.0313 3216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/07/02 12:21:50.0360 3216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/02 12:21:50.0375 3216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/07/02 12:21:50.0407 3216 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/07/02 12:21:50.0422 3216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2011/07/02 12:21:50.0453 3216 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/07/02 12:21:50.0485 3216 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2011/07/02 12:21:50.0500 3216 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2011/07/02 12:21:50.0531 3216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/02 12:21:50.0547 3216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/02 12:21:50.0594 3216 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/02 12:21:50.0625 3216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/02 12:21:50.0656 3216 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/02 12:21:50.0656 3216 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/02 12:21:50.0719 3216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/07/02 12:21:50.0734 3216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/02 12:21:50.0828 3216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/02 12:21:50.0843 3216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/07/02 12:21:50.0921 3216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/07/02 12:21:50.0968 3216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/02 12:21:50.0999 3216 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2011/07/02 12:21:51.0077 3216 MBR (0x1B8) (74ee10d61b915864138f148ac2f29276) \Device\Harddisk0\DR0

2011/07/02 12:21:51.0155 3216 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk5\DR5

2011/07/02 12:21:51.0171 3216 Boot (0x1200) (8c757183f0b8c638455361b839b47c5e) \Device\Harddisk0\DR0\Partition0

2011/07/02 12:21:51.0187 3216 Boot (0x1200) (4a7d6483b9d6f0820cd30134d2926271) \Device\Harddisk0\DR0\Partition1

2011/07/02 12:21:51.0218 3216 Boot (0x1200) (3cb2de984ef07cafbf0ac10d9a44c537) \Device\Harddisk0\DR0\Partition2

2011/07/02 12:21:51.0233 3216 Boot (0x1200) (b18ae009bc899c8dc938ef8ff88869fa) \Device\Harddisk5\DR5\Partition0

2011/07/02 12:21:51.0233 3216 ================================================================================

2011/07/02 12:21:51.0233 3216 Scan finished

2011/07/02 12:21:51.0233 3216 ================================================================================

2011/07/02 12:21:51.0249 1896 Detected object count: 0

2011/07/02 12:21:51.0249 1896 Actual detected object count: 0

ComboFix 11-07-01.02 - Nate and Erin 07/02/2011 12:56:09.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2880 [GMT -7:00]

Running from: c:\users\Nate and Erin\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Nate and Erin\AppData\Local\{6A5423BA-180F-429F-9C28-942D224969DF}

c:\users\Nate and Erin\AppData\Local\{6A5423BA-180F-429F-9C28-942D224969DF}\chrome\content\overlay.xul

c:\users\Nate and Erin\AppData\Local\{6A5423BA-180F-429F-9C28-942D224969DF}\install.rdf

c:\users\Nate and Erin\AppData\Roaming\Adobe\plugs

c:\users\Nate and Erin\AppData\Roaming\Adobe\shed

c:\users\Nate and Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fix Disk

.

.

((((((((((((((((((((((((( Files Created from 2011-06-02 to 2011-07-02 )))))))))))))))))))))))))))))))

.

.

2011-07-02 20:21 . 2011-07-02 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-02 15:02 . 2011-06-20 15:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{966EB6BB-3C6B-4105-BB3B-0AB5A988C9BB}\mpengine.dll

2011-07-01 14:30 . 2011-07-02 04:34 -------- d-----w- c:\programdata\AVG Security Toolbar

2011-06-29 15:45 . 2011-07-07 21:34 0 ---ha-w- c:\users\Nate and Erin\AppData\Local\Tdogohowob.bin

2011-06-06 00:11 . 2011-06-06 00:11 -------- d--h--w- c:\users\Nate and Erin\AppData\Roaming\Windows Live Writer

2011-06-06 00:11 . 2011-06-06 00:11 -------- d--h--w- c:\users\Nate and Erin\AppData\Local\Windows Live Writer

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-25 02:14 . 2011-03-01 03:18 270720 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [2010-04-14 243544]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"iXL_MiddleWare"="c:\program files (x86)\Fisher-Price\iXL\iXL.Middleware.exe" [2010-04-28 52280]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]

S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [x]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-02 c:\windows\Tasks\HPCeeScheduleForNate and Erin.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?ilc=1

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.2

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Completion time: 2011-07-02 13:42:40 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-02 20:42

.

Pre-Run: 942,927,294,464 bytes free

Post-Run: 943,049,904,128 bytes free

.

- - End Of File - - ACDB92B21F89280B88B2006E2C0E7764

Results of screen317's Security Check version 0.99.17

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 4

Out of date Java installed!

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to post
Share on other sites

I need to know: are the redirects in Firefox, Internet Explorer, or both? Please let me know :)

Please download maxhandle.exe by noahdfear to your desktop

  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to c:\maxhandle.txt
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.

Please post the results for my review

Link to post
Share on other sites

Run from C:\Users\Nate and Erin\Desktop\maxhandle.exe on Sat 07/02/2011 at 15:47:05.52

found C:\Windows\system32\config\Journal

found C:\Windows\system32\config\RegBack

System pid: 4 type: File 1F8: C:\Windows\System32\config\RegBack\SAM

System pid: 4 type: File 2D8: C:\Windows\System32\config\RegBack\DEFAULT

System pid: 4 type: File 8F0: C:\Windows\System32\config\RegBack\SYSTEM

System pid: 4 type: File B1C: C:\Windows\System32\config\RegBack\SOFTWARE

System pid: 4 type: File B48: C:\Windows\System32\config\RegBack\SECURITY

found C:\Windows\system32\config\TxR

System pid: 4 type: File 1A8: C:\Windows\System32\config\TxR\{21a8efb3-a45d-11e0-90fd-64315017fef1}.TMContainer00000000000000000001.regtrans-ms

System pid: 4 type: File 1F4: C:\Windows\System32\config\TxR\{21a8efb3-a45d-11e0-90fd-64315017fef1}.TMContainer00000000000000000002.regtrans-ms

System pid: 4 type: File 1FC: C:\Windows\System32\config\TxR\{21a8efb3-a45d-11e0-90fd-64315017fef1}.TM.blf

System pid: 4 type: File 930: C:\Windows\System32\config\TxR\{21a8efb2-a45d-11e0-90fd-64315017fef1}.TxR.2.regtrans-ms

System pid: 4 type: File 938: C:\Windows\System32\config\TxR\{21a8efb2-a45d-11e0-90fd-64315017fef1}.TxR.blf

System pid: 4 type: File A5C: C:\Windows\System32\config\TxR\{21a8efb2-a45d-11e0-90fd-64315017fef1}.TxR.0.regtrans-ms

System pid: 4 type: File A60: C:\Windows\System32\config\TxR\{21a8efb2-a45d-11e0-90fd-64315017fef1}.TxR.1.regtrans-ms

Link to post
Share on other sites

We're on to something ;)

Windows7

First, you must verify that you can access the Windows7 Recovery Environment.

To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.

If the option 'Repair your computer' is available, select it.

If not available, you will need to insert your Windows7 installation dvd and restart, then press any key when prompted to boot from the cd.

At the Install Windows screen, select Repair your computer. (image below)

4.gif

Next, please download maxlook, saving the file to your desktop.

Double click maxlook.exe to run it. Note - you must run it only once!

As instructed when the tool runs, restart the computer and logon to the Recovery Environment.

Once you get to the System Recovery Options screen, first take note of the drive letter assigned to the operating system, then select Command Prompt.

2.gif

Type the following bolded command at the x:\sources> prompt (or x:\windows\system32>) then hit Enter.

cd /d x:\windows <--- the red x represents your operating system drive letter, as shown in the image below

look7.gif

At the D:\Windows> prompt type the following command then hit Enter

look.bat

You will see many files copied then return to the x:\windows> prompt.

Type Exit then restart your computer and logon in normal mode.

Please run maxlook.exe again now. Note - you must run it only once!

It will produce looklog.txt on the desktop and open it.

Please post the results here.

Link to post
Share on other sites

so I need to download the maxlook run it then restart and go to the system recovery option?

Yep ;) Run maxlook in normal mode (from the Desktop), then reboot into the System Recovery Environment and run the look.bat command.

I realize my instructions weren't as clear as they could have been. I apologize for the inconvenience ;)

Link to post
Share on other sites

Run from C:\Users\Nate and Erin\Desktop\maxlook.exe on Sat 07/02/2011 at 16:32:03.82

No infected file found

Rogue configuration file = C:\Windows\system32\config\Journal

Rogue configuration file = C:\Windows\system32\config\RegBack

Rogue configuration file = C:\Windows\system32\config\TxR

Link to post
Share on other sites

Glad to hear that :)

Please do the following:

Please go to Start > Run and type:

maxlook -sig

and hit Enter.

Note:

Be sure that you have internet connection. Please post back with the logfile which will open in notepad.

Link to post
Share on other sites

Run from C:\Users\Nate and Erin\Desktop\maxlook.exe on Sat 07/02/2011 at 16:43:02.01

--------- maxlook unsigned files ---------

No matching files were found.


--------- system32\drivers unsigned files ---------

No matching files were found.



Rogue configuration file = C:\Windows\system32\config\Journal


Rogue configuration file = C:\Windows\system32\config\RegBack


Rogue configuration file = C:\Windows\system32\config\TxR

Link to post
Share on other sites

Excellent. We're making progress ;)

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

C:\Windows\system32\config\Journal

C:\Windows\system32\config\RegBack

C:\Windows\system32\config\TxR

Reglock::

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix,txt in your next reply, and let me know how your system is running now :).

---------

Please do the following:

  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

---------

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

---------

Please include the C:\ComboFix.txt, aswMBR log and attached MBR.dat Zip file, and MBRCheck log in your next reply.

Please let me know how things are running now ;)

Link to post
Share on other sites

It is still redirecting me to other sites.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: FOXCONN

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: Hewlett-Packard

System Product Name: p6644y

Logical Drives Mask: 0x000003fc

Kernel Drivers (total 144):

0x02A11000 \SystemRoot\system32\ntoskrnl.exe

0x02FEE000 \SystemRoot\system32\hal.dll

0x00B99000 \SystemRoot\system32\kdcom.dll

0x00CEA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00D2E000 \SystemRoot\system32\PSHED.dll

0x00D42000 \SystemRoot\system32\CLFS.SYS

0x00C00000 \SystemRoot\system32\CI.dll

0x00E81000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F25000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F34000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00F8B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00F94000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00F9E000 \SystemRoot\system32\DRIVERS\pci.sys

0x00FD1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00FDE000 \SystemRoot\System32\drivers\partmgr.sys

0x00E00000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E71000 \SystemRoot\system32\DRIVERS\intelide.sys

0x00CC0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00CD0000 \SystemRoot\System32\drivers\mountmgr.sys

0x00FF3000 \SystemRoot\system32\DRIVERS\atapi.sys

0x00DA0000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x00DCA000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x0105B000 \SystemRoot\system32\drivers\fltmgr.sys

0x010A7000 \SystemRoot\system32\drivers\fileinfo.sys

0x01211000 \SystemRoot\System32\Drivers\Ntfs.sys

0x010BB000 \SystemRoot\System32\Drivers\msrpc.sys

0x013B3000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01119000 \SystemRoot\System32\Drivers\cng.sys

0x013CD000 \SystemRoot\System32\drivers\pcw.sys

0x013DE000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01418000 \SystemRoot\system32\drivers\ndis.sys

0x0150A000 \SystemRoot\system32\drivers\NETIO.SYS

0x0156A000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01602000 \SystemRoot\System32\drivers\tcpip.sys

0x01595000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0118C000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x015DF000 \SystemRoot\System32\Drivers\spldr.sys

0x01000000 \SystemRoot\System32\drivers\rdyboost.sys

0x015E7000 \SystemRoot\System32\Drivers\mup.sys

0x01400000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01863000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x0189D000 \SystemRoot\system32\DRIVERS\disk.sys

0x018B3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01919000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01943000 \SystemRoot\System32\Drivers\Null.SYS

0x0194C000 \SystemRoot\System32\Drivers\Beep.SYS

0x01953000 \SystemRoot\System32\drivers\vga.sys

0x01961000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01986000 \SystemRoot\System32\drivers\watchdog.sys

0x01996000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x0199F000 \SystemRoot\system32\drivers\rdpencdd.sys

0x019A8000 \SystemRoot\system32\drivers\rdprefmp.sys

0x019B1000 \SystemRoot\System32\Drivers\Msfs.SYS

0x019BC000 \SystemRoot\System32\Drivers\Npfs.SYS

0x019CD000 \SystemRoot\system32\DRIVERS\tdx.sys

0x019EB000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01800000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02C38000 \SystemRoot\system32\drivers\afd.sys

0x02CC2000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02CCB000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02CF1000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x02D07000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02D16000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02D31000 \SystemRoot\system32\DRIVERS\termdd.sys

0x02D45000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x02D96000 \SystemRoot\system32\drivers\nsiproxy.sys

0x02DA2000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x02DAD000 \SystemRoot\System32\drivers\discache.sys

0x02DBC000 \SystemRoot\System32\Drivers\dfsc.sys

0x02DDA000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x02C00000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x01845000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x03A03000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x04442000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04536000 \SystemRoot\System32\drivers\dxgmms1.sys

0x0457C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x045A0000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x04400000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x04847000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x0489D000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x048AE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x048BE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x048D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x048F8000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x04904000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x04933000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x0494E000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x0496F000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04989000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04998000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x049A7000 \SystemRoot\system32\DRIVERS\swenum.sys

0x049A9000 \SystemRoot\system32\DRIVERS\ks.sys

0x049EC000 \SystemRoot\system32\DRIVERS\umbus.sys

0x050A8000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x05102000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x05817000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05A5E000 \SystemRoot\system32\drivers\portcls.sys

0x05A9B000 \SystemRoot\system32\drivers\drmk.sys

0x05ABD000 \SystemRoot\system32\drivers\ksthunk.sys

0x05AC3000 \SystemRoot\System32\Drivers\crashdmp.sys

0x05AD1000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05AEE000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x05AF0000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x05AFC000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x05B05000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x05B18000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x05B26000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x05B3F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x05B48000 \SystemRoot\system32\DRIVERS\wg111v2.sys

0x000D0000 \SystemRoot\System32\win32k.sys

0x05BA5000 \SystemRoot\System32\drivers\Dxapi.sys

0x05BB1000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x05BBE000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x05BCC000 \SystemRoot\system32\DRIVERS\monitor.sys

0x05BDA000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x00400000 \SystemRoot\System32\TSDDD.dll

0x00610000 \SystemRoot\System32\cdd.dll

0x008F0000 \SystemRoot\System32\ATMFD.DLL

0x05117000 \SystemRoot\system32\drivers\luafv.sys

0x0513A000 \SystemRoot\system32\drivers\WudfPf.sys

0x05800000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x0515B000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x051AE000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x051C1000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x02806000 \SystemRoot\system32\drivers\HTTP.sys

0x028CE000 \SystemRoot\System32\Drivers\fastfat.SYS

0x02904000 \SystemRoot\system32\DRIVERS\bowser.sys

0x02922000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0293A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x02967000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x029B5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x05000000 \SystemRoot\system32\drivers\peauth.sys

0x029D8000 \SystemRoot\System32\Drivers\secdrv.SYS

0x04800000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x029E3000 \SystemRoot\System32\drivers\tcpipreg.sys

0x06894000 \SystemRoot\System32\DRIVERS\srv2.sys

0x068FB000 \SystemRoot\System32\DRIVERS\srv.sys

0x06800000 \SystemRoot\system32\drivers\spsys.sys

0x06871000 \??\C:\Users\NATEAN~1\AppData\Local\Temp\aswMBR.sys

0x76FE0000 \Windows\System32\ntdll.dll

0x48170000 \Windows\System32\smss.exe

0xFF300000 \Windows\System32\apisetschema.dll

0xFF560000 \Windows\System32\autochk.exe

Processes (total 63):

0 System Idle Process

4 System

268 C:\Windows\System32\smss.exe

396 csrss.exe

456 C:\Windows\System32\wininit.exe

472 csrss.exe

508 C:\Windows\System32\services.exe

544 C:\Windows\System32\lsass.exe

552 C:\Windows\System32\lsm.exe

608 C:\Windows\System32\winlogon.exe

708 C:\Windows\System32\svchost.exe

788 C:\Windows\System32\svchost.exe

872 C:\Windows\System32\svchost.exe

928 C:\Windows\System32\svchost.exe

956 C:\Windows\System32\svchost.exe

108 C:\Windows\System32\audiodg.exe

408 C:\Windows\System32\svchost.exe

644 C:\Windows\System32\svchost.exe

1224 C:\Windows\System32\dwm.exe

1248 C:\Windows\System32\spoolsv.exe

1256 C:\Windows\explorer.exe

1296 C:\Windows\System32\svchost.exe

1524 C:\Windows\System32\svchost.exe

1576 C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

1736 C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe

1772 C:\Windows\System32\dlbkcoms.exe

1816 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

1840 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

1880 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

1912 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

284 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

1332 C:\Program Files (x86)\PDF Complete\pdfsvc.exe

1380 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

2024 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

1512 C:\Windows\System32\hkcmd.exe

1992 C:\Windows\System32\igfxpers.exe

1136 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

2188 C:\Windows\System32\svchost.exe

2228 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2920 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

916 C:\Windows\System32\SearchIndexer.exe

3228 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

3236 C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe

3308 C:\Program Files\Windows Media Player\wmpnetwk.exe

3556 C:\Program Files (x86)\Fisher-Price\iXL\iXL.Middleware.exe

3624 C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe

3676 C:\Windows\System32\SearchProtocolHost.exe

1388 C:\Windows\System32\svchost.exe

3268 C:\Program Files\Internet Explorer\iexplore.exe

3588 C:\Program Files\Internet Explorer\iexplore.exe

4200 WmiPrvSE.exe

4344 dllhost.exe

4028 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

3832 C:\Windows\System32\sppsvc.exe

3568 C:\Windows\System32\svchost.exe

4468 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

3700 C:\Windows\splwow64.exe

3136 C:\Program Files (x86)\Java\jre1.6.0_04\bin\jucheck.exe

2016 C:\Windows\System32\SearchProtocolHost.exe

4544 C:\Windows\System32\SearchFilterHost.exe

372 C:\Users\Nate and Erin\Desktop\MBRCheck.exe

4032 C:\Windows\System32\conhost.exe

4960 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e5`e5600000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10002

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done!

ComboFix 11-07-02.02 - Nate and Erin 07/02/2011 17:20:43.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2743 [GMT -7:00]

Running from: c:\users\Nate and Erin\Desktop\ComboFix.exe

Command switches used :: c:\users\Nate and Erin\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\config\Journal"

"c:\windows\system32\config\RegBack"

"c:\windows\system32\config\TxR"

.

.

((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))

.

.

2011-07-03 00:45 . 2011-07-03 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-02 23:42 . 2010-10-12 19:56 220024 ----a-w- c:\windows\sigcheck.exe

2011-07-02 23:26 . 2011-07-02 23:32 -------- d-----w- c:\windows\maxdrive

2011-07-02 22:46 . 2011-01-17 17:50 333176 ----a-w- c:\windows\Listdlls.exe

2011-07-02 22:46 . 2011-05-17 19:48 423288 ----a-w- c:\windows\handle.exe

2011-07-02 15:02 . 2011-06-20 15:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{966EB6BB-3C6B-4105-BB3B-0AB5A988C9BB}\mpengine.dll

2011-07-01 14:30 . 2011-07-02 04:34 -------- d-----w- c:\programdata\AVG Security Toolbar

2011-06-29 15:45 . 2011-07-07 21:34 0 ---ha-w- c:\users\Nate and Erin\AppData\Local\Tdogohowob.bin

2011-06-06 00:11 . 2011-06-06 00:11 -------- d--h--w- c:\users\Nate and Erin\AppData\Roaming\Windows Live Writer

2011-06-06 00:11 . 2011-06-06 00:11 -------- d--h--w- c:\users\Nate and Erin\AppData\Local\Windows Live Writer

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-25 02:14 . 2011-03-01 03:18 270720 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-02_20.25.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-30 01:26 . 2011-07-02 23:33 38728 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-05-02 05:15 39922 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-07-02 23:33 39922 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-12-31 11:31 . 2011-07-02 23:33 10740 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1668296556-39166251-2201499717-1001_UserData.bin

+ 2010-12-30 03:37 . 2011-07-03 00:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-12-30 03:37 . 2011-07-02 20:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-06-29 15:53 . 2011-07-02 20:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2011-06-29 15:53 . 2011-07-03 00:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

- 2011-06-29 15:53 . 2011-07-02 20:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2011-06-29 15:53 . 2011-07-03 00:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2011-06-29 15:53 . 2011-07-03 00:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

- 2011-06-29 15:53 . 2011-07-02 20:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

+ 2010-12-30 03:37 . 2011-07-03 00:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-12-30 03:37 . 2011-07-02 20:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-12-30 03:37 . 2011-07-02 20:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-30 03:37 . 2011-07-03 00:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-03 00:30 . 2009-07-14 01:45 22096 c:\windows\maxdrive\wimmount.sys

+ 2011-07-02 23:32 . 2002-09-18 14:38 82944 c:\windows\maxdrive\sed.exe

- 2011-07-02 20:24 . 2011-07-02 20:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-03 00:47 . 2011-07-03 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-07-02 20:24 . 2011-07-02 20:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-03 00:47 . 2011-07-03 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-12-30 15:28 . 2011-07-02 22:43 260100 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 02:36 . 2011-07-02 05:17 626844 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-07-02 23:35 626844 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-07-02 05:17 107160 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-07-02 23:35 107160 c:\windows\system32\perfc009.dat

+ 2011-07-02 23:32 . 2009-12-12 05:48 1041920 c:\windows\maxdrive\pevFind.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe" [2010-04-14 243544]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]

"iXL_MiddleWare"="c:\program files (x86)\Fisher-Price\iXL\iXL.Middleware.exe" [2010-04-28 52280]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]

S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [x]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-02 c:\windows\Tasks\HPCeeScheduleForNate and Erin.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?ilc=1

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.2

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

.

**************************************************************************

.

Completion time: 2011-07-02 18:04:50 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-03 01:04

ComboFix2.txt 2011-07-02 20:42

.

Pre-Run: 942,862,303,232 bytes free

Post-Run: 942,810,038,272 bytes free

.

- - End Of File - - EAD0EAE3235F3C9C09C49475AA2FB2B1

MBRCheck_07.02.11_19.08.51.zip

Link to post
Share on other sites

Let's try the following ;):

Step 1

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter 0 (zero) and press Enter

The following dialog will be presented:

Enter filename to dump to:

Type mbr-dump.dat and press Enter

The following dialog will be presented:

Dumped successfully!

Enter the physical disk to dump (0-99, -1 to exit):

Enter -1 and press Enter

And last the following dialog will be presented:

Done! Press ENTER to exit...

Press Enter.

A file mbr-dump.dat will be produced on the desktop. Now you have to compress this file:

  • Right click on it
  • Navigate and select Send to
  • Then navigate and select Compressed (zipped) Folder
  • A file mbr-dump.zip will be produced on the desktop

Please attach this file (mbr-dump.zip) in your next reply.

Link to post
Share on other sites

Step 2

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter 0 (zero) and press Enter

The following dialog will be presented:

Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive:

Enter 5 and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:

Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit..
.

Press Enter. A report will be produced on the desktop. Post that report in your next reply.

------------------------------------------------------

In your next reply, please include:

  • Attached mbr-dump.zip file
  • MBR check log

How is your computer running now?How is your computer running now?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.