Inactive Possible virus/malware has crippled system stabiliy

Status
Not open for further replies.
oscar1987

oscar1987

Posts: 90   +1
laptop was infected a few weeks ago, tried to clean up with little success. pc slow to respond to comands.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5178

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/23/2010 8:03:34 PM
mbam-log-2010-11-23 (20-03-34).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 189292
Time elapsed: 47 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS (Ver_10-12-12.02) - NTFSx86
Run by oviedo at 0:44:19.36 on Mon 12/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.292 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\oviedo\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNDkxMjI0MzM1LVhPMTArMi1YMjAxMCsyLVFJWDErMw"&"prod=90"&"ver=10.0.1170
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\oviedo\appdata\roaming\mozilla\firefox\profiles\06zbtkfj.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-13 162768]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2010-10-29 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-13 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-13 51792]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-4-5 103992]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-4-9 26168]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2010-10-29 228896]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-29 233472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-30 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

=============== Created Last 30 ================

2010-12-13 05:35:28 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-13 05:35:08 -------- d-----w- c:\progra~2\Alwil Software
2010-11-24 03:09:52 -------- d-----w- c:\program files\CCleaner
2010-11-24 03:06:24 -------- d-----w- c:\users\oviedo\appdata\roaming\Malwarebytes
2010-11-24 03:06:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 03:06:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 03:06:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 03:06:05 -------- d-----w- c:\progra~2\Malwarebytes

==================== Find3M ====================

2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 0:45:45.31 ===============



DDS (Ver_10-12-12.02) - NTFSx86
Run by oviedo at 0:44:19.36 on Mon 12/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.292 [GMT -5:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\oviedo\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNDkxMjI0MzM1LVhPMTArMi1YMjAxMCsyLVFJWDErMw"&"prod=90"&"ver=10.0.1170
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\oviedo\appdata\roaming\mozilla\firefox\profiles\06zbtkfj.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-13 162768]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2010-10-29 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-13 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-13 51792]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-4-5 103992]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-4-9 26168]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2010-10-29 228896]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-29 233472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-30 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

=============== Created Last 30 ================

2010-12-13 05:35:28 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-13 05:35:08 -------- d-----w- c:\progra~2\Alwil Software
2010-11-24 03:09:52 -------- d-----w- c:\program files\CCleaner
2010-11-24 03:06:24 -------- d-----w- c:\users\oviedo\appdata\roaming\Malwarebytes
2010-11-24 03:06:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 03:06:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 03:06:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 03:06:05 -------- d-----w- c:\progra~2\Malwarebytes

==================== Find3M ====================

2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 0:45:45.31 ===============



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-13 00:43:35
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0
Running: 25gs1gj7.exe; Driver: C:\Users\oviedo\AppData\Local\Temp\pxryapow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 02: copy of MBR

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA21EA32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA21EA468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice AVGIDSFilter.Sys

Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
attach log



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 10/29/2010 10:31:34 PM
System Uptime: 12/12/2010 10:08:02 PM (2 hours ago)

Motherboard: Hewlett-Packard | | 148A
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz | CPU | 999/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 134 GiB total, 113.685 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.183 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP7: 10/29/2010 7:33:09 PM - First_User_Boot
RP8: 10/29/2010 7:34:37 PM - Windows Update
RP9: 10/29/2010 7:57:20 PM - Windows Update
RP10: 10/31/2010 10:12:38 AM - Windows Update
RP11: 11/1/2010 10:49:51 AM - Windows Update
RP12: 11/2/2010 11:03:08 AM - Windows Update
RP13: 11/4/2010 10:32:04 AM - Windows Update
RP14: 11/5/2010 10:35:07 AM - Windows Update
RP15: 11/9/2010 10:35:20 AM - Windows Update
RP16: 11/9/2010 11:43:10 PM - Windows Update
RP17: 11/9/2010 11:52:56 PM - Installed AVG 2011
RP18: 11/9/2010 11:53:40 PM - Installed AVG 2011
RP19: 11/11/2010 9:22:24 PM - Windows Update
RP20: 11/23/2010 10:03:31 PM - Windows Update
RP21: 12/13/2010 12:31:20 AM - Removed AVG 2011
RP22: 12/13/2010 12:34:04 AM - Removed AVG 2011
RP23: 12/13/2010 12:34:11 AM - avast! Free Antivirus Setup

==== Installed Programs ======================

ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Atheros Driver Installation Program
avast! Free Antivirus
AVG 2011
CCleaner
ESU for Microsoft Windows 7
Google Toolbar for Internet Explorer
Google Update Helper
HP Customer Experience Enhancements
HP Quick Launch
HP Software Framework
HP Support Assistant
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
Realtek Ethernet Controller Driver For Windows 7
Realtek PCIE Card Reader
Recovery Manager
Skype Toolbars
Skype™ 5.0
Synaptics Pointing Device Driver

==== Event Viewer Messages From Past Week ========

12/6/2010 10:00:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

==== End Of File ===========================
 
You're running two AV programs, AVG and Avast.
One of them has to go.
If AVG (preferably), use this tool to uninstall it: http://www.avg.com/us-en/download-tools

========================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
avg is gone



2010/12/13 15:37:21.0244 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/13 15:37:21.0244 ================================================================================
2010/12/13 15:37:21.0245 SystemInfo:
2010/12/13 15:37:21.0245
2010/12/13 15:37:21.0245 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/13 15:37:21.0245 Product type: Workstation
2010/12/13 15:37:21.0245 ComputerName: OVIEDO-PC
2010/12/13 15:37:21.0249 UserName: oviedo
2010/12/13 15:37:21.0249 Windows directory: C:\Windows
2010/12/13 15:37:21.0249 System windows directory: C:\Windows
2010/12/13 15:37:21.0249 Processor architecture: Intel x86
2010/12/13 15:37:21.0249 Number of processors: 2
2010/12/13 15:37:21.0249 Page size: 0x1000
2010/12/13 15:37:21.0250 Boot type: Normal boot
2010/12/13 15:37:21.0250 ================================================================================
2010/12/13 15:37:22.0172 Initialize success
2010/12/13 15:37:27.0544 ================================================================================
2010/12/13 15:37:27.0544 Scan started
2010/12/13 15:37:27.0544 Mode: Manual;
2010/12/13 15:37:27.0544 ================================================================================
2010/12/13 15:37:28.0524 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/13 15:37:28.0611 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/13 15:37:28.0753 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/13 15:37:28.0908 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/13 15:37:29.0020 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/13 15:37:29.0119 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/13 15:37:29.0330 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/13 15:37:29.0386 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/13 15:37:29.0481 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/13 15:37:29.0597 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/13 15:37:29.0661 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/13 15:37:29.0728 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/13 15:37:29.0802 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/13 15:37:29.0863 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/13 15:37:29.0945 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/13 15:37:30.0013 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/13 15:37:30.0531 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/13 15:37:30.0591 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/13 15:37:30.0639 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/13 15:37:30.0669 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/13 15:37:30.0738 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2010/12/13 15:37:30.0813 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2010/12/13 15:37:30.0863 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2010/12/13 15:37:30.0929 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2010/12/13 15:37:31.0000 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2010/12/13 15:37:31.0064 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/13 15:37:31.0128 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/13 15:37:31.0261 athr (6a661d017c4e5cd313f6a55acf1d7465) C:\Windows\system32\DRIVERS\athr.sys
2010/12/13 15:37:31.0516 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/13 15:37:31.0591 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/13 15:37:31.0652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/13 15:37:31.0713 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/13 15:37:31.0750 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/13 15:37:31.0792 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/13 15:37:31.0818 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/13 15:37:31.0855 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/13 15:37:31.0896 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/13 15:37:31.0923 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/13 15:37:31.0948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/13 15:37:31.0975 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/13 15:37:32.0048 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/13 15:37:32.0175 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/13 15:37:32.0225 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/13 15:37:32.0301 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/13 15:37:32.0365 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/13 15:37:32.0400 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/13 15:37:32.0499 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/13 15:37:32.0549 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/13 15:37:32.0594 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/13 15:37:32.0650 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/13 15:37:32.0743 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/13 15:37:32.0780 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/13 15:37:32.0833 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/13 15:37:32.0894 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/13 15:37:32.0956 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/13 15:37:33.0291 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/13 15:37:33.0726 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/13 15:37:33.0775 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/13 15:37:33.0883 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/13 15:37:33.0935 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/13 15:37:33.0998 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/13 15:37:34.0050 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/13 15:37:34.0089 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/13 15:37:34.0119 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/13 15:37:34.0177 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/13 15:37:34.0215 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/13 15:37:34.0259 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/13 15:37:34.0358 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/13 15:37:34.0467 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/13 15:37:34.0569 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/13 15:37:34.0642 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/13 15:37:34.0705 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/13 15:37:34.0735 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/13 15:37:34.0776 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/13 15:37:34.0821 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/13 15:37:34.0868 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/13 15:37:35.0184 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/13 15:37:35.0502 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/13 15:37:35.0581 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/13 15:37:35.0657 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/13 15:37:35.0822 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/13 15:37:35.0886 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/13 15:37:36.0323 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/13 15:37:36.0574 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/13 15:37:36.0624 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/13 15:37:36.0669 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/13 15:37:36.0700 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/13 15:37:36.0731 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/13 15:37:36.0760 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/13 15:37:36.0798 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/13 15:37:36.0824 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/13 15:37:36.0906 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/13 15:37:36.0974 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/13 15:37:37.0031 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/13 15:37:37.0097 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/13 15:37:37.0152 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/13 15:37:37.0252 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/13 15:37:37.0339 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/13 15:37:37.0372 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/13 15:37:37.0410 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/13 15:37:37.0447 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/13 15:37:37.0497 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/13 15:37:37.0525 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/13 15:37:37.0558 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/13 15:37:37.0593 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/13 15:37:37.0629 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/13 15:37:37.0660 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/13 15:37:37.0707 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/13 15:37:37.0749 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/13 15:37:37.0782 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/13 15:37:37.0822 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/13 15:37:37.0858 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/13 15:37:37.0956 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/13 15:37:38.0049 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/13 15:37:38.0100 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/13 15:37:38.0155 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/13 15:37:38.0197 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/13 15:37:38.0253 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/13 15:37:38.0298 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/13 15:37:38.0328 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/13 15:37:38.0392 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/13 15:37:38.0465 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/13 15:37:38.0510 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/13 15:37:38.0585 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/13 15:37:38.0643 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/13 15:37:38.0700 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/13 15:37:38.0746 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/13 15:37:38.0785 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/13 15:37:38.0918 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/13 15:37:38.0989 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/13 15:37:39.0071 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/13 15:37:39.0126 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/13 15:37:39.0183 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/13 15:37:39.0242 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/13 15:37:39.0299 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/13 15:37:39.0369 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/13 15:37:39.0446 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/13 15:37:39.0665 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/12/13 15:37:39.0946 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/13 15:37:40.0003 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/13 15:37:40.0052 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/13 15:37:40.0131 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/13 15:37:40.0210 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/13 15:37:40.0270 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/13 15:37:40.0305 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/13 15:37:40.0340 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/13 15:37:40.0384 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/13 15:37:40.0437 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/13 15:37:40.0492 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/13 15:37:40.0522 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/13 15:37:40.0571 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/13 15:37:40.0620 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/13 15:37:40.0655 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/13 15:37:40.0699 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/13 15:37:40.0758 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/13 15:37:40.0881 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/13 15:37:40.0925 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/13 15:37:40.0996 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/13 15:37:41.0090 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/13 15:37:41.0175 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/13 15:37:41.0221 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/13 15:37:41.0253 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/13 15:37:41.0347 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/13 15:37:41.0403 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/13 15:37:41.0468 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/13 15:37:41.0524 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/13 15:37:41.0574 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/13 15:37:41.0625 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/13 15:37:41.0663 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/13 15:37:41.0720 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/13 15:37:41.0762 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/13 15:37:41.0809 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/13 15:37:41.0866 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/13 15:37:41.0967 RSPCIESTOR (c51ecfc6778829dce1971ebffc8c1de2) C:\Windows\system32\DRIVERS\RtsPStor.sys
2010/12/13 15:37:42.0018 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/13 15:37:42.0091 RTL8167 (d4762797e31d3005a8956ee666a9613a) C:\Windows\system32\DRIVERS\Rt86win7.sys
2010/12/13 15:37:42.0175 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/13 15:37:42.0216 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/13 15:37:42.0269 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/13 15:37:42.0320 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/13 15:37:42.0375 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/13 15:37:42.0421 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/13 15:37:42.0453 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/13 15:37:42.0505 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/13 15:37:42.0536 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/13 15:37:42.0567 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/13 15:37:42.0598 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/13 15:37:42.0643 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/13 15:37:42.0681 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/13 15:37:42.0715 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/13 15:37:42.0762 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/13 15:37:42.0828 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/13 15:37:42.0918 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/13 15:37:42.0977 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/13 15:37:43.0061 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/13 15:37:43.0135 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2010/12/13 15:37:43.0245 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2010/12/13 15:37:43.0331 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/13 15:37:43.0436 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/13 15:37:43.0528 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
2010/12/13 15:37:43.0615 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/13 15:37:43.0701 SynTP (60900234ec482627a33081a453c63776) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/13 15:37:43.0829 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/13 15:37:43.0966 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/13 15:37:44.0041 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/13 15:37:44.0096 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/13 15:37:44.0128 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/13 15:37:44.0177 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/13 15:37:44.0222 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/13 15:37:44.0293 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/13 15:37:44.0359 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/13 15:37:44.0393 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/13 15:37:44.0463 udfs (2efee45a340e1590e37c2f2bac16d051) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/13 15:37:44.0535 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/13 15:37:44.0610 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/13 15:37:44.0643 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/13 15:37:44.0691 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/13 15:37:44.0727 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/13 15:37:44.0778 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/13 15:37:44.0823 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/13 15:37:44.0871 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/13 15:37:44.0903 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/13 15:37:44.0940 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/13 15:37:44.0982 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/13 15:37:45.0058 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2010/12/13 15:37:45.0140 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/13 15:37:45.0188 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/13 15:37:45.0263 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/13 15:37:45.0299 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/13 15:37:45.0349 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/13 15:37:45.0389 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/13 15:37:45.0430 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/13 15:37:45.0484 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/13 15:37:45.0534 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/13 15:37:45.0585 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/13 15:37:45.0653 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/13 15:37:45.0703 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/12/13 15:37:45.0755 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/12/13 15:37:45.0818 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/13 15:37:45.0885 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/13 15:37:45.0902 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/13 15:37:45.0973 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/13 15:37:46.0032 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/13 15:37:46.0149 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/13 15:37:46.0197 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/13 15:37:46.0312 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/13 15:37:46.0379 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/13 15:37:46.0445 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/13 15:37:46.0527 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2010/12/13 15:37:46.0604 ================================================================================
2010/12/13 15:37:46.0604 Scan finished
2010/12/13 15:37:46.0604 ================================================================================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Starter Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Mini 110-3000
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 184):
0x81854000 \SystemRoot\system32\ntkrnlpa.exe
0x8181D000 \SystemRoot\system32\halmacpi.dll
0x81765000 \SystemRoot\system32\kdcom.dll
0x81E0D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x81E85000 \SystemRoot\system32\PSHED.dll
0x81E96000 \SystemRoot\system32\BOOTVID.dll
0x81E9E000 \SystemRoot\system32\CLFS.SYS
0x81EE0000 \SystemRoot\system32\CI.dll
0x81F8B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8600E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8601C000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x86064000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8606D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x86075000 \SystemRoot\system32\DRIVERS\pci.sys
0x8609F000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x860AA000 \SystemRoot\System32\drivers\partmgr.sys
0x860BB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x860C3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x860CE000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x860DE000 \SystemRoot\System32\drivers\volmgrx.sys
0x86129000 \SystemRoot\System32\drivers\mountmgr.sys
0x86239000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x86313000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8631C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8633F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x86349000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x86357000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x86360000 \SystemRoot\system32\drivers\fltmgr.sys
0x86394000 \SystemRoot\system32\drivers\fileinfo.sys
0x86435000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86564000 \SystemRoot\System32\Drivers\msrpc.sys
0x8658F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x865A2000 \SystemRoot\System32\Drivers\cng.sys
0x86400000 \SystemRoot\System32\drivers\pcw.sys
0x8640E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8613F000 \SystemRoot\system32\drivers\ndis.sys
0x863A5000 \SystemRoot\system32\drivers\NETIO.SYS
0x86200000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x86612000 \SystemRoot\System32\drivers\tcpip.sys
0x8675B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8678C000 \SystemRoot\system32\DRIVERS\wd.sys
0x86794000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x867D3000 \SystemRoot\System32\Drivers\spldr.sys
0x8680A000 \SystemRoot\System32\drivers\rdyboost.sys
0x86837000 \SystemRoot\System32\Drivers\mup.sys
0x86847000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8684F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x86881000 \SystemRoot\system32\DRIVERS\disk.sys
0x86892000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x869AF000 \SystemRoot\System32\Drivers\Null.SYS
0x869B6000 \SystemRoot\System32\Drivers\Beep.SYS
0x869BD000 \SystemRoot\System32\drivers\vga.sys
0x869C9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x869EA000 \SystemRoot\System32\drivers\watchdog.sys
0x869F7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x86800000 \SystemRoot\system32\drivers\rdpencdd.sys
0x867DB000 \SystemRoot\system32\drivers\rdprefmp.sys
0x867E3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x867EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x86417000 \SystemRoot\system32\DRIVERS\tdx.sys
0x86600000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x86225000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x87809000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8783B000 \SystemRoot\system32\drivers\afd.sys
0x87895000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8789A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x878A1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x878C0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x878D1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x878DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x878F2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x87902000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x87943000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8794D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x87957000 \SystemRoot\System32\drivers\discache.sys
0x87963000 \SystemRoot\System32\Drivers\dfsc.sys
0x8797B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x87989000 \SystemRoot\System32\Drivers\aswSP.SYS
0x879B0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x879D1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x879E3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A014000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8A51C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8A546000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AC16000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8AC4F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AC6E000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x8ACAB000 \SystemRoot\system32\DRIVERS\RtsPStor.sys
0x8AA38000 \SystemRoot\system32\DRIVERS\athr.sys
0x8AB6F000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x8AB79000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AB84000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ABCF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8ABDE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ACE5000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8AA0D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8AA0F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AA1C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8AA25000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8AD20000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8AD32000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AD4A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AD55000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AD77000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AD8F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ADA6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AA32000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ADBD000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ADF1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C02F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C073000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C084000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x8C0F0000 \SystemRoot\system32\DRIVERS\portcls.sys
0x8C11F000 \SystemRoot\system32\DRIVERS\drmk.sys
0x8CCC0000 \SystemRoot\System32\win32k.sys
0x8C138000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C142000 \SystemRoot\System32\Drivers\crashdmp.sys
0x868B7000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8C14F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8C160000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8C16B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C182000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8CF20000 \SystemRoot\System32\TSDDD.dll
0x8CF50000 \SystemRoot\System32\cdd.dll
0x8C1A6000 \SystemRoot\system32\drivers\luafv.sys
0x8C1C1000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8C1F8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8C000000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA0E06000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA0E4C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0E5C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0E6F000 \SystemRoot\system32\drivers\HTTP.sys
0xA0EF4000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA0F0D000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0F1F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0F42000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0F7D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2A18000 \SystemRoot\system32\drivers\peauth.sys
0xA2AAF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2AB9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA2ADA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2AE7000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2B36000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2B87000 \SystemRoot\system32\drivers\spsys.sys
0x77420000 \Windows\System32\ntdll.dll
0x48530000 \Windows\System32\smss.exe
0x77660000 \Windows\System32\apisetschema.dll
0x00BF0000 \Windows\System32\autochk.exe
0x77640000 \Windows\System32\psapi.dll
0x775C0000 \Windows\System32\comdlg32.dll
0x77280000 \Windows\System32\setupapi.dll
0x771F0000 \Windows\System32\oleaut32.dll
0x77110000 \Windows\System32\kernel32.dll
0x77560000 \Windows\System32\difxapi.dll
0x770F0000 \Windows\System32\imm32.dll
0x77050000 \Windows\System32\advapi32.dll
0x77010000 \Windows\System32\ws2_32.dll
0x76ED0000 \Windows\System32\urlmon.dll
0x76D70000 \Windows\System32\ole32.dll
0x76D60000 \Windows\System32\nsi.dll
0x76D40000 \Windows\System32\sechost.dll
0x76C90000 \Windows\System32\rpcrt4.dll
0x76BE0000 \Windows\System32\msvcrt.dll
0x76BD0000 \Windows\System32\normaliz.dll
0x76B40000 \Windows\System32\clbcatq.dll
0x76A70000 \Windows\System32\user32.dll
0x76A40000 \Windows\System32\imagehlp.dll
0x76840000 \Windows\System32\iertutil.dll
0x767F0000 \Windows\System32\Wldap32.dll
0x767E0000 \Windows\System32\lpk.dll
0x76710000 \Windows\System32\msctf.dll
0x76610000 \Windows\System32\wininet.dll
0x765C0000 \Windows\System32\gdi32.dll
0x76560000 \Windows\System32\shlwapi.dll
0x75910000 \Windows\System32\shell32.dll
0x75870000 \Windows\System32\usp10.dll
0x75840000 \Windows\System32\wintrust.dll
0x75720000 \Windows\System32\crypt32.dll
0x75690000 \Windows\System32\comctl32.dll
0x75660000 \Windows\System32\cfgmgr32.dll
0x75640000 \Windows\System32\devobj.dll
0x755F0000 \Windows\System32\KernelBase.dll
0x755E0000 \Windows\System32\msasn1.dll

Processes (total 60):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
412 csrss.exe
468 C:\Windows\System32\wininit.exe
476 csrss.exe
532 C:\Windows\System32\winlogon.exe
560 C:\Windows\System32\services.exe
584 C:\Windows\System32\lsass.exe
592 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe
1088 C:\Windows\System32\audiodg.exe
1172 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\svchost.exe
1428 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1724 C:\Windows\System32\spoolsv.exe
1752 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe
1908 C:\Windows\System32\svchost.exe
1936 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2004 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2188 C:\Windows\System32\taskhost.exe
2200 C:\Windows\System32\taskeng.exe
2260 C:\Windows\System32\dwm.exe
2292 C:\Windows\explorer.exe
2588 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2600 C:\Windows\System32\igfxtray.exe
2608 C:\Windows\System32\hkcmd.exe
2620 C:\Windows\System32\igfxpers.exe
2652 C:\Program Files\IDT\WDM\sttray.exe
2676 C:\Windows\System32\igfxsrvc.exe
2696 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2704 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
2724 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2944 WmiPrvSE.exe
3176 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3236 C:\Windows\System32\SearchIndexer.exe
3360 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
3500 C:\Program Files\Mozilla Firefox\firefox.exe
3864 C:\Program Files\Mozilla Firefox\plugin-container.exe
2784 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2800 C:\Windows\System32\ctfmon.exe
3092 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
2500 C:\Windows\System32\sppsvc.exe
2484 C:\Windows\System32\svchost.exe
1308 WmiPrvSE.exe
3228 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
3456 C:\Windows\System32\SearchProtocolHost.exe
3440 C:\Windows\System32\SearchFilterHost.exe
416 C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
1068 dllhost.exe
1520 dllhost.exe
644 C:\Users\oviedo\Downloads\MBRCheck.exe
2912 C:\Windows\System32\conhost.exe
496 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000021`6eb00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000025`3cc00000 (FAT32)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22A23T0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: ED0B85ECEE4F82272B42C63F4FC81A63D093F061


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
combo fix



ComboFix 10-12-13.02 - oviedo 12/13/2010 17:20:33.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.414 [GMT -5:00]
Running from: c:\users\oviedo\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-13 22:50 . 2010-12-13 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-13 22:12 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1AE3409-3BB0-452F-BDF0-9C1834BCC0C0}\mpengine.dll
2010-12-13 22:10 . 2010-12-13 22:15 -------- d-----w- C:\32788R22FWJFW
2010-12-13 06:01 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-13 05:35 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-13 05:35 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-13 05:35 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-13 05:35 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-13 05:35 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-13 05:35 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-13 05:35 . 2010-12-13 05:35 -------- d-----w- c:\programdata\Alwil Software
2010-12-13 05:35 . 2010-12-13 05:35 -------- d-----w- c:\program files\Alwil Software
2010-11-24 03:09 . 2010-11-24 03:09 -------- d-----w- c:\program files\CCleaner
2010-11-24 03:06 . 2010-11-24 03:06 -------- d-----w- c:\users\oviedo\AppData\Roaming\Malwarebytes
2010-11-24 03:06 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 03:06 . 2010-11-24 03:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 03:06 . 2010-11-24 03:06 -------- d-----w- c:\programdata\Malwarebytes
2010-11-24 03:06 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 02:58 . 2010-11-24 02:58 -------- d-----w- c:\users\oviedo\AppData\Local\Mozilla
2010-11-24 02:58 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2010-10-29 23:57 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-24 495708]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-04-09 601144]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-04-09 26168]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-04-20 228896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-28 233472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 22:18]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-30 22:18]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\users\oviedo\AppData\Roaming\Mozilla\Firefox\Profiles\06zbtkfj.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-13 18:04:30
ComboFix-quarantined-files.txt 2010-12-13 23:04

Pre-Run: 121,494,654,976 bytes free
Post-Run: 121,426,649,088 bytes free

- - End Of File - - BFFDF745FDE261589D89905EEE2095B9
 
Combofix log looks clean, but we have to fix your MBR:
Found non-standard or infected MBR.
Click to expand...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Create bootable USB flash drive as described here: http://www.intowindows.com/how-to-r...h-drive-repair-without-installation-dvd-disc/

Then....

Boot from created USB.

Vista users. At first screen click on Repair your computer:
setup-option.jpg


Windows 7 users. At first screen click on Install now:
25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

Select your language and click next:
25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

Click the button for "Use recovery tools":
25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png


The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni

Latest posts

Back