Inactive Firefox search toolbar redirects

Status
Not open for further replies.
B

bbmerc

I tried to do a search this morning with firefox using the top right search toolbar and I have it default set to google. It goes to search.fast-find.net. It looks like it affected Internet Explorer also but I don't use IE. I use Windows 7 Ultimate x64.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4964

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

10/27/2010 9:34:13 AM
mbam-log-2010-10-27 (09-34-13).txt

Scan type: Quick scan
Objects scanned: 159903
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{o2mbp58k-v5sq-81b8-28b5-7r2bk054xpn7} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Backdoor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Backdoor) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-27 10:00:17
Windows 6.1.7600
Running: ww75yi6z.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\BTHPORT
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\HidBth
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\BTHPORT (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\HidBth (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by Brian at 9:49:02.64 on Wed 10/27/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.5691 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orblauncher.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\OrbjetManager.exe
C:\Windows\system32\conhost.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Brian\Desktop\ww75yi6z.exe
C:\Windows\system32\taskeng.exe
C:\Users\Brian\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uStart Page = hxxp://www.google.com/
uSearch Bar =
uInternet Settings,ProxyOverride = <local>
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Search Toolbar: {0c8413c1-fad1-446c-8584-be50576f863e} - C:\Program Files (x86)\Search Toolbar\tbcore3.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
uRun: [doubleTwist] C:\Program Files (x86)\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartupDelayer] "C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\yalojswm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=%s
FF - component: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\yalojswm.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Brian\Program Files (x86)\DNA\plugins\npbtdna.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {A4F8A970-13D9-4CF5-ABD3-78DD85E7BEBE} - C:\Users\Brian\AppData\Local\{A4F8A970-13D9-4CF5-ABD3-78DD85E7BEBE}\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/22 05:14:48];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-4-22 146928]
R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-18 814344]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2009-8-28 71040]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-25 203264]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe [2010-4-29 85088]
R2 hasplms;Sentinel HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-4-22 192512]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2010-3-9 14952]
R2 MotoHelper.exe;Motorola Helper;C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe [2010-9-14 6656]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-3 202048]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-14 1153368]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-25 7767040]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-25 279040]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2010-8-29 21072]
R3 Lycosa;Lycosa Keyboard;C:\Windows\System32\drivers\Lycosa.sys [2010-4-18 18816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-16 135664]
S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
S3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2010-4-24 47672]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2008-12-7 35848]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-3-24 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-6-26 1038088]
S3 jgiert;{88617122-DF7E-44C8-87F4-94E73C0972A0};C:\Program Files (x86)\ophcrack\pwdump\servpw.exe --> C:\Program Files (x86)\ophcrack\pwdump\servpw.exe [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2010-6-18 20992]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [2010-6-18 30208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SureThing Labelflash service;SureThing Labelflash service;C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-8-2 74392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-21 1255736]

=============== Created Last 30 ================

2010-10-27 13:36:43 -------- d-----w- C:\Users\Brian\AppData\Roaming\SUPERAntiSpyware.com
2010-10-27 13:36:43 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-10-27 13:36:38 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-10-27 13:36:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-10-27 13:22:52 -------- d-----w- C:\Users\Brian\AppData\Roaming\Malwarebytes
2010-10-27 13:21:52 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-27 13:21:51 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-10-27 13:21:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-27 13:21:51 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-10-27 12:49:43 0 ----a-w- C:\Users\Brian\AppData\Local\Xgosakiwi.bin
2010-10-27 12:49:42 -------- d-----w- C:\Users\Brian\AppData\Local\{A4F8A970-13D9-4CF5-ABD3-78DD85E7BEBE}
2010-10-27 12:49:34 0 ----a-w- C:\Windows\SysWow64\lsp986D.tmp
2010-10-27 12:48:16 0 ----a-w- C:\Windows\SysWow64\lsp6952.tmp
2010-10-27 12:48:10 -------- d-----w- C:\PROGRA~3\Update
2010-10-26 21:27:06 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{E18D149C-5258-42C0-933D-9480F4758666}\mpengine.dll
2010-10-26 21:26:44 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-26 21:26:44 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-26 21:26:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-26 21:26:43 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-26 21:26:43 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-26 21:26:43 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-26 21:26:43 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-26 21:26:33 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-20 13:59:53 -------- d-----w- C:\extensions
2010-10-19 06:05:03 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-10-18 02:18:16 -------- d-----w- C:\Program Files (x86)\Ultra Fractal 5
2010-10-14 06:27:05 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-14 06:27:05 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-14 06:27:05 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-14 06:27:04 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-10-14 06:27:03 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-14 06:27:03 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-12 13:36:28 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6
2010-10-11 14:44:27 -------- d-----w- C:\Program Files (x86)\Defense Grid - Gold
2010-10-10 17:27:57 -------- d-----w- C:\Program Files (x86)\Defense Grid - The Awakening
2010-10-10 04:03:22 -------- d-----w- C:\Program Files (x86)\Active Data Recovery Software
2010-10-08 21:28:23 -------- d-----w- C:\Program Files\HHD Software
2010-10-05 22:57:05 -------- d-----w- C:\Program Files\DivX
2010-10-05 22:56:49 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2010-10-05 22:56:14 -------- d-----w- C:\Program Files (x86)\DivX
2010-10-05 22:55:53 -------- d-----w- C:\PROGRA~3\DivX
2010-09-30 12:15:53 -------- d-----w- C:\Users\Brian\AppData\Roaming\Skip-Bo
2010-09-29 23:15:05 -------- d-----w- C:\Users\Brian\AppData\Roaming\svhost
2010-09-29 11:44:37 -------- d-----w- C:\Windows\SysWow64\svhost
2010-09-29 11:39:31 -------- d-----w- C:\Windows\skins
2010-09-29 08:00:20 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 08:00:20 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-09-29 00:46:43 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 00:46:43 2048 ----a-w- C:\Windows\System32\tzres.dll

==================== Find3M ====================

2010-10-21 19:31:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-25 20:32:54 163153 ----a-w- C:\Windows\Audio Converter Pro Uninstaller.exe
2010-09-24 15:32:36 266240 ----a-w- C:\Windows\crack.exe
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-01 05:46:36 1355264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2010-09-01 05:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-01 05:44:30 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-01 05:44:24 1122304 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-01 05:44:06 424960 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-09-01 05:43:22 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-01 05:43:12 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-01 05:43:12 114176 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-01 05:43:10 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2010-09-01 05:43:10 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2010-09-01 05:43:02 448512 ----a-w- C:\Windows\System32\html.iec
2010-09-01 05:41:56 601088 ----a-w- C:\Windows\System32\vbscript.dll
2010-09-01 05:40:56 76800 ----a-w- C:\Windows\System32\tdc.ocx
2010-09-01 05:40:40 215552 ----a-w- C:\Windows\System32\msls31.dll
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-29 23:11:08 21072 ----a-w- C:\Windows\System32\drivers\easytthr.sys
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 03:37:26 7767040 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-08-26 02:14:12 20736000 ----a-w- C:\Windows\System32\atio6axx.dll
2010-08-26 02:01:14 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-08-26 02:01:04 528384 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-08-26 02:00:02 616960 ----a-w- C:\Windows\System32\aticfx64.dll
2010-08-26 01:57:58 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-08-26 01:57:50 462336 ----a-w- C:\Windows\System32\atieclxx.exe
2010-08-26 01:57:14 203264 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-08-26 01:56:06 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-08-26 01:55:50 421376 ----a-w- C:\Windows\System32\atipdl64.dll
2010-08-26 01:55:48 15830016 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-08-26 01:55:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-08-26 01:55:32 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-08-26 01:55:28 12288 ----a-w- C:\Windows\System32\atimuixx.dll
2010-08-26 01:55:22 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-08-26 01:55:18 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-08-26 01:52:22 3914240 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-08-26 01:43:28 4602880 ----a-w- C:\Windows\System32\atidxx64.dll
2010-08-26 01:34:38 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-08-26 01:34:36 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-08-26 01:34:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-08-26 01:34:26 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-08-26 01:34:16 5425664 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-08-26 01:33:52 4032512 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-08-26 01:33:08 4375552 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-08-26 01:33:02 3147264 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-08-26 01:27:58 57344 ----a-w- C:\Windows\System32\coinst.dll
2010-08-26 01:27:54 5202944 ----a-w- C:\Windows\System32\atiumd64.dll
2010-08-26 01:25:58 3392000 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-08-26 01:21:24 338432 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-08-26 01:21:18 241664 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-08-26 01:21:08 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-08-26 01:21:06 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-08-26 01:21:06 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-08-26 01:21:02 21504 ----a-w- C:\Windows\System32\atig6txx.dll
2010-08-26 01:21:00 19968 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-08-26 01:20:56 279040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-08-26 01:20:14 39424 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-08-26 01:20:08 30208 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-08-26 01:20:04 37376 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-08-26 01:19:56 28160 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-08-26 01:19:28 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-08-26 01:13:22 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-08-26 01:13:22 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-08-26 01:13:16 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-08-26 01:13:16 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-16 06:50:45 1137664 ----a-w- C:\Windows\System32\FntCache.dll
2010-08-16 06:50:43 1543168 ----a-w- C:\Windows\System32\DWrite.dll
2010-08-16 06:50:42 899072 ----a-w- C:\Windows\System32\d2d1.dll
2010-08-16 06:50:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-08-16 06:50:42 1844224 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-08-16 06:14:36 1076224 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-08-16 06:14:24 737280 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-08-16 06:14:24 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-08-16 06:14:24 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-08-10 10:15:58 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-08-10 10:15:58 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-08-07 12:18:24 3265024 ----a-w- C:\Windows\es.scr
2010-08-07 12:18:24 3265024 ----a-w- C:\Windows\es.exe

============= FINISH: 9:49:28.87 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/21/2010 8:01:44 PM
System Uptime: 10/27/2010 9:05:03 AM (0 hours ago)

Motherboard: PEGATRON CORPORATION | | VIOLET3
Processor: AMD Phenom(tm) II X4 910 Processor | CPU 1 | 2600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 895 GiB total, 346.758 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.976 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 22 GiB total, 22.387 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable

==== Disabled Device Manager Items =============

Class GUID: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Description: LSI 1394 OHCI Compliant Host Controller
Device ID: PCI\VEN_11C1&DEV_5811&SUBSYS_2A93103C&REV_70\4&FF6DA97&0&2840
Manufacturer: LSI
Name: LSI 1394 OHCI Compliant Host Controller
PNP Device ID: PCI\VEN_11C1&DEV_5811&SUBSYS_2A93103C&REV_70\4&FF6DA97&0&2840
Service: 1394ohci

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_1000168C&REV_01\4&316BCBEC&0&0098
Manufacturer: Atheros Communications Inc.
Name: Atheros 802.11 a/b/g/n Dualband Wireless Network Module
PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_1000168C&REV_01\4&316BCBEC&0&0098
Service: athr

==== System Restore Points ===================

RP203: 9/26/2010 3:00:10 AM - Windows Update
RP204: 9/26/2010 9:42:49 AM - Installed DirectX
RP205: 9/26/2010 9:43:30 AM - Installed DirectX
RP206: 9/26/2010 10:12:02 AM - Installed DirectX
RP207: 9/26/2010 12:38:09 PM - Installed DirectX
RP208: 9/27/2010 3:01:29 AM - Windows Update
RP209: 9/28/2010 1:50:10 AM - Windows Update
RP210: 9/28/2010 3:00:10 AM - Windows Update
RP211: 9/29/2010 3:00:11 AM - Windows Update
RP212: 9/29/2010 6:38:10 AM - Windows Update
RP213: 9/30/2010 3:00:27 AM - Windows Update
RP214: 10/1/2010 6:07:14 AM - Windows Update
RP215: 10/2/2010 12:33:36 AM - Windows Update
RP216: 10/5/2010 3:31:38 AM - Windows Update
RP217: 10/6/2010 3:00:11 AM - Windows Update
RP218: 10/8/2010 8:03:07 AM - Windows Update
RP219: 10/8/2010 4:28:13 PM - Installed HHD Software Free Hex Editor Neo 4.95
RP220: 10/11/2010 2:30:31 PM - Windows Update
RP221: 10/14/2010 1:23:17 AM - Windows Update
RP222: 10/14/2010 3:00:11 AM - Windows Update
RP223: 10/15/2010 2:32:47 AM - Windows Update
RP224: 10/19/2010 1:04:12 AM - Installed Java(TM) 6 Update 22 (64-bit)
RP225: 10/19/2010 4:26:10 AM - Windows Update
RP226: 10/19/2010 8:04:10 AM - Removed Java(TM) 6 Update 21
RP227: 10/19/2010 8:05:02 AM - Removed Java(TM) 6 Update 22 (64-bit)
RP228: 10/19/2010 8:18:57 AM - Installed Opera 10.63.
RP229: 10/19/2010 8:23:14 AM - Installed Moto Helper Service
RP230: 10/21/2010 2:30:35 PM - Installed Java(TM) 6 Update 22
RP231: 10/22/2010 10:56:14 AM - Windows Update
RP232: 10/26/2010 4:26:34 PM - Windows Update
RP233: 10/27/2010 3:00:11 AM - Windows Update
RP234: 10/27/2010 5:24:21 AM - Windows Update

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 2 (SP2)
ABBYY FineReader 10 Corporate Edition
Active@ Password Changer
ActiveCheck component for HP Active Support Library
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
Aquarium Desktop
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft VideoImpression 2
ArcSoft WebCam Companion 2
Battle of the Immortals client
Bejeweled Blitz
BitTorrent
BlackBerry Device Software Updater
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CCScore
Class_50_Content_Update
Connect
Copy
CopyTrans Suite Remove Only
CyberLink DVD Suite Deluxe
DAEMON Tools Toolbar
Daniusoft Media Converter Pro(Build 2.4.1.1)
DeepSoftware HID Plugin for Winamp Player v1.5.3.4
Definition update for Microsoft Office 2010 (KB982726)
Destination Component
Destinations
DeviceDiscovery
DeviceManagementQFolder
DirectX for Managed Code Update (Summer 2004)
DiskAid 4.1
DivX Setup
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DNA
DocProc
DocProcQFolder
doubleTwist
Dragon Age: Origins
Dream Aquarium 1.234
Electric Sheep 2.7b28
Electricsheep Screensaver 2.7b23
erLT
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
eSupportQFolder
F4200
F4200_Help
Fallout 3
Feedback Tool
ffdshow [rev 2527] [2008-12-19]
fflink
Garmin Communicator Plugin
Garmin USB Drivers
Garmin VoiceStudio v2.10
Garmin WebUpdater
Google Earth
Google Update Helper
GPBaseService
GPBaseService2
HP Active Support Library
HP Button Manager
HP Customer Experience Enhancements
HP Easy Backup
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Product Detection
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HP Webcam User's Guide
HPAsset component for HP Active Support Library
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iPhoneBrowser
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 22
Karen's Window Watcher
Kodak EasyShare software
kuler
LabelPrint
LightScribe System Software
LimeWire 5.5.8
Logitech SetPoint
Louisiana Topo Map
Mad Caps
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Train Simulator
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MicrosoftTinker
MMOUI Minion Installer
Monkey Island 2 LeChucks Revenge Special Edition
Morphyre
Moto Helper Service
MotoHelper 2.0.23 Driver 4.7.1
MotoHelper MergeModules
MOTOROLA MEDIA LINK
Mototools Software Update
Mozilla Firefox (3.6.11)
MSTS Patch 1.8.0521 EN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Nokia Connectivity Cable Driver
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
ObjectDock Plus
OfotoXMI
OJOsoft Audio Converter
OpenPandora 0.7.0.6
Opera 10.10
Opera 10.63
Orb
Orb Runtime libraries
Pando Media Booster
Paragon Partition Manager 9.0 Professional
PDF Settings CS4
Peggle Deluxe 1.0
Peggle Extreme
Peggle Nights Deluxe 1.0
Photoshop Camera Raw
PictureMover
Plants vs. Zombies
Power2Go
PowerDirector
PowerISO
PSSWCORE
Python 2.6 pywin32-212
Python 2.6.1
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
RM to MP3 Converter 1.32
RSDLite
Scan
SD40-2_Content_Update
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SFR
SHASTA
Sid Mieir's Railroads
skin0001
SKINXSDK
SKIP-BO Castaway Caper(TM)
Skype™ 4.2
SmartWebPrinting
SmartWebPrintingOC
SolutionCenter
Spybot - Search & Destroy
Startup Delayer v2.5 (build 138)
staticcr
Status
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Suite Shared Configuration CS4
Super Collapse! 3
SureThing CD Labeler Deluxe 5
System Requirements Lab
The Lord of the Rings Online™ v03.02.03.8013
TightVNC 1.3.10
Toolbox
Toy Story 3
TrayApp
Trillian
Ultra Fractal 5.02 Animation Edition
Uninstall Expert 3.0.1.2121
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
VAIO Gate
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
VLC media player 1.1.4
VPRINTOL
Vuze
WebReg
Win7 Taskbar v1.13
Winamp
Windows 7 Upgrade Advisor
WinZip 12.1
WIRELESS
Wise Registry Cleaner Professional V5.61
World of Warcraft
World of Warcraft Beta
XQDC X-Setup Pro 9.2.100
Xvid 1.2.2 final uninstall
Zuma Deluxe

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


I don't see any AV program installed.
Please, download and run ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
After installation, run full scan.
Report on any findings.

====================================================================

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
Virus scan is going to take awhile so I posted this right now.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: NP194AA-ABA e9120f
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 212):
0x0345F000 \SystemRoot\system32\ntoskrnl.exe
0x03416000 \SystemRoot\system32\hal.dll
0x00BA5000 \SystemRoot\system32\kdcom.dll
0x00C4A000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C57000 \SystemRoot\system32\PSHED.dll
0x00C6B000 \SystemRoot\system32\CLFS.SYS
0x00CC9000 \SystemRoot\system32\CI.dll
0x00E41000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EF4000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F4B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F54000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F5E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F6B000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F9E000 \SystemRoot\System32\drivers\partmgr.sys
0x0114D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0117C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01191000 \SystemRoot\System32\drivers\volmgrx.sys
0x01272000 \SystemRoot\system32\DRIVERS\nvrd64.sys
0x012EA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0131A000 \SystemRoot\SysWOW64\drivers\hotcore3.sys
0x01326000 \SystemRoot\System32\drivers\mountmgr.sys
0x01340000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x01369000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x01200000 \SystemRoot\system32\DRIVERS\storport.sys
0x01262000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x013A7000 \SystemRoot\system32\drivers\fltmgr.sys
0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
0x01448000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00D89000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01691000 \SystemRoot\System32\Drivers\cng.sys
0x01704000 \SystemRoot\System32\drivers\pcw.sys
0x01715000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01818000 \SystemRoot\system32\drivers\ndis.sys
0x0190A000 \SystemRoot\system32\drivers\NETIO.SYS
0x0196A000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A02000 \SystemRoot\System32\drivers\tcpip.sys
0x01995000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x019DF000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0171F000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x019EF000 \SystemRoot\System32\Drivers\spldr.sys
0x0176B000 \SystemRoot\System32\drivers\rdyboost.sys
0x01800000 \SystemRoot\System32\Drivers\mup.sys
0x019F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x017A5000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017DF000 \SystemRoot\system32\DRIVERS\disk.sys
0x0141A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01669000 \SystemRoot\System32\Drivers\Null.SYS
0x01672000 \SystemRoot\System32\Drivers\Beep.SYS
0x01679000 \SystemRoot\System32\drivers\vga.sys
0x01014000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EB000 \SystemRoot\System32\drivers\watchdog.sys
0x01687000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x013F3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01039000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01044000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01055000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01073000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01080000 \SystemRoot\system32\drivers\afd.sys
0x00FB3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0110A000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x01115000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0111E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x00E00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x011ED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x00E16000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x00DE7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x00C00000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x00E31000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x00C1A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x02E32000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E83000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E8F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E9A000 \SystemRoot\System32\drivers\discache.sys
0x02EA9000 \SystemRoot\system32\drivers\csc.sys
0x02F2C000 \SystemRoot\System32\Drivers\dfsc.sys
0x02F4A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02F5B000 \SystemRoot\system32\DRIVERS\easytthr.sys
0x02F64000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02F8A000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x02F9F000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x02FAA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04002000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04058000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04069000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0408D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0409A000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x040EC000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A43000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0428C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04380000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043C6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x043CF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04200000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x0423B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04251000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04275000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04A00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x043DF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04136000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04157000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04281000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04A2F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04171000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04180000 \SystemRoot\system32\DRIVERS\ks.sys
0x041C3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0529E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x052F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05814000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0530D000 \SystemRoot\system32\drivers\portcls.sys
0x0534A000 \SystemRoot\system32\drivers\drmk.sys
0x059F5000 \SystemRoot\system32\drivers\ksthunk.sys
0x0536C000 \SystemRoot\system32\drivers\HdAudio.sys
0x053C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x059FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05800000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x053E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05200000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05209000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x0521C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05229000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x0523D000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x0524E000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x0525A000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x0526A000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x0580E000 \SystemRoot\system32\drivers\Lycosa.sys
0x02FB5000 \SystemRoot\System32\Drivers\usbvideo.sys
0x041D5000 \SystemRoot\system32\drivers\usbaudio.sys
0x02FE3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05292000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x041F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02E00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02E0E000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x01600000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x02E18000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x0163E000 \SystemRoot\System32\drivers\Dxapi.sys
0x0164A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00400000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x00860000 \SystemRoot\System32\ATMFD.DLL
0x00C24000 \SystemRoot\system32\drivers\luafv.sys
0x02C1B000 \SystemRoot\system32\drivers\WudfPf.sys
0x02C3C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02C51000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02CA4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02CB7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02CCF000 \SystemRoot\system32\drivers\HTTP.sys
0x02D97000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02DB5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02DCD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05C3D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05C8B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05CAE000 \SystemRoot\System32\Drivers\adfs.SYS
0x05CC6000 \??\C:\Windows\system32\drivers\aksdf.sys
0x05CD8000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05D0E000 \??\C:\Windows\system32\drivers\aksfridge.sys
0x05D2E000 \??\C:\Windows\system32\drivers\hardlock.sys
0x05D7C000 \??\C:\Windows\system32\drivers\iPodDrv.sys
0x06ECD000 \SystemRoot\system32\drivers\peauth.sys
0x06F73000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06F7E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06FAB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06FBD000 \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x06E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0740F000 \SystemRoot\System32\DRIVERS\srv.sys
0x07516000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07521000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0753E000 \SystemRoot\system32\DRIVERS\udfs.sys
0x77BF0000 \Windows\System32\ntdll.dll
0x47820000 \Windows\System32\smss.exe
0xFFF10000 \Windows\System32\apisetschema.dll
0xFFAE0000 \Windows\System32\autochk.exe
0xFFE90000 \Windows\System32\gdi32.dll
0x77A90000 \Windows\System32\wininet.dll
0xFFD80000 \Windows\System32\msctf.dll
0xFFD70000 \Windows\System32\lpk.dll
0xFFCD0000 \Windows\System32\msvcrt.dll
0xFEF40000 \Windows\System32\shell32.dll
0xFEE60000 \Windows\System32\oleaut32.dll
0xFEDE0000 \Windows\System32\shlwapi.dll
0x77950000 \Windows\System32\urlmon.dll
0x77830000 \Windows\System32\kernel32.dll
0xFED10000 \Windows\System32\usp10.dll
0xFEC30000 \Windows\System32\advapi32.dll
0xFEBB0000 \Windows\System32\difxapi.dll
0xFEB90000 \Windows\System32\sechost.dll
0xFEAF0000 \Windows\System32\comdlg32.dll
0x77730000 \Windows\System32\user32.dll
0xFEAC0000 \Windows\System32\imm32.dll
0x77DC0000 \Windows\System32\normaliz.dll
0x77DB0000 \Windows\System32\psapi.dll
0xFE990000 \Windows\System32\rpcrt4.dll
0x774D0000 \Windows\System32\iertutil.dll
0xFE8F0000 \Windows\System32\clbcatq.dll
0xFE6E0000 \Windows\System32\ole32.dll
0xFE690000 \Windows\System32\Wldap32.dll
0xFE670000 \Windows\System32\imagehlp.dll
0xFE620000 \Windows\System32\ws2_32.dll
0xFE610000 \Windows\System32\nsi.dll
0xFE430000 \Windows\System32\setupapi.dll
0xFE3F0000 \Windows\System32\wintrust.dll
0xFE3B0000 \Windows\System32\xmllite.dll
0xFE240000 \Windows\System32\crypt32.dll
0xFE1A0000 \Windows\System32\comctl32.dll
0xFE180000 \Windows\System32\devobj.dll
0xFE110000 \Windows\System32\KernelBase.dll
0xFE0D0000 \Windows\System32\cfgmgr32.dll
0xFE0C0000 \Windows\System32\msasn1.dll

Processes (total 87):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
528 csrss.exe
588 csrss.exe
596 C:\Windows\System32\wininit.exe
632 C:\Windows\System32\winlogon.exe
692 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\atiesrxx.exe
124 C:\Windows\System32\svchost.exe
420 C:\Windows\System32\svchost.exe
424 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\atieclxx.exe
1440 C:\Windows\System32\spoolsv.exe
1512 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\taskhost.exe
1684 C:\Windows\System32\dwm.exe
1772 C:\Windows\explorer.exe
1780 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1812 C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
1348 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1476 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1924 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2008 C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
2052 C:\Windows\System32\svchost.exe
2092 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2244 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
2344 C:\Windows\System32\nvraidservice.exe
2356 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2548 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2608 C:\Windows\System32\hasplms.exe
2708 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2780 C:\Program Files (x86)\Trillian\trillian.exe
2788 C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
2812 C:\Windows\System32\taskeng.exe
2860 C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe
2932 C:\Windows\SysWOW64\svchost.exe
2996 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3004 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
3036 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3044 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1268 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2364 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2988 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
3080 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
3216 C:\Program Files (x86)\Motorola\Moto Helper Service\MotoHelper.exe
3236 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
3320 C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
3336 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3392 C:\Windows\System32\svchost.exe
3572 C:\Windows\System32\svchost.exe
3612 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
3660 C:\Windows\System32\svchost.exe
3768 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
3860 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
4164 WmiPrvSE.exe
4316 C:\Windows\System32\wbem\unsecapp.exe
4540 C:\Program Files\iPod\bin\iPodService.exe
5104 C:\Program Files\Windows Media Player\wmpnetwk.exe
4532 C:\Windows\System32\svchost.exe
5064 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
972 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
3840 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
3496 C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
2328 C:\Program Files (x86)\Orb Networks\Orb\bin\OrbjetManager.exe
3828 C:\Windows\System32\conhost.exe
1524 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
936 C:\Windows\System32\svchost.exe
2332 C:\Program Files\Logitech\SetPoint\SetPoint.exe
5024 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
6036 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
5796 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
5196 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
1092 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4836 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5960 C:\Program Files (x86)\BitTorrent\bittorrent.exe
2292 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
5968 C:\Program Files (x86)\Opera\opera.exe
5060 C:\Windows\System32\taskeng.exe
1920 C:\Users\Brian\Desktop\MBRCheck.exe
3592 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000e5`62754200 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x000000df`c4055600 (NTFS)

PhysicalDrive0 Model Number: WDC WD10EADS-65L5B1, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back