[Inactive] Search Engine redirect problem

msmall10 · Nov 25, 2010

For about 2 weeks, I've had the google (and other search engine) redirect virus/ trojan. I have malwarebytes, spyware doctor, superanti spyware and symantec, but none of them are picking it up. I also tried using TFC and GMER, but they came up with nothing. Let me know what logs and other info i need to post so i can finally get rid of this. Thanks.

Broni · Nov 25, 2010

Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

msmall10 · Nov 25, 2010

Through 3 steps... Here's the Malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5189

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/25/2010 7:45:34 PM
mbam-log-2010-11-25 (19-45-34).txt

Scan type: Quick scan
Objects scanned: 166833
Time elapsed: 13 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

msmall10 · Nov 25, 2010

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-25 19:48:35
Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD321KJ rev.CP100-11
Running: p5429gd1.exe; Driver: C:\Users\MATTSM~1\AppData\Local\Temp\fxldypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-11-26.01) - NTFSx86
Run by matt small at 19:49:49.52 on Thu 11/25/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3061.1420 [GMT -5:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AnywhereTS\srv\srvstart.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\AnywhereTS\srv\tftpd32.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\matt small\Program Files\DNA\btdna.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Users\matt small\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYATQA9N\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

============== Pseudo HJT Report ===============

uStart Page = https://secure.logmein.com/login.asp
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070927
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [BitTorrent DNA] "c:\users\matt small\program files\dna\btdna.exe"
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\users\mattsm~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\mattsm~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mlbtvn~1.lnk - c:\users\matt small\appdata\local\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: webattend.com
Trusted Zone: webtrain.com
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} - hxxp://www.webattend.com/components/wt0523.cab
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=cce877c8fbf127563&browserVersion=8.0
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\mattsm~1\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\matt small\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\matt small\appdata\roaming\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\matt small\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\matt small\appdata\roaming\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\users\matt small\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\users\matt small\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\matt small\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-24 218592]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2008-12-19 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-6 176128]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-11-24 112592]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-9-29 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-23 304464]
R2 MCEBuddy;MCEBuddy Service;c:\program files\tyrell\mcebuddy\MCEBuddySvc.exe [2010-1-24 20480]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-24 366840]
R2 sdcoreservice;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-24 1142224]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
R2 TS_TFTP;TS TFTP;c:\program files\anywherets\srv\srvstart.exe [2007-10-29 36864]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-21 24652]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-10-12 46824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-23 20952]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-29 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9e2c2e102d9f;Google Update Service (gupdate1c9e2c2e102d9f);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-7-6 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-6 210944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-6-19 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-19 29472]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2010-5-13 39048]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SavRoam;SavRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400]

=============== Created Last 30 ================

2010-11-25 04:56:31 767952 ----a-w- c:\windows\BDTSupport.dll
2010-11-25 04:56:30 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-11-25 04:56:29 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-11-25 04:56:29 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-11-25 04:52:15 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-25 04:52:15 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-11-25 04:52:02 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-25 04:52:02 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-25 04:51:55 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-25 04:51:45 -------- d-----w- c:\users\mattsm~1\appdata\roaming\PC Tools
2010-11-25 04:51:45 -------- d-----w- c:\program files\Spyware Doctor
2010-11-25 04:51:45 -------- d-----w- c:\program files\common files\PC Tools
2010-11-25 04:51:45 -------- d-----w- c:\progra~2\PC Tools
2010-11-25 02:48:32 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2010-11-25 02:48:30 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2010-11-24 10:05:52 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-24 03:20:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-24 03:20:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-24 03:20:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-15 03:49:26 105984 --sha-r- c:\windows\system32\usp10J.dll
2010-11-12 08:40:44 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0b1a8904-f55d-4a1e-8e5b-6f028f1e69f6}\mpengine.dll
2010-11-12 02:03:43 -------- d-----w- c:\users\mattsm~1\appdata\roaming\FixCleaner
2010-11-12 02:01:35 -------- d-----w- c:\program files\FixCleaner
2010-11-08 21:18:23 -------- d-----w- c:\progra~2\Metacafe
2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-10-27 00:57:38 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 00:57:38 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 00:57:38 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 00:57:38 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 00:57:31 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-29 18:46:50 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-09-29 18:46:50 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-09-29 18:46:50 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2010-09-29 18:46:50 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-09-25 21:06:12 172032 ----a-w- c:\windows\system32\rdpclip.exe
2010-09-23 04:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 18:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-14 15:31:54 163802 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 19:51:21.49 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-26.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 1/6/2010 6:38:55 PM
System Uptime: 11/25/2010 7:26:48 PM (0 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E4400 @ 2.00GHz | Socket 775 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 273 GiB total, 109.96 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.025 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 186.775 GiB free.
F: is CDROM ()
I: is FIXED (NTFS) - 233 GiB total, 22.928 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 6500 E709n
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

"Nero SoundTrax Help
32 Bit HP CIO Components Installer
4Media Video Converter Ultimate
6500_E709_eDocs
6500_E709_Help
6500_E709n
7-Zip 4.57
Acrobat.com
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 6.0
Adobe Photoshop CS3
Adobe Reader 9.4.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
AIM 6
AMD Drag and Drop Transcoding
AnswerWorks 5.0 English Runtime
AnywhereTS
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Parental Control & Encoder
Audacity 1.3.4 (Unicode)
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BitPim 1.0.7
BitTorrent
Bonjour
Boris Graffiti
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Defender 2.0.6.15
BufferChm
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
Cinergy Script Editor
Combined Community Codec Pack 2007-07-22
Connect
Creative MediaSource 5
D3DX10
Data Lifeguard Diagnostic for Windows
Definition update for Microsoft Office 2010 (KB982726)
Dell Support Center
Dell System Customization Wizard
DellSupport
Destinations
DeviceDiscovery
Digital Cable Advisor
Digital Line Detect
Digital Voice Editor 3
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DNA
DocMgr
DocProc
DolbyFiles
EasyBCD 1.7.2
EasyFLV FLV Converter Ver 7 build 0.0.1
erLT
EVEREST Ultimate Edition v5.50
Fax
FoxyTunes for Firefox
Games, Music, & Photos Launcher
GameSpy Arcade
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GMail Drive Shell Extension
Google Chrome
Google Desktop
Google Earth
Google Gears
Google Update Helper
Google Video Uploader
GPBaseService2
Guitar Hero III
H.264 Encoder 1.5
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 6500 E709 Series
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
Intel(R) TV Wizard
Internet TV for Windows Media Center
Ipswitch WS_FTP Pro
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
kuler
LAME v3.98.2 for Audacity
LG USB Modem driver
LimeWire 5.6.2
LiveUpdate 3.2 (Symantec Corporation)
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic Bullet Looks Studio
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
MarketResearch
MCEBuddy
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Facebook 32-bit
Microsoft Picture It! Photo Premium 9
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Xbox 360 Accessories 1.1
MKVtoolnix 4.2.0
MobileMe Control Panel
Motorola Driver Installation 3.2.0
Move Media Player
Movie Templates - Starter Kit
Mozilla Firefox (3.6.12)
Mozilla Thunderbird (3.1.4)
Mpeg2Decoder 1.3
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Lite 8.2.8.0
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NetWaiting
Network
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
PDF Settings CS4
PHOTOfunSTUDIO 5.0
Photoshop Camera Raw
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Video Driver
Pixel Bender Toolkit
PlayReady PC Runtime x86
proDAD Vitascene 1.0
Product Documentation Launcher
ProductContext
Quicken 2009
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Rhapsody Player Engine
Right PDF Printer 3.6 Server Edition
River Past Audio Converter Pro
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Word 2010 (KB2345000)
Shop for HP Supplies
Skype Toolbars
Skype™ 5.0
SmartWebPrinting
Snagit 9.1.3
SolutionCenter
Sonic Activation Module
SopCast 2.0.4
Sound Blaster Audigy ADVANCED MB
SoundTrax
Spyware Doctor 7.0
Status
Suite Shared Configuration CS4
SUPERAntiSpyware
Symantec AntiVirus
The Lord of the Rings FREE Trial
The Weather Channel Desktop 6
Tipard iPod to PC Transfer
Tony Hawks Pro Skater 4
Toolbox
TrayApp
Trillian
TVT7Diag
Uniblue RegistryBooster 2010
University of Miami Desktop Communicator
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
Update for Outlook 2007 Junk Email Filter (KB2443839)
URL Assistant
User's Guides
V CAST Music with Rhapsody
VC80CRTRedist - 8.0.50727.4053
Video Explosion 1.5
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.1.2
WD Diagnostics
WebReg
WebTrain Communicator
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Winamp Remote
Windows 7 Upgrade Advisor
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Mobile Device Center Driver Update
Windows Movie Maker 2.6
Windows Movie Maker 6.0
Xobni
Xobni Core
Xvid 1.2.2 final uninstall
Yahoo! Music Jukebox

==== Event Viewer Messages From Past Week ========

11/25/2010 7:28:08 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
11/25/2010 7:28:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL sptd
11/25/2010 7:27:31 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
11/25/2010 7:27:26 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
11/25/2010 7:26:51 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
11/25/2010 7:24:22 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
11/25/2010 6:26:05 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
11/25/2010 2:07:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/25/2010 12:39:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/19/2010 9:46:40 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

==== End Of File ===========================

Broni · Nov 25, 2010

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

msmall10 · Nov 25, 2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 530
Logical Drives Mask: 0x0000013c

Kernel Drivers (total 215):
0x83045000 \SystemRoot\system32\ntkrnlpa.exe
0x8300E000 \SystemRoot\system32\halmacpi.dll
0x80BB5000 \SystemRoot\system32\kdcom.dll
0x83639000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x836B1000 \SystemRoot\system32\PSHED.dll
0x836C2000 \SystemRoot\system32\BOOTVID.dll
0x836CA000 \SystemRoot\system32\CLFS.SYS
0x8370C000 \SystemRoot\system32\CI.dll
0x8B419000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B48A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B498000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B4E0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B4E9000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B51D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B525000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B530000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B55A000 \SystemRoot\System32\drivers\partmgr.sys
0x8B720000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8B746000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B756000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B7A1000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8B7A8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B7B6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B7BD000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B7D3000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B7DC000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B600000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B609000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B56B000 \SystemRoot\system32\drivers\PCTCore.sys
0x8B5A4000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B81E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B94D000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B978000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B98B000 \SystemRoot\System32\Drivers\cng.sys
0x8B9E8000 \SystemRoot\System32\drivers\pcw.sys
0x8B9F6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BA23000 \SystemRoot\system32\drivers\ndis.sys
0x8BADA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BB18000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC28000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD71000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BDA2000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BDE1000 \SystemRoot\System32\Drivers\spldr.sys
0x8BB3D000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BDE9000 \SystemRoot\System32\Drivers\mup.sys
0x8BC00000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BB6A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BC08000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BB9C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BA00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B61A000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x8BBE6000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x90167000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x901A0000 \SystemRoot\System32\Drivers\Null.SYS
0x901A7000 \SystemRoot\System32\Drivers\Beep.SYS
0x901AE000 \SystemRoot\System32\drivers\vga.sys
0x901BA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x901DB000 \SystemRoot\System32\drivers\watchdog.sys
0x901E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x901F0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x901F8000 \SystemRoot\system32\drivers\rdprefmp.sys
0x90000000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9000B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B663000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B66E000 \SystemRoot\system32\drivers\afd.sys
0x8B6C8000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BDF9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8B6FA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B5AE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B5BC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B5CF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x837B7000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x98621000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x98662000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9866C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x98676000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x986D4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x986F1000 \SystemRoot\System32\drivers\discache.sys
0x986FD000 \SystemRoot\System32\Drivers\dfsc.sys
0x98715000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x98723000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x98744000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x99A20000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x99F29000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x98756000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9878F000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x99FE0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9A23D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9A288000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9A297000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9A2B6000 \SystemRoot\system32\DRIVERS\atinavrr.sys
0x9A3BF000 \SystemRoot\system32\DRIVERS\ks.sys
0x9A3F3000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
0x9A3F7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9A3F9000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x9A200000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x9A025000 \SystemRoot\system32\drivers\hcw18bda.sys
0x9A085000 \SystemRoot\system32\DRIVERS\fdc.sys
0x9A090000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9A096000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9A0A3000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x9A0A4000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x9A0AA000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x9A0B8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9A0CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9A0E2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9A0ED000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9A10F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9A127000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9A13E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9A155000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9A162000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9A16F000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x9A18C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9A18E000 \SystemRoot\system32\DRIVERS\circlass.sys
0x9A19C000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0x9A1CA000 \SystemRoot\system32\DRIVERS\umbus.sys
0xA0E32000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA0E76000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x82019000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8223E000 \SystemRoot\system32\drivers\portcls.sys
0x8226D000 \SystemRoot\system32\drivers\drmk.sys
0x82580000 \SystemRoot\System32\win32k.sys
0x82286000 \SystemRoot\System32\drivers\Dxapi.sys
0x82290000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8229D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x822A8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x822B1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x822C2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x827E0000 \SystemRoot\System32\TSDDD.dll
0x82420000 \SystemRoot\System32\cdd.dll
0x822CD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x822E4000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x822EA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x822F5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x82308000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8230F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8231B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x82440000 \SystemRoot\System32\ATMFD.DLL
0x82326000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x82341000 \SystemRoot\System32\Drivers\nx6000.sys
0x8234B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8236F000 \SystemRoot\system32\drivers\usbaudio.sys
0x82383000 \SystemRoot\system32\DRIVERS\hidir.sys
0x82392000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x823A9000 \SystemRoot\system32\drivers\luafv.sys
0x823C4000 \SystemRoot\system32\drivers\WudfPf.sys
0x823DE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82000000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0E87000 \SystemRoot\system32\drivers\HTTP.sys
0xA0F0C000 \SystemRoot\system32\DRIVERS\bowser.sys
0x823EE000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0F25000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0F48000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0F83000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x82013000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0x82015000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xA0FB6000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0xBC61D000 \SystemRoot\system32\drivers\peauth.sys
0xBC6B4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xBC6BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xBC6DF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xBC6EC000 \SystemRoot\System32\DRIVERS\srv2.sys
0xBC73B000 \SystemRoot\System32\DRIVERS\srv.sys
0xBC7B4000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xBC7B9000 \SystemRoot\system32\drivers\tdtcp.sys
0xBC7C3000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xA0FC0000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x90019000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101120.002\NAVEX15.SYS
0xBC7E4000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101120.002\NAVENG.SYS
0xA0E00000 \SystemRoot\System32\Drivers\fastfat.SYS
0xBC7F8000 \??\C:\Windows\system32\drivers\mbam.sys
0xD50A8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xD50B1000 \??\C:\Users\MATTSM~1\AppData\Local\Temp\fxldypow.sys
0xD50C9000 \??\C:\Users\MATTSM~1\AppData\Local\Temp\mbr.sys
0x770F0000 \Windows\System32\ntdll.dll
0x48260000 \Windows\System32\smss.exe
0x77330000 \Windows\System32\apisetschema.dll
0x00FB0000 \Windows\System32\autochk.exe
0x76FB0000 \Windows\System32\urlmon.dll
0x77290000 \Windows\System32\clbcatq.dll
0x77250000 \Windows\System32\ws2_32.dll
0x76EB0000 \Windows\System32\wininet.dll
0x76E60000 \Windows\System32\gdi32.dll
0x76E10000 \Windows\System32\Wldap32.dll
0x76DB0000 \Windows\System32\shlwapi.dll
0x76D30000 \Windows\System32\comdlg32.dll
0x76C60000 \Windows\System32\user32.dll
0x77230000 \Windows\System32\imm32.dll
0x76A60000 \Windows\System32\iertutil.dll
0x769C0000 \Windows\System32\advapi32.dll
0x76910000 \Windows\System32\msvcrt.dll
0x76900000 \Windows\System32\psapi.dll
0x767A0000 \Windows\System32\ole32.dll
0x76780000 \Windows\System32\sechost.dll
0x766B0000 \Windows\System32\msctf.dll
0x766A0000 \Windows\System32\lpk.dll
0x765F0000 \Windows\System32\rpcrt4.dll
0x765C0000 \Windows\System32\imagehlp.dll
0x765B0000 \Windows\System32\normaliz.dll
0x76550000 \Windows\System32\difxapi.dll
0x764C0000 \Windows\System32\oleaut32.dll
0x763E0000 \Windows\System32\kernel32.dll
0x76240000 \Windows\System32\setupapi.dll
0x76230000 \Windows\System32\nsi.dll
0x76190000 \Windows\System32\usp10.dll
0x75540000 \Windows\System32\shell32.dll
0x75420000 \Windows\System32\crypt32.dll
0x753F0000 \Windows\System32\wintrust.dll
0x753A0000 \Windows\System32\KernelBase.dll
0x75370000 \Windows\System32\cfgmgr32.dll
0x752E0000 \Windows\System32\comctl32.dll
0x752C0000 \Windows\System32\devobj.dll
0x752B0000 \Windows\System32\msasn1.dll

Processes (total 114):
0 System Idle Process
4 System
248 C:\Windows\System32\smss.exe
428 csrss.exe
480 csrss.exe
488 C:\Windows\System32\wininit.exe
544 C:\Windows\System32\winlogon.exe
572 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\atiesrxx.exe
936 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\audiodg.exe
1176 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\atieclxx.exe
1356 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\spoolsv.exe
1540 C:\Windows\System32\taskeng.exe
1552 C:\Windows\System32\svchost.exe
1668 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
1692 C:\Windows\System32\rundll32.exe
1700 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1732 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
1772 C:\Program Files\Bonjour\mDNSResponder.exe
1792 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
1828 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1860 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1896 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
1936 C:\Windows\System32\CTSVCCDA.EXE
1988 C:\Program Files\Symantec AntiVirus\DefWatch.exe
2024 C:\Windows\System32\svchost.exe
276 C:\Windows\System32\svchost.exe
436 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
656 C:\Program Files\LogMeIn\x86\ramaint.exe
780 C:\Program Files\LogMeIn\x86\LogMeIn.exe
1572 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1268 C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe
1364 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
1948 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2060 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2124 C:\Windows\System32\svchost.exe
2176 C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
2240 C:\Windows\System32\svchost.exe
2348 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2620 C:\Program Files\Spyware Doctor\pctsAuxs.exe
2680 C:\Program Files\Spyware Doctor\pctsSvc.exe
2740 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2776 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2812 C:\Windows\System32\svchost.exe
2860 C:\Program Files\AnywhereTS\srv\srvstart.exe
2924 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2964 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3004 C:\Program Files\Xobni\XobniService.exe
3056 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3200 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
3224 C:\Program Files\AnywhereTS\srv\tftpd32.exe
3988 C:\Windows\System32\svchost.exe
4104 C:\Windows\System32\svchost.exe
4696 C:\Program Files\LogMeIn\x86\LogMeIn.exe
5088 C:\Windows\System32\taskhost.exe
5172 C:\Windows\System32\dwm.exe
5240 C:\Program Files\Spyware Doctor\pctsTray.exe
5308 C:\Windows\explorer.exe
5576 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
5700 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
6052 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
6072 C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
4232 C:\Windows\System32\SearchIndexer.exe
4392 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
2364 C:\Program Files\Symantec AntiVirus\VPTray.exe
4476 C:\Program Files\iTunes\iTunesHelper.exe
4612 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
4512 C:\Program Files\LimeWire\LimeWire.exe
5096 C:\Windows\System32\hkcmd.exe
5252 C:\Windows\System32\igfxpers.exe
2724 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3092 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3176 C:\Windows\System32\igfxsrvc.exe
5440 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
5708 C:\Program Files\Windows Media Player\wmpnetwk.exe
1320 C:\Users\matt small\Program Files\DNA\btdna.exe
2056 C:\Program Files\DellSupport\DSAgnt.exe
3160 C:\Program Files\Windows Sidebar\sidebar.exe
2844 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3360 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
932 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
4324 C:\Program Files\iPod\bin\iPodService.exe
4320 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
628 C:\Users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
6104 WmiPrvSE.exe
6728 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
7052 C:\Windows\System32\svchost.exe
7592 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
8164 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
6480 dllhost.exe
6824 C:\Windows\System32\dllhost.exe
6788 C:\Windows\System32\svchost.exe
3272 C:\Windows\System32\svchost.exe
4780 C:\Program Files\Mozilla Firefox\firefox.exe
6588 C:\Program Files\Mozilla Firefox\plugin-container.exe
2000 C:\Program Files\Trillian\trillian.exe
5340 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
8140 C:\Program Files\Skype\Phone\Skype.exe
7700 C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2408 C:\Program Files\Skype\Plugin Manager\skypePM.exe
7692 C:\Windows\System32\SearchFilterHost.exe
6364 C:\Windows\System32\taskeng.exe
7716 C:\Windows\System32\SearchProtocolHost.exe
7416 C:\Users\matt small\Downloads\MBRCheck.exe
7892 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000002`83700000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`03700000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\I: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: SAMSUNGHD321KJ, Rev: CP100-11
PhysicalDrive0 Model Number: WDCWD10EADS-00L5B1, Rev: 01.01A01
PhysicalDrive2 Model Number: WD2500JB External, Rev: 0602

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
232 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: CE7DBBBEE43059700485C7835F4E1ED6D2FADB1C

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

msmall10 · Nov 25, 2010

slight problem with comboFix... im working on it remotely (im at school and the computer is at home) so I can't run it without the internet connection. Is there another way or should I just wait until i can work on the computer directly.

Broni · Nov 25, 2010

I'd definitely wait until you got there.

TechSpot

[Inactive] Search Engine redirect problem

msmall10 Newcomer, in training

Broni Malware Annihilator

msmall10 Newcomer, in training

msmall10 Newcomer, in training

Broni Malware Annihilator

msmall10 Newcomer, in training

msmall10 Newcomer, in training

Broni Malware Annihilator