Jump to content

Damn Redirect


Recommended Posts

Got the Win 7 Repair virus on wife's laptop, think I eradicated it but can't get rid of the redirect rootkit. Appreciate any help.

Thanks

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6997

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7/1/2011 2:48:43 PM

mbam-log-2011-07-01 (14-48-43).txt

Scan type: Quick scan

Objects scanned: 192222

Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

Run by Deb at 21:59:45 on 2011-07-07

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3318.1802 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Connectify\Connectifyd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Users\Deb\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wuauclt.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: : {c90dbb52-46e0-4e65-92bc-799adee54c86} - c:\progra~1\flash2x\flashp~1\FLASHP~1.DLL

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRunOnce: [spchecker] "c:\program files\avg\avg10\notification\SPCheckerTE.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sigmatelSysTrayApp] sttray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4ADYARwA"&"inst=NwA3AC0ANAAxADUANQAxADAAMQA3ADQALQBUADEANAAtAEIAQQArADEALQBLAFYAMwArADcALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.894

StartupFolder: c:\users\deb\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\deb\appdata\roaming\dropbox\bin\Dropbox.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\055726C69636 : DhcpNameServer = 63.144.60.89 64.81.219.242

TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\2375942554234303 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\354727165726022456163686 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\4584257657563747 : DhcpNameServer = 151.164.1.8 151.164.11.201 4.2.2.3

TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\8496C647F6E684561646 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2D13954C-5731-4BCE-B317-49FB88D03945}\C63636167657563747 : DhcpNameServer = 205.173.240.18 205.173.240.19

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\deb\appdata\roaming\mozilla\firefox\profiles\ydno7wt2.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e0e7c9e&i=23&tp=ab&nt=1&q=

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox 3.6 beta 3\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox 3.6 beta 3\plugins\npEModelPlugin.dll

FF - plugin: c:\program files\mozilla firefox 3.6 beta 3\plugins\npPDFXCviewNPPlugin.dll

FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 19621722;19621722 Boot Guard Driver;c:\windows\system32\drivers\19621722.sys [2011-7-1 37392]

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]

R1 19621721;19621721;c:\windows\system32\drivers\19621721.sys [2011-7-1 128016]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-7-5 18816]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 Connectify;Connectify;c:\program files\connectify\Connectifyd.exe [2011-3-9 892992]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 connctfyMP;connctfyMP;c:\windows\system32\drivers\connctfy.sys [2010-6-14 29248]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-6-12 9472]

R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-12-21 16256]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 connctfy;Connectify Service;c:\windows\system32\drivers\connctfy.sys [2010-6-14 29248]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-6-19 30192]

S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2656.tmp [2011-7-5 6144]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-6-3 174720]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\program files\verizon wireless\vzaccess manager\SMSIVZAM5.sys [2009-3-20 32408]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-10 1343400]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]

.

=============== Created Last 30 ================

.

2011-07-07 18:52:39 -------- d--h--w- C:\$AVG

2011-07-07 02:59:47 -------- d-----w- C:\Data

2011-07-06 03:46:16 -------- d-----w- c:\users\deb\DoctorWeb

2011-07-06 00:31:25 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-06 00:29:09 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys

2011-07-05 22:30:22 6144 ------w- c:\windows\system32\2656.tmp

2011-07-05 22:18:48 6144 ------w- c:\windows\system32\8FA2.tmp

2011-07-05 22:18:36 -------- d-----w- c:\program files\Sophos

2011-07-02 02:05:28 -------- d-----w- c:\users\deb\appdata\roaming\AVG10

2011-07-02 02:02:34 -------- d-----w- c:\windows\system32\drivers\AVG

2011-07-02 02:02:34 -------- d-----w- c:\programdata\AVG10

2011-07-02 01:53:24 -------- d-----w- c:\programdata\MFAData

2011-07-02 01:32:43 -------- d-sh--w- C:\$RECYCLE.BIN

2011-07-02 00:37:27 -------- d-----w- C:\ComboFix

2011-07-01 21:40:28 98816 ----a-w- c:\windows\sed.exe

2011-07-01 21:40:28 518144 ----a-w- c:\windows\SWREG.exe

2011-07-01 21:40:28 256000 ----a-w- c:\windows\PEV.exe

2011-07-01 21:40:28 208896 ----a-w- c:\windows\MBR.exe

2011-07-01 20:20:34 -------- d-----w- c:\programdata\Kaspersky Lab

2011-07-01 20:17:04 37392 ----a-w- c:\windows\system32\drivers\19621722.sys

2011-07-01 20:17:03 311312 ----a-w- c:\windows\system32\drivers\1962172.sys

2011-07-01 20:17:03 128016 ----a-w- c:\windows\system32\drivers\19621721.sys

2011-07-01 18:57:04 -------- d-----w- c:\users\deb\appdata\roaming\SUPERAntiSpyware.com

2011-07-01 18:57:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-06-30 23:02:53 -------- d-----w- c:\program files\STOPzilla!

2011-06-30 23:02:52 -------- d-----w- c:\programdata\STOPzilla!

2011-06-30 23:02:52 -------- d-----w- c:\program files\common files\iS3

2011-06-30 19:16:38 -------- d-----w- c:\users\deb\appdata\roaming\Malwarebytes

2011-06-29 22:41:49 -------- d--h--w- c:\users\deb\appdata\local\Apple Computer

2011-06-29 19:44:36 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-28 22:58:32 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll

2011-06-28 22:58:30 546256 ----a-r- c:\windows\system32\SZComp5.dll

2011-06-28 22:58:30 456144 ----a-r- c:\windows\system32\SZBase5.dll

2011-06-28 22:58:30 398800 ----a-r- c:\windows\system32\IS3DBA5.dll

2011-06-28 22:58:30 28624 ----a-r- c:\windows\system32\IS3XDat5.dll

2011-06-28 22:58:30 22992 ----a-r- c:\windows\system32\SZIO5.dll

2011-06-28 22:58:28 99792 ----a-r- c:\windows\system32\IS3Svc5.dll

2011-06-28 22:58:28 99792 ----a-r- c:\windows\system32\IS3Inet5.dll

2011-06-28 22:58:28 67024 ----a-r- c:\windows\system32\IS3Hks5.dll

2011-06-28 22:58:28 390608 ----a-r- c:\windows\system32\IS3UI5.dll

2011-06-28 22:58:28 230864 ----a-r- c:\windows\system32\IS3Win325.dll

2011-06-28 22:58:26 738768 ----a-r- c:\windows\system32\IS3Base5.dll

2011-06-16 13:01:50 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 13:01:49 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 13:01:48 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 13:00:38 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-16 13:00:38 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 13:00:38 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-16 13:00:38 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 13:00:37 338944 ----a-w- c:\windows\system32\drivers\afd.sys

.

==================== Find3M ====================

.

2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-04 02:43:59 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-05-04 02:43:48 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-05-04 02:43:41 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll

2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec

2011-04-15 02:28:30 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe

.

============= FINISH: 22:06:49.61 ===============

Attach.zip

Link to post
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Hello fmchuck and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

AVG needs to remain uninstalled until I tell you its safest to reinstall it.

-------------

I suggest you remove StopZilla, as it is not a reputable antivirus program at all.

See this link for more information: http://www.pcmag.com/article2/0%2C2817%2C2162968%2C00.asp

Please navigate to Start -> Control Panel -> Add or Remove Programs.

Select StopZilla, and choose Remove. Then, restart your computer.

-------------

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

To remove it, please follow the instructions found here.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

D-Fred,

First, thank you very much for your willingness to help. I've uninstalled the software you suggested and run the scans. I am not able to get TDSSKiller to run: I double clicked and also right clicked and attempted run as administrator.

The browser is still redirecting.

Here are the Combofix and Security Check logs:

ComboFix 11-07-10.03 - Deb 07/10/2011 13:56:39.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3318.2279 [GMT -5:00]

Running from: c:\users\Deb\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

c:\data\default\us_sres.data

.

.

((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))

.

.

2011-07-10 19:33 . 2011-07-10 19:33 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2011-07-10 19:33 . 2011-07-10 19:33 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-07-10 19:33 . 2011-07-10 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-10 19:33 . 2011-07-10 19:33 -------- d-----w- c:\users\Chuck\AppData\Local\temp

2011-07-10 18:43 . 2011-06-20 13:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D58ADFF-C461-4595-A493-E649FE996BE4}\mpengine.dll

2011-07-09 01:47 . 2011-07-09 01:47 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2011-07-09 01:43 . 2011-07-09 01:43 39192 ----a-w- c:\windows\system32\Partizan.exe

2011-07-09 01:43 . 2011-07-09 01:43 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2011-07-09 01:41 . 2011-07-09 01:41 2 --shatr- c:\windows\winstart.bat

2011-07-09 01:41 . 2011-07-09 01:41 -------- d-----w- c:\program files\Greatis

2011-07-07 18:52 . 2011-07-07 18:52 -------- d-----w- C:\$AVG

2011-07-06 03:46 . 2011-07-06 03:46 -------- d-----w- c:\users\Deb\DoctorWeb

2011-07-06 00:31 . 2011-07-06 00:31 -------- d-----w- c:\users\Chuck\AppData\Roaming\SUPERAntiSpyware.com

2011-07-06 00:31 . 2011-07-06 00:31 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-07-06 00:29 . 2010-05-26 15:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys

2011-07-05 22:30 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\2656.tmp

2011-07-05 22:18 . 2010-05-26 15:39 6144 ------w- c:\windows\system32\8FA2.tmp

2011-07-05 22:18 . 2011-07-05 22:18 -------- d-----w- c:\program files\Sophos

2011-07-05 20:46 . 2011-07-05 20:46 -------- d-----w- c:\users\Guest\AppData\Roaming\AVG10

2011-07-02 16:55 . 2011-07-02 16:55 -------- d-----w- c:\users\Chuck\AppData\Roaming\AVG10

2011-07-02 02:05 . 2011-07-02 02:05 -------- d-----w- c:\users\Deb\AppData\Roaming\AVG10

2011-07-02 02:02 . 2011-07-10 18:02 -------- d-----w- c:\programdata\AVG10

2011-07-02 01:53 . 2011-07-10 17:57 -------- d-----w- c:\programdata\MFAData

2011-07-01 20:20 . 2011-07-02 01:40 -------- d-----w- c:\programdata\Kaspersky Lab

2011-07-01 20:17 . 2009-10-22 18:54 37392 ----a-w- c:\windows\system32\drivers\19621722.sys

2011-07-01 20:17 . 2009-10-10 04:31 311312 ----a-w- c:\windows\system32\drivers\1962172.sys

2011-07-01 20:17 . 2009-09-25 22:59 128016 ----a-w- c:\windows\system32\drivers\19621721.sys

2011-07-01 18:57 . 2011-07-01 18:57 -------- d-----w- c:\users\Deb\AppData\Roaming\SUPERAntiSpyware.com

2011-07-01 18:57 . 2011-07-01 18:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-06-30 23:02 . 2011-07-10 17:58 -------- d-----w- c:\programdata\STOPzilla!

2011-06-30 19:16 . 2011-06-30 19:16 -------- d-----w- c:\users\Deb\AppData\Roaming\Malwarebytes

2011-06-29 22:41 . 2011-06-29 22:41 -------- d--h--w- c:\users\Deb\AppData\Local\Apple Computer

2011-06-29 19:44 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-16 13:01 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 13:01 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 13:01 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-06-16 13:00 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-16 13:00 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 13:00 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 13:00 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-16 13:00 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 14:11 . 2010-07-18 20:27 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-25 00:14 . 2009-10-03 21:56 222080 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-01_22.26.33 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-02 02:00 . 2011-07-02 02:00 51008 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a\vcomp90.dll

+ 2011-07-02 02:00 . 2011-07-02 02:00 59728 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90RUS.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 42832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90KOR.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 43344 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90JPN.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 61264 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ITA.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 62800 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90FRA.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 61760 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ESP.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 61776 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ESN.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 53568 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90ENU.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 63296 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90DEU.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 36688 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90CHT.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 35648 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90CHS.DLL

+ 2011-07-02 02:00 . 2011-07-02 02:00 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90u.dll

+ 2011-07-02 02:00 . 2011-07-02 02:00 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfcm90.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80KOR.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80JPN.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ITA.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80FRA.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ESP.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80DEU.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80CHT.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80CHS.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 57856 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfcm80u.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 69632 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfcm80.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 97280 c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll

+ 2011-07-06 02:05 . 2011-07-10 18:23 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat

+ 2011-07-06 02:05 . 2011-07-10 18:23 16384 c:\windows\temp\History\History.IE5\index.dat

+ 2011-07-06 02:05 . 2011-07-10 18:23 16384 c:\windows\temp\Cookies\index.dat

+ 2010-03-29 13:44 . 2011-07-10 18:25 33614 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2011-07-10 18:25 44840 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-08-04 02:25 . 2011-07-01 21:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-08-04 02:25 . 2011-07-10 18:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:34 . 2011-07-10 18:27 65632 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2010-08-04 02:25 . 2011-07-01 21:11 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-08-04 02:25 . 2011-07-10 18:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-08-04 02:25 . 2011-07-01 21:11 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-08-04 02:25 . 2011-07-10 18:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-28 01:57 . 2011-07-01 20:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-28 01:57 . 2011-07-10 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-28 01:57 . 2011-07-10 19:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-28 01:57 . 2011-07-01 20:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-28 02:57 . 2011-07-10 18:25 7378 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3487078606-40491123-2078983663-1001_UserData.bin

+ 2010-01-02 16:17 . 2011-07-08 01:22 7384 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3487078606-40491123-2078983663-1000_UserData.bin

- 2011-07-01 21:32 . 2011-07-01 21:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-10 18:23 . 2011-07-10 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-07-01 21:32 . 2011-07-01 21:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-10 18:23 . 2011-07-10 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-05 20:56 . 2011-07-05 20:56 632656 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 554832 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 479232 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll

+ 2009-12-30 14:47 . 2011-07-04 15:00 308364 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2009-12-28 04:15 . 2011-07-10 14:17 302850 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 04:47 . 2011-07-09 01:43 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:47 . 2011-06-30 18:12 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-05-15 23:17 . 2011-07-09 01:43 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3487078606-40491123-2078983663-1001-12288.dat

- 2011-05-15 23:17 . 2011-06-30 18:12 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3487078606-40491123-2078983663-1001-12288.dat

+ 2011-05-15 23:17 . 2011-07-09 01:43 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3487078606-40491123-2078983663-1000-12288.dat

- 2011-05-15 23:17 . 2011-05-15 23:17 450772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3487078606-40491123-2078983663-1000-12288.dat

+ 2011-07-02 02:00 . 2011-07-02 02:00 223232 c:\windows\Installer\cfecb.msi

+ 2011-07-02 02:00 . 2011-07-02 02:00 3780424 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll

+ 2011-07-02 02:00 . 2011-07-02 02:00 3765048 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 1093120 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll

+ 2011-07-05 20:56 . 2011-07-05 20:56 1101824 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll

+ 2009-07-14 02:03 . 2011-07-10 18:53 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:03 . 2011-07-01 20:29 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 04:34 . 2011-06-30 23:12 3472553 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:34 . 2011-07-10 18:27 3472553 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-04-16 13:44 . 2011-04-16 13:44 2770944 c:\windows\Installer\3d35500.msi

+ 2011-05-19 16:02 . 2011-07-05 21:07 115780448 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 213816]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ---ha-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ---ha-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ---ha-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ---ha-w- c:\users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]

"SigmatelSysTrayApp"="sttray.exe" [2010-04-08 303104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNjY5ODU1NzQ1LVQxNC1CQSsxLUtWMys3LUZQOSs2LVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzUtRjlNMTBCKzEtRjlNMisxLUREVCswLUZMMTArMQ∏=90&ver=10.0.1388" [?]

.

c:\users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-6-12 447952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 05:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 10:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-11-12 07:19 446976 ----a-w- c:\program files\DellSupport\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-08-11 21:32 30192 ---ha-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-10-03 16:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]

2009-07-22 18:40 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 19:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-05-02 23:16 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-02-26 01:23 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-04-21 19:39 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]

2010-11-11 18:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

.

R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-06-14 29248]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-11 30192]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2656.tmp [2010-05-26 6144]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 174720]

R3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-07-09 35816]

R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2011-07-09 24416]

R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\program files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [2009-03-21 32408]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1343400]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 268528]

S0 19621722;19621722 Boot Guard Driver;c:\windows\system32\DRIVERS\19621722.sys [2009-10-22 37392]

S1 19621721;19621721;c:\windows\system32\DRIVERS\19621721.sys [2009-09-25 128016]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]

S2 Connectify;Connectify;c:\program files\Connectify\Connectifyd.exe [2011-03-09 892992]

S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-06-14 29248]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]

S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-11-19 16256]

.

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.altavista.com/

mStart Page = hxxp://www.yahoo.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\ydno7wt2.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e0e7c9e&i=23&tp=ab&nt=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\2656.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-07-10 14:51:50

ComboFix-quarantined-files.txt 2011-07-10 19:51

ComboFix2.txt 2011-07-02 01:36

ComboFix3.txt 2011-07-01 22:43

.

Pre-Run: 5,261,942,784 bytes free

Post-Run: 4,839,673,856 bytes free

.

- - End Of File - - 48DAAE8B31D8B7434972BBEBECB7DE91

Results of screen317's Security Check version 0.99.17

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 21

Java SE Runtime Environment 6

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.1.102.64

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to post
Share on other sites

First, thank you very much for your willingness to help.

No problem :)

I've uninstalled the software you suggested and run the scans. I am not able to get TDSSKiller to run: I double clicked and also right clicked and attempted run as administrator.

Try renaming it Cheese.exe

Let me know if you can run it after that ;)

Link to post
Share on other sites

Okay, let's try this ;):

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Once in Safe Mode, locate TDSSKiller.exe, and run it. If you are successful, please let it fix what it finds and post the log it creates. If you can't get it to run please post back here ;).

Link to post
Share on other sites

Let's do this:

Navigate to Start

In the Search Bar, type sigverif and hit Enter.

The Windows Signature Verification Utility will open up.

Click Start. The program will scan all device drivers.

After it has finished, Click on Advanced & select View Log.

A log will open up. Please copy and paste that log here for me to see. ;)

Link to post
Share on other sites

Here ya go, nice to see something run normally :)

********************************

Microsoft Signature Verification

Log file generated on 7/10/2011 at 5:28 PM

OS Platform: Windows (x86), Version: 6.1, Build: 7600, CSDVersion:

Scan Results: Total Files: 208, Signed: 202, Unsigned: 5, Not Scanned: 1

File Modified Version Status Catalog Signed By

------------------ ------------ ----------- ------------ ----------- -------------------

[c:\program files\conexant\cnxt_modem_hdaudio_ven_14f1&dev_2bfa&subsys_14f100c3]

hxfsetup.exe 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher

[c:\program files\dellsupport\drivers]

dsunidrv.sys 8/17/2006 1.0.0.9 Not Signed N/A

[c:\program files\dellsupport\gtaction\triggers]

dsproct.sys 10/5/2006 2.0.0.30 Not Signed N/A

[c:\program files\superantispyware]

sasdifsv.sys 2/17/2010 None Signed N/A

saskutil.sys 5/10/2010 None Signed N/A

[c:\program files\synaptics\syntp]

instnt.exe 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

syncntxt.rtf 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

synisdll.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

synmood.exe 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

syntpcom.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

syntpcpl.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

syntpenh.exe 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

syntpres.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

synunst.ini 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

synzmetr.exe 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

tutorial.exe 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

[c:\program files\verizon wireless\vzaccess manager]

smsivzam5.sys 3/20/2009 None Signed N/A

[c:\windows\system32]

batt.dll 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

clfs.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

ctapo32.dll 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher

ctppld.dll 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher

hccutils.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

hkcmd.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

ig4dev32.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

ig4icd32.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igdumd32.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxcfg.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxcoin_v1930.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxcpl.cpl 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxdev.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxdo.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxexps.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxext.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxpers.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxpph.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrara.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrchs.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrcht.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrcsy.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrdan.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrdeu.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrell.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrenu.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxresp.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxress.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrfin.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrfra.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrheb.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrhun.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrita.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrjpn.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrkor.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrnld.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrnor.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrplk.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrptb.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrptg.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrrus.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrsky.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrslv.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrsve.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrtha.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxrtrk.lrc 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxsrvc.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxsrvc.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxtmm.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

igfxtray.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

iglhxa32.cpa 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

iglhxa32.vp 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

iglhxc32.vp 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

iglhxg32.vp 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

iglhxo32.vp 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

iglhxs32.vp 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

mdmxsdk.dll 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher

oemdspif.dll 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

rixdicon.dll 11/20/2006 2:5.00 Signed rixdptsk.cat Microsoft Windows Hardware Compatibility Publisher

savrkboottasks.sys 5/26/2010 1.5.3.1 Not Signed N/A

snymsico.dll 11/20/2006 2:5.00 Signed rimsptsk.cat Microsoft Windows Hardware Compatibility Publisher

staco.dll 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher

stapi32.dll 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher

stapo.dll 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher

storprop.dll 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

streamci.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

syncom.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

synctrl.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

syntpapi.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

syntpco4.dll 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

sysfxui.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

tvwsetup.exe 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

uci32113.dll 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher

wdfcoinstaller01000. 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

wmalfxgfxdsp.dll 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

[c:\windows\system32\drivers]

1394ohci.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

19621721.sys 9/25/2009 None Signed N/A

19621722.sys 10/22/2009 None Signed N/A

acpi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

afd.sys 4/24/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_5_for_KB2503Microsoft Windows

agilevpn.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

asyncmac.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

atapi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

ataport.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

battc.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

bcm4sbxp.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

blbdrive.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

cdrom.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

cmbatt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

cng.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

compbatt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

compositebus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

connctfy.sys 6/14/2010 None Signed N/A

csc.sys 7/13/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-OfMicrosoft Windows

del1028.cty 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher

discache.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

disk.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

drmk.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

drmkaud.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

dxgkrnl.sys 10/1/2009 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB9744Microsoft Windows

fvevol.sys 7/13/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-SeMicrosoft Windows

hdaudbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

hsx_cnxt.sys 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher

hsx_dpv.sys 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher

hsxhwazl.sys 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher

http.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

hwpolicy.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

i8042prt.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

igdkmd32.sys 9/23/2009 2:6.1 Signed igdlh.cat Microsoft Windows Hardware Compatibility Publisher

intelide.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

intelppm.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

ipnat.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

kbdclass.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

ksecdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

ksecpkg.sys 12/11/2009 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB9804Microsoft Windows

lltdio.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

lvpr2mon.sys 10/7/2009 None Signed N/A

mdmxsdk.sys 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher

modem.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

monitor.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

mouclass.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

mountmgr.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

mpsdrv.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

msisadrv.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

mskssrv.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

mspclock.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

mspqm.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

mssmbios.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

mstee.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

ndis.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

ndistapi.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

ndisuio.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

ndiswan.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

netbt.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

netw5v32.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

nsiproxy.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

nwifi.sys 7/13/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Windows-ClMicrosoft Windows

pacer.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

partizan.sys 7/8/2011 None Signed N/A

pci.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

pciidex.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

pcw.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

peauth.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

pnetmdm.sys 9/28/2006 4.0.0.0 Not Signed N/A

portcls.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

rasl2tp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

raspppoe.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

raspptp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

rassstp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

rdpbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

rdpcdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

rdpencdd.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

rdprefmp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

rimmptsk.sys 11/20/2006 2:5.00 Signed rimmptsk.cat Microsoft Windows Hardware Compatibility Publisher

rimsptsk.sys 11/20/2006 2:5.00 Signed rimsptsk.cat Microsoft Windows Hardware Compatibility Publisher

rixdptsk.sys 11/20/2006 2:5.00 Signed rixdptsk.cat Microsoft Windows Hardware Compatibility Publisher

rspndr.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

sdbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-ClMicrosoft Windows

sermouse.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

stwrt.sys 2/8/2007 2:6.0 Signed stwrt.cat Microsoft Windows Hardware Compatibility Publisher

swenum.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

syntp.sys 11/20/2006 2:6.0 Signed syntp.cat Microsoft Windows Hardware Compatibility Publisher

tcpip.sys 4/24/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_5_for_KB2503Microsoft Windows

tcpipreg.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

tdx.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

termdd.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

tosporte.sys 6/17/2009 2:5.00 Signed tosporte.cat Microsoft Windows Hardware Compatibility Publisher

tosrfcom.sys 7/28/2009 2:5.00 Signed tosrfcom.cat Microsoft Windows Hardware Compatibility Publisher

truecrypt.sys 11/21/2009 None Signed N/A

tunnel.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

umbus.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

usbd.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

usbehci.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

usbhub.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

usbport.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

usbuhci.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

vad.sys 11/18/2010 1.0.1.2 Not Signed N/A

vdrvroot.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

vga.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

vmstorfl.sys 7/13/2009 2:5.1,2:5.2,2:6.0,2:Signed Microsoft-Hyper-V-GuMicrosoft Windows

volmgr.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

volmgrx.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

volsnap.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

wanarp.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

wdf01000.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

wfplwf.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

wmiacpi.sys 7/13/2009 2:5.1 Signed Microsoft-Windows-CoMicrosoft Windows

wudfpf.sys 7/13/2009 2:6.1 Signed nt5.cat Microsoft Windows

xaudio.exe 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher

xaudio.sys 11/11/2006 2:6.0 Signed dellhdaz.cat Microsoft Windows Hardware Compatibility Publisher

Unscanned Files:

------------------

[c:\windows\c:\users\deb\appdata\local\temp]

catchme.sys The directory name is invalid.

Link to post
Share on other sites

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

Link to post
Share on other sites

Another successful scan:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: MXC062

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 181):

0x82E14000 \SystemRoot\system32\ntkrnlpa.exe

0x83224000 \SystemRoot\system32\halmacpi.dll

0x80B99000 \SystemRoot\system32\kdcom.dll

0x83406000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x8347E000 \SystemRoot\system32\PSHED.dll

0x8348F000 \SystemRoot\system32\BOOTVID.dll

0x83497000 \SystemRoot\system32\CLFS.SYS

0x834D9000 \SystemRoot\system32\CI.dll

0x83584000 \SystemRoot\system32\drivers\Wdf01000.sys

0x83603000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x83611000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x83659000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x83662000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x8366A000 \SystemRoot\system32\DRIVERS\pci.sys

0x83694000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x8369F000 \SystemRoot\System32\drivers\partmgr.sys

0x836B0000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x836B8000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x836C3000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x836D3000 \SystemRoot\System32\drivers\volmgrx.sys

0x8371E000 \SystemRoot\system32\DRIVERS\intelide.sys

0x83725000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x83733000 \SystemRoot\System32\drivers\mountmgr.sys

0x83749000 \SystemRoot\system32\DRIVERS\atapi.sys

0x83752000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x83775000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x8377E000 \SystemRoot\system32\drivers\fltmgr.sys

0x837B2000 \SystemRoot\system32\drivers\fileinfo.sys

0x837C3000 \SystemRoot\System32\Drivers\DRVMCDB.SYS

0x837D9000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8BC0F000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8BD3E000 \SystemRoot\System32\Drivers\msrpc.sys

0x8BD69000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8BD7C000 \SystemRoot\System32\Drivers\cng.sys

0x8BDD9000 \SystemRoot\System32\drivers\pcw.sys

0x8BDE7000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8BE29000 \SystemRoot\system32\drivers\ndis.sys

0x8BEE0000 \SystemRoot\system32\drivers\NETIO.SYS

0x8BF1E000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8C023000 \SystemRoot\System32\drivers\tcpip.sys

0x8C16C000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8C19D000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x8C1A6000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8C1E5000 \SystemRoot\System32\Drivers\spldr.sys

0x8BF43000 \SystemRoot\System32\drivers\rdyboost.sys

0x8C1ED000 \SystemRoot\System32\Drivers\mup.sys

0x8C000000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8BF70000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8C008000 \SystemRoot\system32\DRIVERS\disk.sys

0x8BFA2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x8BFC7000 \SystemRoot\system32\DRIVERS\19621722.sys

0x8BE00000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8BE1F000 \??\C:\Windows\system32\SAVRKBootTasks.sys

0x8C1FD000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0x8BDF0000 \SystemRoot\System32\Drivers\Null.SYS

0x8BDF7000 \SystemRoot\System32\Drivers\Beep.SYS

0x8BC00000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0x837E2000 \SystemRoot\System32\drivers\vga.sys

0x90E09000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x90E2A000 \SystemRoot\System32\drivers\watchdog.sys

0x90E37000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x90E3F000 \SystemRoot\system32\drivers\rdpencdd.sys

0x90E47000 \SystemRoot\system32\drivers\rdprefmp.sys

0x90E4F000 \SystemRoot\System32\Drivers\Msfs.SYS

0x90E5A000 \SystemRoot\System32\Drivers\Npfs.SYS

0x90E68000 \SystemRoot\system32\DRIVERS\tdx.sys

0x90E7F000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x90E8A000 \SystemRoot\System32\DRIVERS\netbt.sys

0x90EBC000 \SystemRoot\system32\drivers\afd.sys

0x90F16000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x90F1D000 \SystemRoot\system32\DRIVERS\pacer.sys

0x90F3C000 \SystemRoot\system32\DRIVERS\netbios.sys

0x90F4A000 \SystemRoot\System32\Drivers\tosrfcom.sys

0x90F5A000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x90F6D000 \SystemRoot\System32\drivers\truecrypt.sys

0x90FA2000 \SystemRoot\system32\DRIVERS\termdd.sys

0x90FB2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

0x90FD4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

0x91A2D000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x91A6E000 \SystemRoot\system32\drivers\nsiproxy.sys

0x91A78000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x91A82000 \SystemRoot\System32\drivers\discache.sys

0x91A8E000 \SystemRoot\system32\drivers\csc.sys

0x91AF2000 \SystemRoot\System32\Drivers\dfsc.sys

0x91B0A000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x9200C000 \SystemRoot\system32\DRIVERS\19621721.sys

0x9252C000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x9254D000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x9255F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x92568000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x92626000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x92B2F000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x9256C000 \SystemRoot\System32\drivers\dxgmms1.sys

0x92600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x92E23000 \SystemRoot\system32\DRIVERS\netw5v32.sys

0x93236000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x93241000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x9328C000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x9329B000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

0x932AC000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x932D8000 \SystemRoot\system32\DRIVERS\sdbus.sys

0x932F1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys

0x932FF000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

0x93313000 \SystemRoot\system32\DRIVERS\rixdptsk.sys

0x93364000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x9337C000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x933A7000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x933A9000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x933B6000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x933C3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x933C9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x933DF000 \SystemRoot\system32\drivers\vad.sys

0x925A5000 \SystemRoot\system32\drivers\portcls.sys

0x933E3000 \SystemRoot\system32\drivers\drmk.sys

0x91B18000 \SystemRoot\system32\drivers\ks.sys

0x92E00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x92BE6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x92E12000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x925D4000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x91B4C000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x91B64000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x91B7B000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x925F6000 \SystemRoot\system32\DRIVERS\connctfy.sys

0x92E1D000 \SystemRoot\system32\DRIVERS\pnetmdm.sys

0x91B92000 \SystemRoot\system32\drivers\modem.sys

0x92000000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x92E20000 \SystemRoot\system32\DRIVERS\swenum.sys

0x91B9F000 \SystemRoot\system32\DRIVERS\umbus.sys

0x91BAD000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x91A00000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x9183E000 \SystemRoot\system32\drivers\stwrt.sys

0x918E1000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys

0x9340B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys

0x9350E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys

0x935C2000 \SystemRoot\system32\DRIVERS\tosporte.sys

0x935CD000 \SystemRoot\System32\Drivers\crashdmp.sys

0x935DA000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x935E5000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x935EE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x94DA0000 \SystemRoot\System32\win32k.sys

0x93400000 \SystemRoot\System32\drivers\Dxapi.sys

0x9191E000 \SystemRoot\system32\DRIVERS\monitor.sys

0x94C00000 \SystemRoot\System32\TSDDD.dll

0x94C30000 \SystemRoot\System32\cdd.dll

0x94C50000 \SystemRoot\System32\ATMFD.DLL

0x91929000 \SystemRoot\system32\drivers\luafv.sys

0x91944000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0x9340A000 \SystemRoot\System32\DLA\DLADResM.SYS

0x9194F000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0x91967000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0x9196C000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0x9196E000 \SystemRoot\system32\drivers\WudfPf.sys

0x91988000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0x9198F000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0x91996000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0x919AC000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0x919C3000 \SystemRoot\system32\DRIVERS\lltdio.sys

0xA9A24000 \SystemRoot\system32\DRIVERS\nwifi.sys

0xA9A6A000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA9A7A000 \SystemRoot\system32\DRIVERS\rspndr.sys

0xA9A8D000 \SystemRoot\system32\drivers\HTTP.sys

0xA9B12000 \SystemRoot\system32\DRIVERS\bowser.sys

0xA9B2B000 \SystemRoot\System32\drivers\mpsdrv.sys

0xA9B3D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xA9B60000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0xA9B9B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0xA9BCE000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys

0xA9BD0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xACC0A000 \SystemRoot\system32\drivers\peauth.sys

0xACCA1000 \SystemRoot\System32\Drivers\secdrv.SYS

0xACCAB000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xACCCC000 \SystemRoot\System32\drivers\tcpipreg.sys

0xACCD9000 \SystemRoot\system32\DRIVERS\xaudio.sys

0xACCE1000 \SystemRoot\System32\DRIVERS\srv2.sys

0xACD30000 \SystemRoot\System32\DRIVERS\srv.sys

0xACD82000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys

0xACD87000 \SystemRoot\System32\Drivers\fastfat.SYS

0xB8E77000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x76F80000 \Windows\System32\ntdll.dll

0x479D0000 \Windows\System32\smss.exe

0x771C0000 \Windows\System32\apisetschema.dll

Processes (total 53):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

436 csrss.exe

492 C:\Windows\System32\wininit.exe

500 csrss.exe

552 C:\Windows\System32\services.exe

576 C:\Windows\System32\winlogon.exe

588 C:\Windows\System32\lsass.exe

596 C:\Windows\System32\lsm.exe

716 C:\Windows\System32\svchost.exe

816 C:\Windows\System32\svchost.exe

884 C:\Windows\System32\svchost.exe

944 C:\Windows\System32\svchost.exe

968 C:\Windows\System32\svchost.exe

1140 C:\Windows\System32\svchost.exe

1308 C:\Windows\System32\svchost.exe

1472 C:\Windows\System32\spoolsv.exe

1508 C:\Windows\System32\svchost.exe

1592 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1620 C:\Program Files\Bonjour\mDNSResponder.exe

1640 C:\Program Files\Connectify\Connectifyd.exe

1800 C:\Windows\System32\svchost.exe

1824 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

1916 C:\Windows\System32\taskhost.exe

408 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

504 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

1172 C:\Windows\System32\dwm.exe

1348 C:\Windows\explorer.exe

2044 C:\Program Files\Dell Support Center\bin\sprtsvc.exe

2076 C:\Windows\System32\stacsv.exe

2184 C:\Windows\System32\svchost.exe

2252 C:\Windows\System32\drivers\XAudio.exe

2412 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

2612 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2652 C:\Windows\sttray.exe

2660 C:\Windows\System32\hkcmd.exe

2676 C:\Windows\System32\igfxpers.exe

2756 C:\Windows\System32\igfxsrvc.exe

2804 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

2872 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe

3092 C:\Program Files\PdaNet for Android\PdaNetPC.exe

3360 C:\Windows\System32\SearchIndexer.exe

912 C:\Windows\System32\svchost.exe

1740 C:\Windows\System32\wuauclt.exe

3392 C:\Program Files\Internet Explorer\iexplore.exe

3764 C:\Program Files\Internet Explorer\iexplore.exe

3064 C:\Windows\System32\audiodg.exe

2392 C:\Windows\System32\SearchFilterHost.exe

3892 C:\Windows\System32\SearchProtocolHost.exe

1860 C:\Users\Deb\Desktop\MBRCheck.exe

904 C:\Windows\System32\conhost.exe

3544 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC74P

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done!

Link to post
Share on other sites

Please do the following:

  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

Please include both the aswMBR log and MBR.dat zip folder in your next reply ;)

Link to post
Share on other sites

Ok, after a rather long scan, I wasn't able to zip the DAT file and I received a message saying I was not allowed to upload that type of file. I renamed to 'mbr.txt' and it's attached.

Log file:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software

Run date: 2011-07-10 18:07:58

-----------------------------

18:07:58.385 OS Version: Windows 6.1.7600

18:07:58.385 Number of processors: 2 586 0xF02

18:07:58.386 ComputerName: DEB-PC UserName: Deb

18:07:59.894 Initialize success

18:09:28.525 AVAST engine defs: 11071001

18:09:32.840 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

18:09:32.843 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC74P Size: 76319MB BusType: 3

18:09:34.875 Disk 0 MBR read successfully

18:09:34.878 Disk 0 MBR scan

18:09:34.883 Disk 0 Windows 7 default MBR code

18:09:36.888 Disk 0 scanning sectors +156299264

18:09:36.933 Disk 0 scanning C:\Windows\system32\drivers

18:09:51.733 Service scanning

18:09:53.225 Disk 0 trace - called modules:

18:09:53.257 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86738f16]<<

18:09:53.263 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8671c860]

18:09:53.268 3 CLASSPNP.SYS[8bfa659e] -> nt!IofCallDriver -> [0x8627d918]

18:09:53.275 5 ACPI.sys[8361a3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8597b610]

18:09:53.283 \Driver\atapi[0x86263688] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86738f16

18:09:55.148 AVAST engine scan C:\Windows

18:58:22.558 AVAST engine scan C:\Users\Deb

19:15:38.153 AVAST engine scan C:\ProgramData

19:18:33.648 Scan finished successfully

19:24:31.402 Disk 0 MBR has been saved successfully to "C:\Users\Deb\Desktop\MBR.dat"

19:24:31.409 The log file has been saved successfully to "C:\Users\Deb\Desktop\aswMBR.txt"

MBR.txt

Link to post
Share on other sites

We still have some more to do ;)

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

c:\windows\system32\drivers\19621722.sys

c:\windows\system32\drivers\1962172.sys

c:\windows\system32\drivers\19621721.sys

c:\windows\system32\2656.tmp

c:\windows\system32\8FA2.tmp

Driver::

19621721

1962172

19621722

MEMSWEEP2

Reglock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

Here's the Combofix log, the redirect seems to be gone but when clicking on a search link, a blank window comes up. For instance, a search for Food Network yields this web address: ]http://www.google.com/search?sclient=psy&hl=en&source=hp&q=food+network&aq=0&aqi=g5&aql=&oq=foo&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=6a63bd3f03970b03&biw=1280&bih=627&tch=3&ech=2ψ=0WUaTqHTHsjr0QHdvpg5.1310352855015.1&wrapid=tlif131035285501510 but shows a blank page when clicked on.

Combofix

ComboFix 11-07-10.05 - Deb 07/10/2011 20:52:25.4.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3318.1713 [GMT -5:00]

Running from: C:\Users\Deb\Desktop\ComboFix.exe

Command switches used :: C:\Users\Deb\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::

"c:\windows\system32\2656.tmp"

"c:\windows\system32\8FA2.tmp"

"c:\windows\system32\drivers\1962172.sys"

"c:\windows\system32\drivers\19621721.sys"

"c:\windows\system32\drivers\19621722.sys"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\system32\2656.tmp

c:\windows\system32\8FA2.tmp

c:\windows\system32\drivers\1962172.sys

c:\windows\system32\drivers\19621721.sys

c:\windows\system32\drivers\19621722.sys

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_19621721

-------\Legacy_19621722

-------\Service_19621721

-------\Service_19621722

-------\Service_MEMSWEEP2

((((((((((((((((((((((((( Files Created from 2011-06-11 to 2011-07-11 )))))))))))))))))))))))))))))))

2011-07-11 02:27:43 . 2011-07-11 02:33:21 -------- d-----w- C:\Users\Deb\AppData\Local\temp

2011-07-11 02:27:43 . 2011-07-11 02:27:43 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp

2011-07-11 02:27:43 . 2011-07-11 02:27:43 -------- d-----w- C:\Users\Guest\AppData\Local\temp

2011-07-11 02:27:43 . 2011-07-11 02:27:43 -------- d-----w- C:\Users\Default\AppData\Local\temp

2011-07-10 21:28:18 . 2011-07-10 21:28:18 309320 ----a-w- C:\Windows\system32\drivers\TrufosAlt.sys

2011-07-10 19:52:25 . 2011-07-11 02:30:38 -------- d-----w- C:\Users\Chuck\AppData\Local\temp

2011-07-10 18:43:05 . 2011-06-20 13:57:22 7074640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D58ADFF-C461-4595-A493-E649FE996BE4}\mpengine.dll

2011-07-09 01:47:54 . 2011-07-09 01:47:54 24416 ----a-w- C:\Windows\system32\drivers\regguard.sys

2011-07-09 01:43:03 . 2011-07-09 01:43:03 39192 ----a-w- C:\Windows\system32\Partizan.exe

2011-07-09 01:43:03 . 2011-07-09 01:43:03 35816 ----a-w- C:\Windows\system32\drivers\Partizan.sys

2011-07-09 01:41:59 . 2011-07-09 01:41:59 2 --shatr- C:\Windows\winstart.bat

2011-07-09 01:41:53 . 2011-07-09 01:41:53 -------- d-----w- C:\Program Files\Greatis

2011-07-07 18:52:39 . 2011-07-07 18:52:39 -------- d-----w- C:\$AVG

2011-07-06 03:46:16 . 2011-07-06 03:46:16 -------- d-----w- C:\Users\Deb\DoctorWeb

2011-07-06 00:31:34 . 2011-07-06 00:31:34 -------- d-----w- C:\Users\Chuck\AppData\Roaming\SUPERAntiSpyware.com

2011-07-06 00:31:25 . 2011-07-06 00:31:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-07-06 00:29:09 . 2010-05-26 15:45:04 18816 ------w- C:\Windows\system32\SAVRKBootTasks.sys

2011-07-05 22:18:36 . 2011-07-05 22:18:36 -------- d-----w- C:\Program Files\Sophos

2011-07-05 20:46:56 . 2011-07-05 20:46:56 -------- d-----w- C:\Users\Guest\AppData\Roaming\AVG10

2011-07-02 16:55:50 . 2011-07-02 16:55:50 -------- d-----w- C:\Users\Chuck\AppData\Roaming\AVG10

2011-07-02 02:05:28 . 2011-07-02 02:05:28 -------- d-----w- C:\Users\Deb\AppData\Roaming\AVG10

2011-07-02 02:02:34 . 2011-07-10 18:02:39 -------- d-----w- C:\ProgramData\AVG10

2011-07-02 01:53:24 . 2011-07-10 17:57:58 -------- d-----w- C:\ProgramData\MFAData

2011-07-01 20:20:34 . 2011-07-02 01:40:24 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-07-01 18:57:04 . 2011-07-01 18:57:04 -------- d-----w- C:\Users\Deb\AppData\Roaming\SUPERAntiSpyware.com

2011-07-01 18:57:04 . 2011-07-01 18:57:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-06-30 23:02:52 . 2011-07-10 17:58:24 -------- d-----w- C:\ProgramData\STOPzilla!

2011-06-30 19:16:38 . 2011-06-30 19:16:38 -------- d-----w- C:\Users\Deb\AppData\Roaming\Malwarebytes

2011-06-29 22:41:49 . 2011-06-29 22:41:49 -------- d--h--w- C:\Users\Deb\AppData\Local\Apple Computer

2011-06-29 19:44:36 . 2011-05-24 10:35:34 294912 ----a-w- C:\Windows\system32\umpnpmgr.dll

2011-06-16 13:01:50 . 2011-05-03 04:50:29 740864 ----a-w- C:\Windows\system32\inetcomm.dll

2011-06-16 13:01:49 . 2010-12-18 05:31:23 571904 ----a-w- C:\Windows\system32\oleaut32.dll

2011-06-16 13:01:48 . 2011-04-27 02:33:46 78336 ----a-w- C:\Windows\system32\drivers\dfsc.sys

2011-06-16 13:00:38 . 2011-04-29 02:57:34 311296 ----a-w- C:\Windows\system32\drivers\srv.sys

2011-06-16 13:00:38 . 2011-04-29 02:57:21 309760 ----a-w- C:\Windows\system32\drivers\srv2.sys

2011-06-16 13:00:38 . 2011-04-29 02:57:13 114176 ----a-w- C:\Windows\system32\drivers\srvnet.sys

2011-06-16 13:00:38 . 2011-04-25 04:56:06 1286016 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2011-06-16 13:00:37 . 2011-04-25 02:35:40 338944 ----a-w- C:\Windows\system32\drivers\afd.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-05-29 14:11:30 . 2010-07-18 20:27:57 39984 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys

2011-05-25 00:14:10 . 2009-10-03 21:56:20 222080 ------w- C:\Windows\system32\MpSigStub.exe

((((((((((((((((((((((((((((( SnapShot_2011-07-10_19.36.14 )))))))))))))))))))))))))))))))))))))))))

- 2011-07-06 02:05:40 . 2011-07-10 18:23:49 32768 C:\Windows\temp\Temporary Internet Files\Content.IE5\index.dat

+ 2011-07-06 02:05:40 . 2011-07-11 02:31:11 32768 C:\Windows\temp\Temporary Internet Files\Content.IE5\index.dat

+ 2011-07-06 02:05:40 . 2011-07-11 02:31:11 16384 C:\Windows\temp\History\History.IE5\index.dat

- 2011-07-06 02:05:40 . 2011-07-10 18:23:49 16384 C:\Windows\temp\History\History.IE5\index.dat

+ 2011-07-06 02:05:40 . 2011-07-11 02:31:11 16384 C:\Windows\temp\Cookies\index.dat

- 2011-07-06 02:05:40 . 2011-07-10 18:23:49 16384 C:\Windows\temp\Cookies\index.dat

+ 2009-12-28 04:15:01 . 2011-07-10 20:48:07 70370 C:\Windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2010-03-29 13:44:04 . 2011-07-10 21:22:23 33638 C:\Windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 04:55:35 . 2011-07-10 18:25:34 44840 C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55:35 . 2011-07-11 02:33:01 44840 C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-08-04 02:25:45 . 2011-07-11 02:30:53 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-08-04 02:25:45 . 2011-07-10 18:23:31 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:34:52 . 2011-07-10 21:27:46 65840 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2010-08-04 02:25:45 . 2011-07-11 02:30:53 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-08-04 02:25:45 . 2011-07-10 18:23:31 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-08-04 02:25:45 . 2011-07-10 18:23:31 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-08-04 02:25:45 . 2011-07-11 02:30:53 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-28 01:57:37 . 2011-07-10 19:03:45 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-28 01:57:37 . 2011-07-11 02:03:38 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-28 01:57:37 . 2011-07-10 19:03:45 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-28 01:57:37 . 2011-07-11 02:03:38 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-07-10 18:23:25 . 2011-07-10 18:23:25 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-10 21:20:09 . 2011-07-11 02:30:52 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-07-10 21:20:09 . 2011-07-11 02:30:52 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-07-10 18:23:25 . 2011-07-10 18:23:25 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-11 02:31:04 . 2009-10-07 07:47:22 109080 C:\Windows\temp\logishrd\LVPrcInj01.dll

- 2009-07-14 02:03:41 . 2011-07-10 18:53:37 7077888 C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:03:41 . 2011-07-10 21:33:47 7077888 C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-01-21 03:49:58 213816]

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36:00 94208 ---ha-w- C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36:00 94208 ---ha-w- C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36:00 94208 ---ha-w- C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36:00 94208 ---ha-w- C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 13:50:31 2424192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 17:51:10 815104]

"SigmatelSysTrayApp"="sttray.exe" [2010-04-08 14:08:14 303104]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-24 00:30:48 173592]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-24 00:30:48 150552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ&inst=NzctNjY5ODU1NzQ1LVQxNC1CQSsxLUtWMys3LUZQOSs2LVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzUtRjlNMTBCKzEtRjlNMisxLUREVCswLUZMMTArMQ∏=90&ver=10.0.1388" [?]

C:\Users\Deb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

PdaNet Desktop.lnk - C:\Program Files\PdaNet for Android\PdaNetPC.exe [2010-6-12 447952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 05:07:44 932288 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 10:47:04 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-11-12 07:19:46 446976 ----a-w- C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 15:55:32 206064 ----a-w- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24:00 16384 ----a-w- C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-08-11 21:32:58 30192 ---ha-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-10-03 16:37:04 81920 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]

2009-07-22 18:40:40 83336 ----a-w- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 06:10:52 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 19:36:56 2793304 ----a-w- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-05-02 23:16:54 184320 ----a-w- C:\Program Files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-02-26 01:23:34 443968 ----a-w- C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 15:17:42 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-04-21 19:39:16 24264488 ----a-r- C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]

2010-11-11 18:55:46 159472 ----a-w- C:\Program Files\Zune\ZuneLauncher.exe

R3 CFcatchme;CFcatchme;C:\Users\Deb\AppData\Local\Temp\CFcatchme.sys [x]

R3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys [2010-06-14 12:05:20 29248]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-11 21:32:58 30192]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys [2009-06-03 16:01:26 174720]

R3 Partizan;Partizan;C:\Windows\system32\drivers\Partizan.sys [2011-07-09 01:43:03 35816]

R3 RegGuard;RegGuard;C:\Windows\system32\Drivers\regguard.sys [2011-07-09 01:47:54 24416]

R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [2009-03-21 01:03:36 32408]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-10 11:42:58 1343400]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 18:57:04 268528]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 18:25:48 12872]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 18:41:30 67656]

S1 SAVRKBootTasks;Boot Tasks Driver;C:\Windows\system32\SAVRKBootTasks.sys [2010-05-26 15:45:04 18816]

S2 Connectify;Connectify;C:\Program Files\Connectify\Connectifyd.exe [2011-03-09 22:17:16 892992]

S3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys [2010-06-14 12:05:20 29248]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 22:02:51 4231168]

S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 20:32:14 9472]

S3 VAD_DEV;Virtual Audio Service;C:\Windows\system32\drivers\vad.sys [2010-11-19 00:13:38 16256]

------- Supplementary Scan -------

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://www.altavista.com/

mStart Page = hxxp://www.yahoo.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - C:\Users\Deb\AppData\Roaming\Mozilla\Firefox\Profiles\ydno7wt2.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e0e7c9e&i=23&tp=ab&nt=1&q=

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2844)

C:\Users\Deb\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll

C:\Windows\system32\DLAAPI_W.DLL

C:\Program Files\Roxio\Drag-to-Disc\ShellRes.dll

------------------------ Other Running Processes ------------------------

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\STacSV.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\sttray.exe

C:\Windows\system32\igfxsrvc.exe

**************************************************************************

Completion time: 2011-07-10 21:50:27 - machine was rebooted

Link to post
Share on other sites

Good morning, D-Fred (morning here anyway)

Here this morning's MBRcheck log. I am still unable to get TDSSKiller to run.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: MXC062

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 179):

0x82E3B000 \SystemRoot\system32\ntkrnlpa.exe

0x82E04000 \SystemRoot\system32\halmacpi.dll

0x80BA9000 \SystemRoot\system32\kdcom.dll

0x83434000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x834AC000 \SystemRoot\system32\PSHED.dll

0x834BD000 \SystemRoot\system32\BOOTVID.dll

0x834C5000 \SystemRoot\system32\CLFS.SYS

0x83507000 \SystemRoot\system32\CI.dll

0x8361D000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8368E000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8369C000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x836E4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x836ED000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x836F5000 \SystemRoot\system32\DRIVERS\pci.sys

0x8371F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x8372A000 \SystemRoot\System32\drivers\partmgr.sys

0x8373B000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x83743000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x8374E000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x8375E000 \SystemRoot\System32\drivers\volmgrx.sys

0x837A9000 \SystemRoot\system32\DRIVERS\intelide.sys

0x837B0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x837BE000 \SystemRoot\System32\drivers\mountmgr.sys

0x837D4000 \SystemRoot\system32\DRIVERS\atapi.sys

0x837DD000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x83600000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x835B2000 \SystemRoot\system32\drivers\fltmgr.sys

0x83609000 \SystemRoot\system32\drivers\fileinfo.sys

0x835E6000 \SystemRoot\System32\Drivers\DRVMCDB.SYS

0x83400000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8BC2F000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8BD5E000 \SystemRoot\System32\Drivers\msrpc.sys

0x8BD89000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8BD9C000 \SystemRoot\System32\Drivers\cng.sys

0x8BC00000 \SystemRoot\System32\drivers\pcw.sys

0x8BC0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8BE27000 \SystemRoot\system32\drivers\ndis.sys

0x8BEDE000 \SystemRoot\system32\drivers\NETIO.SYS

0x8BF1C000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8C02C000 \SystemRoot\System32\drivers\tcpip.sys

0x8C175000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8C1A6000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x8C1AF000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8C1EE000 \SystemRoot\System32\Drivers\spldr.sys

0x8BF41000 \SystemRoot\System32\drivers\rdyboost.sys

0x8C000000 \SystemRoot\System32\Drivers\mup.sys

0x8C010000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8BF6E000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8C018000 \SystemRoot\system32\DRIVERS\disk.sys

0x8BFA0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x8BE00000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8BE1F000 \??\C:\Windows\system32\SAVRKBootTasks.sys

0x8C029000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0x8BFEE000 \SystemRoot\System32\Drivers\Null.SYS

0x8BFF5000 \SystemRoot\System32\Drivers\Beep.SYS

0x8BC17000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0x8BC1D000 \SystemRoot\System32\drivers\vga.sys

0x83409000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x93001000 \SystemRoot\System32\drivers\watchdog.sys

0x9300E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x93016000 \SystemRoot\system32\drivers\rdpencdd.sys

0x9301E000 \SystemRoot\system32\drivers\rdprefmp.sys

0x93026000 \SystemRoot\System32\Drivers\Msfs.SYS

0x93031000 \SystemRoot\System32\Drivers\Npfs.SYS

0x9303F000 \SystemRoot\system32\DRIVERS\tdx.sys

0x93056000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x93061000 \SystemRoot\System32\DRIVERS\netbt.sys

0x93093000 \SystemRoot\system32\drivers\afd.sys

0x930ED000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x930F4000 \SystemRoot\system32\DRIVERS\pacer.sys

0x93113000 \SystemRoot\system32\DRIVERS\netbios.sys

0x93121000 \SystemRoot\System32\Drivers\tosrfcom.sys

0x93131000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x93144000 \SystemRoot\System32\drivers\truecrypt.sys

0x93179000 \SystemRoot\system32\DRIVERS\termdd.sys

0x93189000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

0x931AB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

0x931B1000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x931F2000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8342A000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x92E1F000 \SystemRoot\System32\drivers\discache.sys

0x92E2B000 \SystemRoot\system32\drivers\csc.sys

0x92E8F000 \SystemRoot\System32\Drivers\dfsc.sys

0x92EA7000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x92EB5000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x92ED6000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x92EE8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x92EF1000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x9342E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x93937000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x92EF5000 \SystemRoot\System32\drivers\dxgmms1.sys

0x93400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x93C31000 \SystemRoot\system32\DRIVERS\netw5v32.sys

0x94044000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x9404F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x9409A000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x940A9000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

0x940BA000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x940E6000 \SystemRoot\system32\DRIVERS\sdbus.sys

0x940FF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys

0x9410D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

0x94121000 \SystemRoot\system32\DRIVERS\rixdptsk.sys

0x94172000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x9418A000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x941B5000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x941B7000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x941C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x941D1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x941D7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x941ED000 \SystemRoot\system32\drivers\vad.sys

0x93C00000 \SystemRoot\system32\drivers\portcls.sys

0x92F2E000 \SystemRoot\system32\drivers\drmk.sys

0x92F47000 \SystemRoot\system32\drivers\ks.sys

0x939EE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x92F7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x941F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x92F93000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x92FB5000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x92FCD000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x92FE4000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x9341F000 \SystemRoot\system32\DRIVERS\connctfy.sys

0x941FC000 \SystemRoot\system32\DRIVERS\pnetmdm.sys

0x92E00000 \SystemRoot\system32\drivers\modem.sys

0x92E0D000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x93C2F000 \SystemRoot\system32\DRIVERS\swenum.sys

0x9463C000 \SystemRoot\system32\DRIVERS\umbus.sys

0x9464A000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x9468E000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x946A8000 \SystemRoot\system32\drivers\stwrt.sys

0x9474B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys

0x94400000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys

0x94503000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys

0x945B7000 \SystemRoot\system32\DRIVERS\tosporte.sys

0x945C2000 \SystemRoot\System32\Drivers\crashdmp.sys

0x945CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x945DA000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x945E3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x95D90000 \SystemRoot\System32\win32k.sys

0x945F4000 \SystemRoot\System32\drivers\Dxapi.sys

0x95FF0000 \SystemRoot\System32\TSDDD.dll

0x95C20000 \SystemRoot\System32\cdd.dll

0x95C40000 \SystemRoot\System32\ATMFD.DLL

0x94793000 \SystemRoot\system32\drivers\luafv.sys

0x947AE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0x945FE000 \SystemRoot\System32\DLA\DLADResM.SYS

0x947B9000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0x947D1000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0x947D6000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0x947D8000 \SystemRoot\system32\drivers\WudfPf.sys

0x947F2000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0x947F9000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0x94600000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0x94616000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0x8BFC5000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x97C01000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x97C47000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x97C57000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x97C6A000 \SystemRoot\system32\drivers\HTTP.sys

0x97CEF000 \SystemRoot\system32\DRIVERS\bowser.sys

0x97D08000 \SystemRoot\System32\drivers\mpsdrv.sys

0x97D1A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x97D3D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x97D78000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x97DAB000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys

0x97DAD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xAF215000 \SystemRoot\system32\drivers\peauth.sys

0xAF2AC000 \SystemRoot\System32\Drivers\secdrv.SYS

0xAF2B6000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xAF2D7000 \SystemRoot\System32\drivers\tcpipreg.sys

0xAF2E4000 \SystemRoot\system32\DRIVERS\xaudio.sys

0xAF2EC000 \SystemRoot\System32\DRIVERS\srv2.sys

0xAF33B000 \SystemRoot\System32\DRIVERS\srv.sys

0xAF38D000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys

0xAF392000 \SystemRoot\System32\Drivers\fastfat.SYS

0xBF0A5000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0xBF0AE000 \SystemRoot\system32\DRIVERS\monitor.sys

0x77590000 \Windows\System32\ntdll.dll

0x47B00000 \Windows\System32\smss.exe

0x777D0000 \Windows\System32\apisetschema.dll

Processes (total 53):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

436 csrss.exe

488 C:\Windows\System32\wininit.exe

500 csrss.exe

552 C:\Windows\System32\services.exe

576 C:\Windows\System32\winlogon.exe

588 C:\Windows\System32\lsass.exe

596 C:\Windows\System32\lsm.exe

712 C:\Windows\System32\svchost.exe

816 C:\Windows\System32\svchost.exe

892 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\svchost.exe

980 C:\Windows\System32\svchost.exe

1092 C:\Windows\System32\svchost.exe

1260 C:\Windows\System32\svchost.exe

1484 C:\Windows\System32\spoolsv.exe

1524 C:\Windows\System32\svchost.exe

1616 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1636 C:\Program Files\Bonjour\mDNSResponder.exe

1700 C:\Program Files\Connectify\Connectifyd.exe

1888 C:\Windows\System32\svchost.exe

1912 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

1964 C:\Windows\System32\taskhost.exe

376 C:\Windows\System32\dwm.exe

484 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

1740 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

2112 C:\Program Files\Dell Support Center\bin\sprtsvc.exe

2144 C:\Windows\System32\stacsv.exe

2280 C:\Windows\System32\svchost.exe

2360 C:\Windows\System32\drivers\XAudio.exe

2428 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

2944 WmiPrvSE.exe

3796 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3816 C:\Windows\sttray.exe

3828 C:\Windows\System32\hkcmd.exe

3840 C:\Windows\System32\igfxpers.exe

3852 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

3868 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe

3896 C:\Program Files\PdaNet for Android\PdaNetPC.exe

3944 C:\Windows\System32\igfxsrvc.exe

2872 C:\Windows\System32\SearchIndexer.exe

3836 C:\Windows\System32\svchost.exe

4508 C:\Windows\System32\wuauclt.exe

2844 C:\Windows\explorer.exe

5904 C:\Program Files\Internet Explorer\iexplore.exe

2448 C:\Program Files\Internet Explorer\iexplore.exe

5220 C:\Windows\System32\audiodg.exe

4760 C:\Users\Deb\Desktop\MBRCheck.exe

4596 C:\Windows\System32\conhost.exe

5324 C:\Windows\System32\dllhost.exe

4028 C:\Windows\System32\SearchProtocolHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC74P

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Link to post
Share on other sites

Let's try the following ;):

(split into 2 posts due to posting limitations)

Step 1

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Enter 1 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter 0 (zero) and press Enter

The following dialog will be presented:

Enter filename to dump to:

Type mbr-dump.dat and press Enter

The following dialog will be presented:

Dumped successfully!

Enter the physical disk to dump (0-99, -1 to exit):

Enter -1 and press Enter

And last the following dialog will be presented:

Done! Press ENTER to exit...

Press Enter.

A file mbr-dump.dat will be produced on the desktop. Now you have to compress this file:

  • Right click on it
  • Navigate and select Send to
  • Then navigate and select Compressed (zipped) Folder
  • A file mbr-dump.zip will be produced on the desktop

Please attach this file (mbr-dump.zip) in your next reply.

Link to post
Share on other sites

Step 2

Run MBRCheck.exe once again.

You will be presented with the following dialog:

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Enter Y and press Enter.

The following dialog will be presented:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Enter 2 and press Enter

The following dialog will be presented:

Enter the physical disk number to fix (0-99, -1 to cancel):

Enter 0 (zero) and press Enter

The following dialog will be presented:

Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive:

Enter 5 (for Windows 7) and press Enter

The following dialog will be presented:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:

Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!

And last the following dialog will be presented:

Done! Press ENTER to exit..
.

Press Enter. A report will be produced on the desktop. Post that report in your next reply.

------------------------------------------------------

In your next reply, please include:

  • Attached mbr-dump.zip file
  • MBR check log

How is your computer running now?

Link to post
Share on other sites

D-Fred,

Thanks again for the help. I'm still not able to zip the .DAT file, it only gives me the option to send to CD/DVD drive so I've attached the file. Not sure if you wanted both MBR check files so I've attached them anyway.

First MBR check:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: MXC062

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 179):

0x82E3B000 \SystemRoot\system32\ntkrnlpa.exe

0x82E04000 \SystemRoot\system32\halmacpi.dll

0x80BA9000 \SystemRoot\system32\kdcom.dll

0x83434000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x834AC000 \SystemRoot\system32\PSHED.dll

0x834BD000 \SystemRoot\system32\BOOTVID.dll

0x834C5000 \SystemRoot\system32\CLFS.SYS

0x83507000 \SystemRoot\system32\CI.dll

0x8361D000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8368E000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8369C000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x836E4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x836ED000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x836F5000 \SystemRoot\system32\DRIVERS\pci.sys

0x8371F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x8372A000 \SystemRoot\System32\drivers\partmgr.sys

0x8373B000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x83743000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x8374E000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x8375E000 \SystemRoot\System32\drivers\volmgrx.sys

0x837A9000 \SystemRoot\system32\DRIVERS\intelide.sys

0x837B0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x837BE000 \SystemRoot\System32\drivers\mountmgr.sys

0x837D4000 \SystemRoot\system32\DRIVERS\atapi.sys

0x837DD000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x83600000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x835B2000 \SystemRoot\system32\drivers\fltmgr.sys

0x83609000 \SystemRoot\system32\drivers\fileinfo.sys

0x835E6000 \SystemRoot\System32\Drivers\DRVMCDB.SYS

0x83400000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8BC2F000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8BD5E000 \SystemRoot\System32\Drivers\msrpc.sys

0x8BD89000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8BD9C000 \SystemRoot\System32\Drivers\cng.sys

0x8BC00000 \SystemRoot\System32\drivers\pcw.sys

0x8BC0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8BE27000 \SystemRoot\system32\drivers\ndis.sys

0x8BEDE000 \SystemRoot\system32\drivers\NETIO.SYS

0x8BF1C000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8C02C000 \SystemRoot\System32\drivers\tcpip.sys

0x8C175000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8C1A6000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x8C1AF000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8C1EE000 \SystemRoot\System32\Drivers\spldr.sys

0x8BF41000 \SystemRoot\System32\drivers\rdyboost.sys

0x8C000000 \SystemRoot\System32\Drivers\mup.sys

0x8C010000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8BF6E000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8C018000 \SystemRoot\system32\DRIVERS\disk.sys

0x8BFA0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x8BE00000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8BE1F000 \??\C:\Windows\system32\SAVRKBootTasks.sys

0x8C029000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0x8BFEE000 \SystemRoot\System32\Drivers\Null.SYS

0x8BFF5000 \SystemRoot\System32\Drivers\Beep.SYS

0x8BC17000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0x8BC1D000 \SystemRoot\System32\drivers\vga.sys

0x83409000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x93001000 \SystemRoot\System32\drivers\watchdog.sys

0x9300E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x93016000 \SystemRoot\system32\drivers\rdpencdd.sys

0x9301E000 \SystemRoot\system32\drivers\rdprefmp.sys

0x93026000 \SystemRoot\System32\Drivers\Msfs.SYS

0x93031000 \SystemRoot\System32\Drivers\Npfs.SYS

0x9303F000 \SystemRoot\system32\DRIVERS\tdx.sys

0x93056000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x93061000 \SystemRoot\System32\DRIVERS\netbt.sys

0x93093000 \SystemRoot\system32\drivers\afd.sys

0x930ED000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x930F4000 \SystemRoot\system32\DRIVERS\pacer.sys

0x93113000 \SystemRoot\system32\DRIVERS\netbios.sys

0x93121000 \SystemRoot\System32\Drivers\tosrfcom.sys

0x93131000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x93144000 \SystemRoot\System32\drivers\truecrypt.sys

0x93179000 \SystemRoot\system32\DRIVERS\termdd.sys

0x93189000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

0x931AB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

0x931B1000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x931F2000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8342A000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x92E1F000 \SystemRoot\System32\drivers\discache.sys

0x92E2B000 \SystemRoot\system32\drivers\csc.sys

0x92E8F000 \SystemRoot\System32\Drivers\dfsc.sys

0x92EA7000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x92EB5000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x92ED6000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x92EE8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x92EF1000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x9342E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x93937000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x92EF5000 \SystemRoot\System32\drivers\dxgmms1.sys

0x93400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x93C31000 \SystemRoot\system32\DRIVERS\netw5v32.sys

0x94044000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x9404F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x9409A000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x940A9000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

0x940BA000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x940E6000 \SystemRoot\system32\DRIVERS\sdbus.sys

0x940FF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys

0x9410D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

0x94121000 \SystemRoot\system32\DRIVERS\rixdptsk.sys

0x94172000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x9418A000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x941B5000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x941B7000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x941C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x941D1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x941D7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x941ED000 \SystemRoot\system32\drivers\vad.sys

0x93C00000 \SystemRoot\system32\drivers\portcls.sys

0x92F2E000 \SystemRoot\system32\drivers\drmk.sys

0x92F47000 \SystemRoot\system32\drivers\ks.sys

0x939EE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x92F7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x941F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x92F93000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x92FB5000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x92FCD000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x92FE4000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x9341F000 \SystemRoot\system32\DRIVERS\connctfy.sys

0x941FC000 \SystemRoot\system32\DRIVERS\pnetmdm.sys

0x92E00000 \SystemRoot\system32\drivers\modem.sys

0x92E0D000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x93C2F000 \SystemRoot\system32\DRIVERS\swenum.sys

0x9463C000 \SystemRoot\system32\DRIVERS\umbus.sys

0x9464A000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x9468E000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x946A8000 \SystemRoot\system32\drivers\stwrt.sys

0x9474B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys

0x94400000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys

0x94503000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys

0x945B7000 \SystemRoot\system32\DRIVERS\tosporte.sys

0x945C2000 \SystemRoot\System32\Drivers\crashdmp.sys

0x945CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x945DA000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x945E3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x95D90000 \SystemRoot\System32\win32k.sys

0x945F4000 \SystemRoot\System32\drivers\Dxapi.sys

0x95FF0000 \SystemRoot\System32\TSDDD.dll

0x95C20000 \SystemRoot\System32\cdd.dll

0x95C40000 \SystemRoot\System32\ATMFD.DLL

0x94793000 \SystemRoot\system32\drivers\luafv.sys

0x947AE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0x945FE000 \SystemRoot\System32\DLA\DLADResM.SYS

0x947B9000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0x947D1000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0x947D6000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0x947D8000 \SystemRoot\system32\drivers\WudfPf.sys

0x947F2000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0x947F9000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0x94600000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0x94616000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0x8BFC5000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x97C01000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x97C47000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x97C57000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x97C6A000 \SystemRoot\system32\drivers\HTTP.sys

0x97CEF000 \SystemRoot\system32\DRIVERS\bowser.sys

0x97D08000 \SystemRoot\System32\drivers\mpsdrv.sys

0x97D1A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x97D3D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x97D78000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x97DAB000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys

0x97DAD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xAF215000 \SystemRoot\system32\drivers\peauth.sys

0xAF2AC000 \SystemRoot\System32\Drivers\secdrv.SYS

0xAF2B6000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xAF2D7000 \SystemRoot\System32\drivers\tcpipreg.sys

0xAF2E4000 \SystemRoot\system32\DRIVERS\xaudio.sys

0xAF2EC000 \SystemRoot\System32\DRIVERS\srv2.sys

0xAF33B000 \SystemRoot\System32\DRIVERS\srv.sys

0xAF38D000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys

0xAF392000 \SystemRoot\System32\Drivers\fastfat.SYS

0xBF0A5000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0xBF0C4000 \SystemRoot\system32\DRIVERS\monitor.sys

0x77590000 \Windows\System32\ntdll.dll

0x47B00000 \Windows\System32\smss.exe

0x777D0000 \Windows\System32\apisetschema.dll

Processes (total 52):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

436 csrss.exe

488 C:\Windows\System32\wininit.exe

500 csrss.exe

552 C:\Windows\System32\services.exe

576 C:\Windows\System32\winlogon.exe

588 C:\Windows\System32\lsass.exe

596 C:\Windows\System32\lsm.exe

712 C:\Windows\System32\svchost.exe

816 C:\Windows\System32\svchost.exe

892 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\svchost.exe

980 C:\Windows\System32\svchost.exe

1092 C:\Windows\System32\svchost.exe

1260 C:\Windows\System32\svchost.exe

1484 C:\Windows\System32\spoolsv.exe

1524 C:\Windows\System32\svchost.exe

1616 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1636 C:\Program Files\Bonjour\mDNSResponder.exe

1700 C:\Program Files\Connectify\Connectifyd.exe

1888 C:\Windows\System32\svchost.exe

1912 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

1964 C:\Windows\System32\taskhost.exe

376 C:\Windows\System32\dwm.exe

484 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

1740 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

2112 C:\Program Files\Dell Support Center\bin\sprtsvc.exe

2144 C:\Windows\System32\stacsv.exe

2280 C:\Windows\System32\svchost.exe

2360 C:\Windows\System32\drivers\XAudio.exe

2428 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

3796 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3816 C:\Windows\sttray.exe

3828 C:\Windows\System32\hkcmd.exe

3840 C:\Windows\System32\igfxpers.exe

3852 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

3868 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe

3896 C:\Program Files\PdaNet for Android\PdaNetPC.exe

3944 C:\Windows\System32\igfxsrvc.exe

2872 C:\Windows\System32\SearchIndexer.exe

3836 C:\Windows\System32\svchost.exe

4508 C:\Windows\System32\wuauclt.exe

2844 C:\Windows\explorer.exe

3340 C:\Users\Deb\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe

5960 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

4208 C:\Program Files\Internet Explorer\iexplore.exe

3588 C:\Program Files\Internet Explorer\iexplore.exe

3620 C:\Users\Deb\Desktop\MBRCheck.exe

4308 C:\Windows\System32\conhost.exe

3548 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC74P

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...

Enter filename to dump to: mbr-dump.datDumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

Second MBR check:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 32-bit

Base Board Manufacturer: Dell Inc.

BIOS Manufacturer: Dell Inc.

System Manufacturer: Dell Inc.

System Product Name: MXC062

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 179):

0x82E3B000 \SystemRoot\system32\ntkrnlpa.exe

0x82E04000 \SystemRoot\system32\halmacpi.dll

0x80BA9000 \SystemRoot\system32\kdcom.dll

0x83434000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x834AC000 \SystemRoot\system32\PSHED.dll

0x834BD000 \SystemRoot\system32\BOOTVID.dll

0x834C5000 \SystemRoot\system32\CLFS.SYS

0x83507000 \SystemRoot\system32\CI.dll

0x8361D000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8368E000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8369C000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x836E4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x836ED000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x836F5000 \SystemRoot\system32\DRIVERS\pci.sys

0x8371F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x8372A000 \SystemRoot\System32\drivers\partmgr.sys

0x8373B000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x83743000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x8374E000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x8375E000 \SystemRoot\System32\drivers\volmgrx.sys

0x837A9000 \SystemRoot\system32\DRIVERS\intelide.sys

0x837B0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x837BE000 \SystemRoot\System32\drivers\mountmgr.sys

0x837D4000 \SystemRoot\system32\DRIVERS\atapi.sys

0x837DD000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x83600000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x835B2000 \SystemRoot\system32\drivers\fltmgr.sys

0x83609000 \SystemRoot\system32\drivers\fileinfo.sys

0x835E6000 \SystemRoot\System32\Drivers\DRVMCDB.SYS

0x83400000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x8BC2F000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8BD5E000 \SystemRoot\System32\Drivers\msrpc.sys

0x8BD89000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8BD9C000 \SystemRoot\System32\Drivers\cng.sys

0x8BC00000 \SystemRoot\System32\drivers\pcw.sys

0x8BC0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8BE27000 \SystemRoot\system32\drivers\ndis.sys

0x8BEDE000 \SystemRoot\system32\drivers\NETIO.SYS

0x8BF1C000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8C02C000 \SystemRoot\System32\drivers\tcpip.sys

0x8C175000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8C1A6000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x8C1AF000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x8C1EE000 \SystemRoot\System32\Drivers\spldr.sys

0x8BF41000 \SystemRoot\System32\drivers\rdyboost.sys

0x8C000000 \SystemRoot\System32\Drivers\mup.sys

0x8C010000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8BF6E000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8C018000 \SystemRoot\system32\DRIVERS\disk.sys

0x8BFA0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x8BE00000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8BE1F000 \??\C:\Windows\system32\SAVRKBootTasks.sys

0x8C029000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0x8BFEE000 \SystemRoot\System32\Drivers\Null.SYS

0x8BFF5000 \SystemRoot\System32\Drivers\Beep.SYS

0x8BC17000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0x8BC1D000 \SystemRoot\System32\drivers\vga.sys

0x83409000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x93001000 \SystemRoot\System32\drivers\watchdog.sys

0x9300E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x93016000 \SystemRoot\system32\drivers\rdpencdd.sys

0x9301E000 \SystemRoot\system32\drivers\rdprefmp.sys

0x93026000 \SystemRoot\System32\Drivers\Msfs.SYS

0x93031000 \SystemRoot\System32\Drivers\Npfs.SYS

0x9303F000 \SystemRoot\system32\DRIVERS\tdx.sys

0x93056000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x93061000 \SystemRoot\System32\DRIVERS\netbt.sys

0x93093000 \SystemRoot\system32\drivers\afd.sys

0x930ED000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x930F4000 \SystemRoot\system32\DRIVERS\pacer.sys

0x93113000 \SystemRoot\system32\DRIVERS\netbios.sys

0x93121000 \SystemRoot\System32\Drivers\tosrfcom.sys

0x93131000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x93144000 \SystemRoot\System32\drivers\truecrypt.sys

0x93179000 \SystemRoot\system32\DRIVERS\termdd.sys

0x93189000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

0x931AB000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

0x931B1000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x931F2000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8342A000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x92E1F000 \SystemRoot\System32\drivers\discache.sys

0x92E2B000 \SystemRoot\system32\drivers\csc.sys

0x92E8F000 \SystemRoot\System32\Drivers\dfsc.sys

0x92EA7000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x92EB5000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x92ED6000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x92EE8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x92EF1000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x9342E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x93937000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x92EF5000 \SystemRoot\System32\drivers\dxgmms1.sys

0x93400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x93C31000 \SystemRoot\system32\DRIVERS\netw5v32.sys

0x94044000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x9404F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x9409A000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x940A9000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

0x940BA000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x940E6000 \SystemRoot\system32\DRIVERS\sdbus.sys

0x940FF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys

0x9410D000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

0x94121000 \SystemRoot\system32\DRIVERS\rixdptsk.sys

0x94172000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x9418A000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x941B5000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x941B7000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x941C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x941D1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x941D7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x941ED000 \SystemRoot\system32\drivers\vad.sys

0x93C00000 \SystemRoot\system32\drivers\portcls.sys

0x92F2E000 \SystemRoot\system32\drivers\drmk.sys

0x92F47000 \SystemRoot\system32\drivers\ks.sys

0x939EE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x92F7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x941F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x92F93000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x92FB5000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x92FCD000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x92FE4000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x9341F000 \SystemRoot\system32\DRIVERS\connctfy.sys

0x941FC000 \SystemRoot\system32\DRIVERS\pnetmdm.sys

0x92E00000 \SystemRoot\system32\drivers\modem.sys

0x92E0D000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x93C2F000 \SystemRoot\system32\DRIVERS\swenum.sys

0x9463C000 \SystemRoot\system32\DRIVERS\umbus.sys

0x9464A000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x9468E000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x946A8000 \SystemRoot\system32\drivers\stwrt.sys

0x9474B000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys

0x94400000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys

0x94503000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys

0x945B7000 \SystemRoot\system32\DRIVERS\tosporte.sys

0x945C2000 \SystemRoot\System32\Drivers\crashdmp.sys

0x945CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x945DA000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x945E3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x95D90000 \SystemRoot\System32\win32k.sys

0x945F4000 \SystemRoot\System32\drivers\Dxapi.sys

0x95FF0000 \SystemRoot\System32\TSDDD.dll

0x95C20000 \SystemRoot\System32\cdd.dll

0x95C40000 \SystemRoot\System32\ATMFD.DLL

0x94793000 \SystemRoot\system32\drivers\luafv.sys

0x947AE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0x945FE000 \SystemRoot\System32\DLA\DLADResM.SYS

0x947B9000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0x947D1000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0x947D6000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0x947D8000 \SystemRoot\system32\drivers\WudfPf.sys

0x947F2000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0x947F9000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0x94600000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0x94616000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0x8BFC5000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x97C01000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x97C47000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x97C57000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x97C6A000 \SystemRoot\system32\drivers\HTTP.sys

0x97CEF000 \SystemRoot\system32\DRIVERS\bowser.sys

0x97D08000 \SystemRoot\System32\drivers\mpsdrv.sys

0x97D1A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x97D3D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x97D78000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x97DAB000 \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys

0x97DAD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xAF215000 \SystemRoot\system32\drivers\peauth.sys

0xAF2AC000 \SystemRoot\System32\Drivers\secdrv.SYS

0xAF2B6000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xAF2D7000 \SystemRoot\System32\drivers\tcpipreg.sys

0xAF2E4000 \SystemRoot\system32\DRIVERS\xaudio.sys

0xAF2EC000 \SystemRoot\System32\DRIVERS\srv2.sys

0xAF33B000 \SystemRoot\System32\DRIVERS\srv.sys

0xAF38D000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys

0xAF392000 \SystemRoot\System32\Drivers\fastfat.SYS

0xBF0A5000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0xBF0C4000 \SystemRoot\system32\DRIVERS\monitor.sys

0x77590000 \Windows\System32\ntdll.dll

0x47B00000 \Windows\System32\smss.exe

0x777D0000 \Windows\System32\apisetschema.dll

Processes (total 52):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

436 csrss.exe

488 C:\Windows\System32\wininit.exe

500 csrss.exe

552 C:\Windows\System32\services.exe

576 C:\Windows\System32\winlogon.exe

588 C:\Windows\System32\lsass.exe

596 C:\Windows\System32\lsm.exe

712 C:\Windows\System32\svchost.exe

816 C:\Windows\System32\svchost.exe

892 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\svchost.exe

980 C:\Windows\System32\svchost.exe

1092 C:\Windows\System32\svchost.exe

1260 C:\Windows\System32\svchost.exe

1484 C:\Windows\System32\spoolsv.exe

1524 C:\Windows\System32\svchost.exe

1616 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1636 C:\Program Files\Bonjour\mDNSResponder.exe

1700 C:\Program Files\Connectify\Connectifyd.exe

1888 C:\Windows\System32\svchost.exe

1912 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

1964 C:\Windows\System32\taskhost.exe

376 C:\Windows\System32\dwm.exe

484 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

1740 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

2112 C:\Program Files\Dell Support Center\bin\sprtsvc.exe

2144 C:\Windows\System32\stacsv.exe

2280 C:\Windows\System32\svchost.exe

2360 C:\Windows\System32\drivers\XAudio.exe

2428 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

3796 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3816 C:\Windows\sttray.exe

3828 C:\Windows\System32\hkcmd.exe

3840 C:\Windows\System32\igfxpers.exe

3852 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

3868 C:\Users\Chuck\AppData\Roaming\Dropbox\bin\Dropbox.exe

3896 C:\Program Files\PdaNet for Android\PdaNetPC.exe

3944 C:\Windows\System32\igfxsrvc.exe

2872 C:\Windows\System32\SearchIndexer.exe

3836 C:\Windows\System32\svchost.exe

4508 C:\Windows\System32\wuauclt.exe

2844 C:\Windows\explorer.exe

3340 C:\Users\Deb\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe

5960 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

4208 C:\Program Files\Internet Explorer\iexplore.exe

3588 C:\Program Files\Internet Explorer\iexplore.exe

4092 C:\Users\Deb\Desktop\MBRCheck.exe

5688 C:\Windows\System32\conhost.exe

4100 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`83700000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC74P

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:

[ 0] Default (Windows 7)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 5

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

I am still getting redirected on searches. I'm thinking maybe a good swift kick to the hard drive might cure it.... :angry:

THanks.

Link to post
Share on other sites

Let's try this ;):

Please do the following:

  • Download GMER from here. Save it to your Desktop. Take note of the filename, as it is a randomly named .exe file.
  • Disconnect from the Internet and close all running programs while scan is running.
  • Make sure all antivirus and other real-time security programs are disabled. See here for directions.
  • Double-click on the downloaded file to start the program. (If running Vista or Win 7, right click on it and Run as an Administrator)
  • If possible rootkit activity is found, you will be asked if you would like to perform a full scan.-->Click on NO, then use the following settings for a more complete scan:
    gmer_screen2-1.gif
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*]Click the Scan button to begin. (Please be patient: this can take some time.[*]When the scan is finished, click Save and type in gmer.txt and save to Desktop and copy/paste the contents in your next reply.

Note!: These types of scans can produce false positives. Do not take any action until a trained helper has seen the log.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.