Inactive Google redirects on Firefox searches, Malwarebytes useless

Status
Not open for further replies.
A

athelander

Posts: 11   +0
Hi guys, hoping for some help here. I picked up some malware on a legit site that I had been to hundreds of times, I later found out it was hacked temporarily and that's how I got infected. I've tried all the usual methods of removing it but I keep getting redirects on Google searches, and anytime I even run a Google search Avast gives me warning messages so I know it's still there. I ran Malwarebytes, GMER, and the DDS script and all the logs are below, however Malwarebytes didn't find anything.

EDIT: Sorry about the split logs:-/

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4597

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/24/2010 5:47:47 PM
mbam-log-2010-09-24 (17-47-47).txt

Scan type: Quick scan
Objects scanned: 147323
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-24 18:36:45
Windows 6.0.6002 Service Pack 2
Running: ryuuxyyz.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\uwlcrpob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA1960BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA19609D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA1960B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 82D6DDF0 7 Bytes JMP A1960B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82DD928F 5 Bytes JMP A195C5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82E32063 5 Bytes JMP A195DFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82E33905 7 Bytes JMP A19609D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82E9390A 7 Bytes JMP A1960BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.rsrc C:\Windows\System32\drivers\volmgrx.sys entry point in ".rsrc" section [0x807A2014]
.text C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl section is writeable [0xB08F5000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in ".vmp2" section [0xB0918050]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtProtectVirtualMemory 77A54D34 5 Bytes JMP 0093000A
.text C:\Windows\system32\svchost.exe[1164] ntdll.dll!NtWriteVirtualMemory 77A55674 5 Bytes JMP 0094000A
.text C:\Windows\system32\svchost.exe[1164] ntdll.dll!KiUserExceptionDispatcher 77A55DC8 5 Bytes JMP 006B000A
.text C:\Windows\system32\svchost.exe[1164] ole32.dll!CoCreateInstance 76199EA6 5 Bytes JMP 00DC000A
.text C:\Windows\system32\svchost.exe[1164] USER32.dll!GetCursorPos 76B90B88 5 Bytes JMP 0146000A
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1772] kernel32.dll!SetUnhandledExceptionFilter 768CA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Windows\Explorer.EXE[3368] ntdll.dll!NtProtectVirtualMemory 77A54D34 5 Bytes JMP 0087000A
.text C:\Windows\Explorer.EXE[3368] ntdll.dll!NtWriteVirtualMemory 77A55674 5 Bytes JMP 0088000A
.text C:\Windows\Explorer.EXE[3368] ntdll.dll!KiUserExceptionDispatcher 77A55DC8 5 Bytes JMP 0086000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00010002
IAT C:\Windows\system32\services.exe[660] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00010000
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7429F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7429E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [742ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7429FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7429FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7432CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7429D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74296853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7429687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3368] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e5aa1c4
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e5aa1c4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247e5aa1c4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00247e5aa1c4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00247e5aa1c4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00247e5aa1c4 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\volmgrx.sys suspicious modification

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-03-17.01) - NTFSx86
Run by Andrew at 18:43:18.73 on Fri 09/24/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1329 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunServices: [936865] c:\users\andrew\appdata\local\936865.exe
mRunServices: [msadrh15msador156.0.6000.16386.0611012205] c:\program files\common files\system\ado\systemmsadox6.0.6002.180052.0904101830.exe
mRunServices: [QuickTimeQuickTimeWebHelper] c:\program files\quicktime\qtsystem\quicktimewebhelper.resources\sv.lproj\quicktimewebhelperquicktime.exe
mRunServices: [SystemInfoFxControlsresources] c:\program files\hewlett-packard\hp system information\fi-fi\resourcessysteminfofxcontrols3.1.9.1.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\tysc4mfk.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\andrew\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\andrew\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\andrew\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/29/2009 12:25:45 PM
System Uptime: 9/24/2010 4:27:48 PM (2 hours ago)

Motherboard: Quanta | | 3627
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 2000/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 222 GiB total, 113.653 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.85 GiB free.
E: is CDROM (UDF)
G: is FIXED (NTFS) - 932 GiB total, 680.44 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================


µTorrent
7-Zip 4.65
AC3Filter (remove only)
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player
ArcSoft PhotoStudio 5.5
ASIO4ALL
Audacity 1.2.6
avast! Free Antivirus
Broadcom 802.11 Wireless LAN Adapter
BufferChm
Camtasia Studio 7
CCleaner (remove only)
CyberLink DVD Suite
D4300
D4300_Help
DeviceDiscovery
DeviceManagementQFolder
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DJ_SF_03_D4300_ProductContext
DJ_SF_03_D4300_Software
DJ_SF_03_D4300_Software_Min
Easy-WebPrint
ESU for Microsoft Vista
Exact Audio Copy 0.99pb3
FL Studio 9
foobar2000 v1.0.2.1
Full Tilt Poker
gen_msn_adv 1.1
GIMP 2.6.8
Hardcore
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart Webcam
HP Quick Launch Buttons 6.40 L1
HP Smart Web Printing
HP User Guides 0126
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
I-Doser v4
IDT Audio
IL Download Manager
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 7
JDownloader
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
MediaMonkey 3.2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Move Media Player
Mozilla Firefox (3.6.9)
Mp3tag v2.45a
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Norton Internet Security
OGA Notifier 2.0.0048.0
PeerGuardian 2.0
PoiZone
PokerStars
PokerStove version 1.23
PokerTracker 3 (remove only)
PostgreSQL 8.3
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
QuickTime
Rainmeter (remove only)
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Sakura
Sawer
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skype Toolbars
Skype™ 4.2
SmartWebPrintingOC
Spectro
Spek
Spelling Dictionaries Support For Adobe Reader 9
Status
Synaptics Pointing Device Driver
Toolbox
Toxic Biohazard
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
WebReg
Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
X-Chat 2.8.6-2
Zune

==== End Of File ===========================
 
Welcome aboard :)

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Thanks for the help Broni:) I ran TDSS Killer and it picked up a rootkit, here's the log. Tried a few google searches and no Avast warnings and no redirects (so far).

2010/09/24 21:50:57.0623 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/24 21:50:57.0623 ================================================================================
2010/09/24 21:50:57.0623 SystemInfo:
2010/09/24 21:50:57.0623
2010/09/24 21:50:57.0623 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/24 21:50:57.0623 Product type: Workstation
2010/09/24 21:50:57.0624 ComputerName: ANDREWPC
2010/09/24 21:50:57.0624 UserName: Andrew
2010/09/24 21:50:57.0624 Windows directory: C:\Windows
2010/09/24 21:50:57.0624 System windows directory: C:\Windows
2010/09/24 21:50:57.0624 Processor architecture: Intel x86
2010/09/24 21:50:57.0624 Number of processors: 2
2010/09/24 21:50:57.0624 Page size: 0x1000
2010/09/24 21:50:57.0624 Boot type: Normal boot
2010/09/24 21:50:57.0624 ================================================================================
2010/09/24 21:50:58.0068 Initialize success
2010/09/24 21:51:05.0094 ================================================================================
2010/09/24 21:51:05.0094 Scan started
2010/09/24 21:51:05.0094 Mode: Manual;
2010/09/24 21:51:05.0094 ================================================================================
2010/09/24 21:51:05.0597 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
2010/09/24 21:51:05.0652 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/24 21:51:05.0750 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/09/24 21:51:05.0847 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/09/24 21:51:05.0935 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/09/24 21:51:05.0957 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/09/24 21:51:06.0126 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/24 21:51:06.0229 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/09/24 21:51:06.0260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/24 21:51:06.0287 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
2010/09/24 21:51:06.0313 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/09/24 21:51:06.0344 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
2010/09/24 21:51:06.0375 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/09/24 21:51:06.0402 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/09/24 21:51:06.0494 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/09/24 21:51:06.0514 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/09/24 21:51:06.0599 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/09/24 21:51:06.0730 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/09/24 21:51:06.0814 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/09/24 21:51:06.0964 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/09/24 21:51:06.0996 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/09/24 21:51:07.0098 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/24 21:51:07.0197 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/24 21:51:07.0412 BCM43XX (b9dce12ea5d337975c444787b66bbfde) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/09/24 21:51:07.0561 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/24 21:51:07.0674 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/09/24 21:51:07.0717 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/24 21:51:08.0007 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/24 21:51:08.0029 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/24 21:51:08.0117 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/24 21:51:08.0142 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/24 21:51:08.0170 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/24 21:51:08.0206 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/24 21:51:08.0304 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/24 21:51:08.0411 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/24 21:51:08.0539 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/24 21:51:08.0603 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/09/24 21:51:08.0700 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/24 21:51:08.0809 btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\Windows\system32\drivers\btwaudio.sys
2010/09/24 21:51:08.0876 btwavdt (97062053359f6908e1fb2791bfa54734) C:\Windows\system32\drivers\btwavdt.sys
2010/09/24 21:51:08.0918 btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/09/24 21:51:08.0952 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/24 21:51:09.0052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/24 21:51:09.0090 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/24 21:51:09.0137 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/24 21:51:09.0257 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/24 21:51:09.0287 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
2010/09/24 21:51:09.0340 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/24 21:51:09.0366 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/09/24 21:51:09.0423 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/09/24 21:51:09.0534 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/24 21:51:09.0684 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/24 21:51:09.0794 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/24 21:51:09.0882 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/24 21:51:10.0021 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/24 21:51:10.0117 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/24 21:51:10.0177 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/09/24 21:51:10.0228 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
2010/09/24 21:51:10.0324 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/09/24 21:51:10.0479 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/24 21:51:10.0556 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/24 21:51:10.0691 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/24 21:51:10.0799 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/24 21:51:10.0822 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/24 21:51:10.0866 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/24 21:51:10.0916 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/24 21:51:10.0994 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/24 21:51:11.0048 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/24 21:51:11.0147 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/24 21:51:11.0213 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/24 21:51:11.0245 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/24 21:51:11.0295 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/24 21:51:11.0387 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/24 21:51:11.0488 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/09/24 21:51:11.0588 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
2010/09/24 21:51:11.0751 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
 
2010/09/24 21:51:11.0867 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/09/24 21:51:11.0902 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/09/24 21:51:11.0982 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/24 21:51:12.0025 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/09/24 21:51:12.0181 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/24 21:51:12.0290 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/24 21:51:12.0341 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
2010/09/24 21:51:12.0432 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
2010/09/24 21:51:12.0462 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/24 21:51:12.0574 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/24 21:51:12.0639 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/24 21:51:12.0670 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/24 21:51:12.0706 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/24 21:51:12.0736 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/09/24 21:51:12.0794 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/24 21:51:12.0823 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/24 21:51:12.0841 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/09/24 21:51:12.0881 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/24 21:51:12.0972 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/24 21:51:13.0157 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/24 21:51:13.0309 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/24 21:51:13.0362 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/09/24 21:51:13.0383 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/09/24 21:51:13.0406 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/09/24 21:51:13.0430 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/09/24 21:51:13.0466 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/09/24 21:51:13.0489 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/09/24 21:51:13.0530 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/09/24 21:51:13.0626 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/24 21:51:13.0651 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/24 21:51:13.0676 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/24 21:51:13.0704 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/09/24 21:51:13.0741 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/09/24 21:51:13.0778 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/24 21:51:13.0814 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/09/24 21:51:13.0882 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/09/24 21:51:13.0929 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/24 21:51:13.0958 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/24 21:51:13.0984 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/24 21:51:14.0082 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/09/24 21:51:14.0119 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/09/24 21:51:14.0185 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/09/24 21:51:14.0260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/09/24 21:51:14.0312 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/24 21:51:14.0398 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/24 21:51:14.0419 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/09/24 21:51:14.0474 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/09/24 21:51:14.0511 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/24 21:51:14.0542 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/09/24 21:51:14.0596 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/09/24 21:51:14.0668 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/24 21:51:14.0770 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/09/24 21:51:14.0911 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/24 21:51:14.0935 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/24 21:51:14.0985 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/24 21:51:15.0016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/09/24 21:51:15.0105 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/24 21:51:15.0171 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/24 21:51:15.0345 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/09/24 21:51:15.0441 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/09/24 21:51:15.0484 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/09/24 21:51:15.0526 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/24 21:51:15.0610 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/09/24 21:51:15.0670 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/09/24 21:51:15.0700 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/09/24 21:51:15.0729 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/09/24 21:51:15.0753 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/09/24 21:51:15.0781 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/09/24 21:51:15.0874 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/24 21:51:15.0978 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/09/24 21:51:16.0032 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/09/24 21:51:16.0075 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/09/24 21:51:16.0187 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/09/24 21:51:16.0219 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
2010/09/24 21:51:16.0259 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/09/24 21:51:16.0363 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/09/24 21:51:16.0533 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
2010/09/24 21:51:16.0723 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/24 21:51:16.0751 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/09/24 21:51:16.0812 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/24 21:51:16.0903 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/09/24 21:51:16.0960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/09/24 21:51:16.0994 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/24 21:51:17.0025 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/24 21:51:17.0064 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/24 21:51:17.0120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/24 21:51:17.0157 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/24 21:51:17.0207 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/24 21:51:17.0278 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/24 21:51:17.0316 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/09/24 21:51:17.0359 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/24 21:51:17.0428 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/09/24 21:51:17.0551 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/24 21:51:17.0612 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/24 21:51:17.0742 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/09/24 21:51:17.0785 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
2010/09/24 21:51:17.0864 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/09/24 21:51:17.0921 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/24 21:51:17.0977 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/24 21:51:18.0013 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/09/24 21:51:18.0041 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/09/24 21:51:18.0068 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/09/24 21:51:18.0118 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/09/24 21:51:18.0149 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/09/24 21:51:18.0170 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/09/24 21:51:18.0202 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/09/24 21:51:18.0239 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/09/24 21:51:18.0267 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/09/24 21:51:18.0288 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/09/24 21:51:18.0355 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/09/24 21:51:18.0497 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/09/24 21:51:18.0562 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys
2010/09/24 21:51:18.0589 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/24 21:51:18.0670 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/24 21:51:18.0826 STHDA (9aefc1bc01e03a4afb8e718fc2f72c10) C:\Windows\system32\DRIVERS\stwrt.sys
2010/09/24 21:51:18.0927 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/24 21:51:18.0964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/09/24 21:51:18.0998 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/09/24 21:51:19.0018 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/09/24 21:51:19.0172 SynTP (a94629c2c456a6d002556563d6b8ad1a) C:\Windows\system32\DRIVERS\SynTP.sys
2010/09/24 21:51:19.0278 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/09/24 21:51:19.0344 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/24 21:51:19.0399 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/24 21:51:19.0439 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/09/24 21:51:19.0467 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/09/24 21:51:19.0520 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/24 21:51:19.0611 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/24 21:51:19.0709 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/24 21:51:19.0794 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/09/24 21:51:19.0869 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/24 21:51:19.0925 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/09/24 21:51:19.0971 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/24 21:51:20.0023 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/09/24 21:51:20.0056 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/09/24 21:51:20.0091 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/09/24 21:51:20.0121 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/09/24 21:51:20.0140 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/24 21:51:20.0189 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/24 21:51:20.0218 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/09/24 21:51:20.0311 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/24 21:51:20.0353 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/24 21:51:20.0387 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/09/24 21:51:20.0430 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/24 21:51:20.0468 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/24 21:51:20.0503 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/24 21:51:20.0535 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/09/24 21:51:20.0643 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
2010/09/24 21:51:20.0746 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/24 21:51:20.0775 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/09/24 21:51:20.0801 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/09/24 21:51:20.0828 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/09/24 21:51:20.0907 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
2010/09/24 21:51:20.0932 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/09/24 21:51:20.0986 volmgrx (78da3cecf76799f20cfd75c617446ab8) C:\Windows\system32\drivers\volmgrx.sys
2010/09/24 21:51:20.0989 Suspicious file (Forged): C:\Windows\system32\drivers\volmgrx.sys. Real md5: 78da3cecf76799f20cfd75c617446ab8, Fake md5: 23e41b834759917bfd6b9a0d625d0c28
2010/09/24 21:51:20.0995 volmgrx - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/24 21:51:21.0041 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/09/24 21:51:21.0076 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/09/24 21:51:21.0115 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/09/24 21:51:21.0141 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/24 21:51:21.0190 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/24 21:51:21.0251 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/09/24 21:51:21.0329 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/24 21:51:21.0604 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
2010/09/24 21:51:21.0709 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/24 21:51:21.0835 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/24 21:51:22.0022 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/09/24 21:51:22.0077 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/24 21:51:22.0194 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/09/24 21:51:22.0365 {55662437-DA8C-40c0-AADA-2C816A897A49} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
2010/09/24 21:51:22.0462 =============================================================================
2010/09/24 21:51:22.0462 Scan finished
2010/09/24 21:51:22.0462
 
Thanks for the help Broni. I ran TDSS Killer and it picked up a rootkit. Tried a few Google searches and no Avast warnings and no redirects (so far). Here's the log.

2010/09/24 21:50:57.0623 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/24 21:50:57.0623 ================================================================================
2010/09/24 21:50:57.0623 SystemInfo:
2010/09/24 21:50:57.0623
2010/09/24 21:50:57.0623 OS Version: 6.0.6002 ServicePack: 2.0
2010/09/24 21:50:57.0623 Product type: Workstation
2010/09/24 21:50:57.0624 ComputerName: ANDREWPC
2010/09/24 21:50:57.0624 UserName: Andrew
2010/09/24 21:50:57.0624 Windows directory: C:\Windows
2010/09/24 21:50:57.0624 System windows directory: C:\Windows
2010/09/24 21:50:57.0624 Processor architecture: Intel x86
2010/09/24 21:50:57.0624 Number of processors: 2
2010/09/24 21:50:57.0624 Page size: 0x1000
2010/09/24 21:50:57.0624 Boot type: Normal boot
2010/09/24 21:50:57.0624 ================================================================================
2010/09/24 21:50:58.0068 Initialize success
2010/09/24 21:51:05.0094 ================================================================================
2010/09/24 21:51:05.0094 Scan started
2010/09/24 21:51:05.0094 Mode: Manual;
2010/09/24 21:51:05.0094 ================================================================================
2010/09/24 21:51:05.0597 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
2010/09/24 21:51:05.0652 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/09/24 21:51:05.0750 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/09/24 21:51:05.0847 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/09/24 21:51:05.0935 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/09/24 21:51:05.0957 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/09/24 21:51:06.0126 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/09/24 21:51:06.0229 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/09/24 21:51:06.0260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/09/24 21:51:06.0287 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
2010/09/24 21:51:06.0313 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/09/24 21:51:06.0344 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
2010/09/24 21:51:06.0375 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/09/24 21:51:06.0402 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/09/24 21:51:06.0494 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/09/24 21:51:06.0514 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/09/24 21:51:06.0599 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/09/24 21:51:06.0730 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/09/24 21:51:06.0814 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/09/24 21:51:06.0964 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/09/24 21:51:06.0996 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/09/24 21:51:07.0098 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/24 21:51:07.0197 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/09/24 21:51:07.0412 BCM43XX (b9dce12ea5d337975c444787b66bbfde) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/09/24 21:51:07.0561 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/09/24 21:51:07.0674 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/09/24 21:51:07.0717 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/24 21:51:08.0007 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/09/24 21:51:08.0029 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/09/24 21:51:08.0117 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/09/24 21:51:08.0142 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/09/24 21:51:08.0170 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/09/24 21:51:08.0206 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/09/24 21:51:08.0304 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/24 21:51:08.0411 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/09/24 21:51:08.0539 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/24 21:51:08.0603 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/09/24 21:51:08.0700 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/24 21:51:08.0809 btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\Windows\system32\drivers\btwaudio.sys
2010/09/24 21:51:08.0876 btwavdt (97062053359f6908e1fb2791bfa54734) C:\Windows\system32\drivers\btwavdt.sys
2010/09/24 21:51:08.0918 btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/09/24 21:51:08.0952 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/24 21:51:09.0052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/24 21:51:09.0090 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/24 21:51:09.0137 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/09/24 21:51:09.0257 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/24 21:51:09.0287 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
2010/09/24 21:51:09.0340 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/24 21:51:09.0366 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/09/24 21:51:09.0423 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/09/24 21:51:09.0534 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/09/24 21:51:09.0684 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/09/24 21:51:09.0794 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/09/24 21:51:09.0882 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/24 21:51:10.0021 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/24 21:51:10.0117 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/09/24 21:51:10.0177 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/09/24 21:51:10.0228 enecir (004b2ea6cc2598ec5f0552e43ce29cef) C:\Windows\system32\DRIVERS\enecir.sys
2010/09/24 21:51:10.0324 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/09/24 21:51:10.0479 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/09/24 21:51:10.0556 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/09/24 21:51:10.0691 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/24 21:51:10.0799 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/09/24 21:51:10.0822 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/09/24 21:51:10.0866 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/24 21:51:10.0916 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/09/24 21:51:10.0994 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/24 21:51:11.0048 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/09/24 21:51:11.0147 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/09/24 21:51:11.0213 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/24 21:51:11.0245 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/09/24 21:51:11.0295 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/24 21:51:11.0387 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/24 21:51:11.0488 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/09/24 21:51:11.0588 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
2010/09/24 21:51:11.0751 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2010/09/24 21:51:11.0867 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/09/24 21:51:11.0902 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/09/24 21:51:11.0982 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/24 21:51:12.0025 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/09/24 21:51:12.0181 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/24 21:51:12.0290 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/09/24 21:51:12.0341 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
2010/09/24 21:51:12.0432 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
2010/09/24 21:51:12.0462 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/24 21:51:12.0574 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/24 21:51:12.0639 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/09/24 21:51:12.0670 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/09/24 21:51:12.0706 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/09/24 21:51:12.0736 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/09/24 21:51:12.0794 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/24 21:51:12.0823 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/09/24 21:51:12.0841 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
 
I'm glad to hear good news :)

We'll keep checking, if nothing else is hiding out there.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 205):
0x82C07000 \SystemRoot\system32\ntkrnlpa.exe
0x82FC0000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80671000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8067F000 \SystemRoot\system32\drivers\acpi.sys
0x806C5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806CE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806D6000 \SystemRoot\system32\drivers\pci.sys
0x806FD000 \SystemRoot\system32\drivers\isapnp.sys
0x8070C000 \SystemRoot\system32\drivers\mpio.sys
0x80728000 \SystemRoot\System32\drivers\partmgr.sys
0x80737000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8073A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80744000 \SystemRoot\system32\drivers\volmgr.sys
0x80753000 \SystemRoot\System32\drivers\volmgrx.sys
0x8079D000 \SystemRoot\system32\drivers\intelide.sys
0x807A4000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807B2000 \SystemRoot\system32\drivers\aliide.sys
0x807B9000 \SystemRoot\system32\drivers\amdide.sys
0x807C0000 \SystemRoot\system32\drivers\cmdide.sys
0x807C8000 \SystemRoot\System32\drivers\mountmgr.sys
0x807D8000 \SystemRoot\system32\drivers\msdsm.sys
0x805C0000 \SystemRoot\system32\drivers\nvraid.sys
0x805DB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807F2000 \SystemRoot\system32\drivers\pciide.sys
0x80400000 \SystemRoot\system32\drivers\viaide.sys
0x80C0C000 \SystemRoot\system32\drivers\iastorv.sys
0x80CAD000 \SystemRoot\system32\drivers\atapi.sys
0x80CB5000 \SystemRoot\system32\drivers\ataport.SYS
0x80CD3000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x80CED000 \SystemRoot\system32\drivers\storport.sys
0x80D2E000 \SystemRoot\system32\drivers\msahci.sys
0x80D38000 \SystemRoot\system32\drivers\hpcisss.sys
0x80D43000 \SystemRoot\system32\drivers\adp94xx.sys
0x80DAD000 \SystemRoot\system32\drivers\adpahci.sys
0x80E0B000 \SystemRoot\system32\drivers\adpu160m.sys
0x80E26000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x80E4C000 \SystemRoot\system32\drivers\adpu320.sys
0x80E72000 \SystemRoot\system32\drivers\djsvs.sys
0x80E86000 \SystemRoot\system32\drivers\arc.sys
0x80E9C000 \SystemRoot\system32\drivers\arcsas.sys
0x80EB2000 \SystemRoot\system32\drivers\elxstor.sys
0x80F46000 \SystemRoot\system32\drivers\i2omp.sys
0x80F50000 \SystemRoot\system32\drivers\iirsp.sys
0x80F60000 \SystemRoot\system32\drivers\iteatapi.sys
0x80F6C000 \SystemRoot\system32\drivers\iteraid.sys
0x80F78000 \SystemRoot\system32\drivers\lsi_fc.sys
0x80F92000 \SystemRoot\system32\drivers\lsi_sas.sys
0x80FAA000 \SystemRoot\system32\drivers\megasas.sys
0x83204000 \SystemRoot\system32\drivers\megasr.sys
0x832BB000 \SystemRoot\system32\drivers\mraid35x.sys
0x832C6000 \SystemRoot\system32\drivers\nfrd960.sys
0x832D4000 \SystemRoot\system32\drivers\nvstor.sys
0x8B20E000 \SystemRoot\system32\drivers\ql2300.sys
0x8B346000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B39B000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B3A8000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B3BD000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B3C9000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B3D4000 \SystemRoot\system32\drivers\sym_u3.sys
0x832E1000 \SystemRoot\system32\drivers\uliahci.sys
0x8B3DF000 \SystemRoot\system32\drivers\ulsata.sys
0x8331D000 \SystemRoot\system32\drivers\ulsata2.sys
0x83349000 \SystemRoot\system32\drivers\vsmraid.sys
0x8336A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8339C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B40F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B480000 \SystemRoot\system32\drivers\ndis.sys
0x8B58B000 \SystemRoot\system32\drivers\msrpc.sys
0x8B5B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B60A000 \SystemRoot\System32\drivers\tcpip.sys
0x8B6F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B802000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B912000 \SystemRoot\system32\drivers\wd.sys
0x8B91A000 \SystemRoot\system32\drivers\volsnap.sys
0x8B953000 \SystemRoot\System32\Drivers\spldr.sys
0x8B95B000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B970000 \SystemRoot\System32\Drivers\mup.sys
0x8B97F000 \SystemRoot\System32\drivers\ecache.sys
0x8B9A6000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8B9AF000 \SystemRoot\system32\drivers\disk.sys
0x8B9C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B9EB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B9F6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B70F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B71E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F204000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F8FF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F9A0000 \SystemRoot\System32\drivers\watchdog.sys
0x8F9AC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F9B7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B722000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B731000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC06000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8FD4E000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8FD70000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FD83000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8FD88000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FD93000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8FDC3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FDC5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FDD0000 \SystemRoot\system32\DRIVERS\enecir.sys
0x8FDE8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F9F5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B7BE000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8B7C9000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B5F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x833AC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x833C3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x833E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x80FB4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x80FC8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x80FDD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FE09000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FE33000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8FE41000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FE4B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FE58000 \SystemRoot\System32\drivers\vga.sys
0x8FE64000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FE85000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8FE94000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FEC9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FEDA000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x8FF3E000 \SystemRoot\system32\DRIVERS\portcls.sys
0x8FF6B000 \SystemRoot\system32\DRIVERS\drmk.sys
0x8FF90000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x8FFB1000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8FFBC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FFCC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FFD3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8FFDC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FFE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FFED000 \SystemRoot\System32\Drivers\Null.SYS
0x8FFF4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FE00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B7F8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B200000 \SystemRoot\System32\Drivers\Msfs.SYS
0x80FED000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B600000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA1001000 \SystemRoot\system32\DRIVERS\tdx.sys
0xA1017000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA1021000 \SystemRoot\system32\DRIVERS\smb.sys
0xA1035000 \SystemRoot\system32\drivers\afd.sys
0xA107D000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA1082000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA10B4000 \SystemRoot\system32\DRIVERS\pacer.sys
0xA10CA000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA10D8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA10EB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA1127000 \SystemRoot\system32\drivers\nsiproxy.sys
0xA1131000 \SystemRoot\System32\Drivers\dfsc.sys
0xA1148000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA116F000 \SystemRoot\system32\drivers\RTSTOR.SYS
0xA1182000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA1199000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA11A2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA11B7000 \SystemRoot\system32\DRIVERS\udfs.sys
0xA11F2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B9C9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B9D4000 \SystemRoot\System32\Drivers\dump_msahci.sys
0xA860C000 \SystemRoot\System32\Drivers\usbvideo.sys
0xA862D000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xA863A000 \SystemRoot\System32\Drivers\bthport.sys
0xA86BA000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xA86E3000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xA94E0000 \SystemRoot\System32\win32k.sys
0xA86ED000 \SystemRoot\System32\drivers\Dxapi.sys
0xA86F7000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xA8711000 \SystemRoot\system32\drivers\btwavdt.sys
0xA877C000 \SystemRoot\system32\drivers\btwaudio.sys
0xA87FC000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0xA9700000 \SystemRoot\System32\TSDDD.dll
0xA9720000 \SystemRoot\System32\cdd.dll
0xAAA0B000 \SystemRoot\system32\drivers\luafv.sys
0xAAA26000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0xAAA5D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAAA60000 \SystemRoot\system32\drivers\WudfPf.sys
0xAAA7A000 \SystemRoot\system32\drivers\spsys.sys
0xAAB2A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAAB3A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAAB64000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAAB6E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAAB81000 \SystemRoot\system32\drivers\HTTP.sys
0xB060F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB062C000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB0645000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB065A000 \SystemRoot\system32\drivers\mrxdav.sys
0xB067B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB069A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB06D3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB06EB000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB0712000 \SystemRoot\System32\DRIVERS\srv.sys
0xB0C06000 \SystemRoot\system32\drivers\peauth.sys
0xB0CE4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB0CEE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB0CFA000 \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
0x777D0000 \Windows\System32\ntdll.dll

Processes (total 76):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
564 csrss.exe
612 C:\Windows\System32\wininit.exe
624 csrss.exe
656 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\stacsv.exe
1236 C:\Windows\System32\audiodg.exe
1392 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\SLsvc.exe
1500 C:\Windows\System32\svchost.exe
1596 C:\Windows\System32\hpservice.exe
1668 C:\Windows\System32\svchost.exe
1820 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1840 C:\Windows\System32\wlanext.exe
500 C:\Windows\System32\spoolsv.exe
536 C:\Windows\System32\svchost.exe
540 C:\Windows\System32\taskeng.exe
512 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_b9d13b43\AEstSrv.exe
1676 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
1368 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2332 C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
2396 C:\Windows\System32\svchost.exe
2408 C:\Program Files\SMINST\BLService.exe
2452 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2460 postgres.exe
2484 C:\Windows\System32\svchost.exe
2536 C:\Windows\System32\svchost.exe
2556 C:\Windows\System32\SearchIndexer.exe
2716 postgres.exe
2832 postgres.exe
2844 postgres.exe
2852 postgres.exe
2860 postgres.exe
2268 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4044 C:\Windows\System32\taskeng.exe
2908 C:\Windows\System32\dwm.exe
4080 C:\Windows\explorer.exe
3556 C:\Windows\System32\hkcmd.exe
3820 C:\Windows\System32\igfxpers.exe
3956 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4056 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
3580 C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
2232 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3412 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3444 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3824 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
2360 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1124 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3972 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1512 C:\Program Files\uTorrent\uTorrent.exe
3536 C:\Program Files\Rainmeter\Rainmeter.exe
2476 C:\Windows\ehome\ehtray.exe
2236 C:\Windows\ehome\ehmsas.exe
892 C:\Windows\System32\igfxsrvc.exe
3320 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3844 WmiPrvSE.exe
1736 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
2164 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4612 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4608 C:\Program Files\MediaMonkey\MediaMonkey.exe
4664 C:\Program Files\Mozilla Firefox\firefox.exe
1780 C:\Windows\System32\SearchProtocolHost.exe
5788 C:\Users\Andrew\Desktop\MBRCheck.exe
5608 C:\Windows\System32\SearchFilterHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`6bc00000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST9250320AS, Rev: HP07
PhysicalDrive1 Model Number: WDExt HDD 1021, Rev: 2002

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D
931 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Your MBR seems to be infected....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Hey Broli, is there any possible way that I could boot from a flash drive instead of a CD? I don't have any blank CDs and I couldn't get any until Monday at the earliest. If it's not possible I understand.
 
You have two choices...
Get a blank CD, or....
If your BIOS support booting from USB flash drive, you could create Vista recovery disk as described here: http://www.windowsitpro.com/article/deployment/using-a-usb-flash-drive-to-recover-windows-vista.aspx

When done....

Boot from created disk.
At first screen click on Repair your computer:
setup-option.jpg

This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.
 
Hi Broli,

I got some blank CDs and did as you requested. I got all the way down to selecting English as the default keyboard layout after booting from the CD, and then I got this error:

"Can't open CD driver CDRCACH. SHSUCDX can't install."
 
Dang! I've seen this error before, but I can't recall the solution...

Shot it the dark...
Is it CDR, or CDRW?
 
I found this advice:
I went into BIOS / Advanced Menu / Drive Configuration / noticed that the second line <Configure SATA AS> was set to RAID by default. So reset it to IDE, save and exit.
Click to expand...
Eventually reset BIOS to defaults.
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back