Solved Re-Direct Virus (Plomedia, etc) Completed all scans, logs attached

[Broni]

You can download Java with Firefox, if this is what you need.

 

[MarkZaff]

Fixed

Got the problem with Java resolved using windows remover then coplete reinstall. Have not resolved the real problem of why this is the only maching I cannot load the listing database.

The search continues

MZ

 

[MarkZaff]

It's BAAAACK!!!! :-(

Can you believe it?!?!

Must have slipped through during all the troubleshooting of my other problem.

Where shall we start?

MZ

 

[Broni]

Good news, but start what exactly?

 

[MarkZaff]

Redirect is back

Restart the whole process from Saturday? Should we start a new thread or continue here? I am running the preliminaries now.

MZ

 

[Broni]

Do you mean the infection is back?

 

[MarkZaff]

Exactly

Yes....another infection. This one behaves a little differently with pop-ups too

 

[Broni]

Re-run all preliminaries, post all logs.

 

[MarkZaff]

GMER crashes with BSOD a few min into scan. Doesn't stay on screen long enough to catch error code. Something about a page when no page present

 

[MarkZaff]

AVG

"Scan ""Scan specific files or folders"" completed."
"Warnings";"2";"2";"0"
"Folders selected for scanning:";"C:\;"
"Scan started:";"Tuesday, March 15, 2011, 3:22:53 PM"
"Scan finished:";"Tuesday, March 15, 2011, 5:11:13 PM (1 hour(s) 48 minute(s) 20 second(s))"
"Total object scanned:";"263940"
"User who launched the scan:";"Andreita"

"Warnings"
"File";"Infection";"Result"
"C:\Users\Andreita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I82FDNQW\fjdtwin[1].exe";"Corrupted executable file";"Moved to Virus Vault"
"C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportLocalized.dll";"Corrupted executable file";"Moved to Virus Vault"


Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.org

Database version: 6067

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/15/2011 3:19:44 PM
mbam-log-2011-03-15 (15-19-43).txt

Scan type: Quick scan
Objects scanned: 158129
Time elapsed: 26 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[MarkZaff]

TFC

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Andreita
->Temp folder emptied: 264732 bytes
->Temporary Internet Files folder emptied: 3186417 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 302 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 5300173 bytes
Process complete!

Total Files Cleaned = 8.00 mb

 

[MarkZaff]

GMER Crashes:

BSOD

\device\harddiskvolumeshadowcopy1
kwldquog.sys
PAGE_FAULT_IN_NONPAGED_AREA

Code ABB93EED

 

[Broni]

Skip GMER for now.

 

[MarkZaff]

DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Andreita at 12:52:20.05 on Wed 03/16/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.327 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\lxddcoms.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Andreita\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andreita\Desktop\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearch Bar = Preserve
uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: mlxchange.com\sef
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/FileCruiser.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Agatha%20Christie/Images/stg_drm.ocx
DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/Specfile.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/MLSClientUtils.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/LiteGrid.cab
DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/IRCWebPrint.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/WebDog.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/AspCustomCtrls.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://fdl.msn.com/public/chat/msnchat45.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-3-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-3-15 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-3-15 243024]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2007-8-13 13560]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-8-12 46592]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-3-15 308136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-30 21504]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-15 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
.
=============== Created Last 30 ================
.
2011-03-15 19:46:30 -------- d--h--w- C:\$AVG
2011-03-15 18:49:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 18:49:55 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-15 18:49:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 18:49:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 15:49:22 -------- d-----w- c:\progra~2\App4rTemp
2011-03-15 15:41:56 -------- d-----w- c:\windows\en
2011-03-15 15:41:36 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-15 15:36:24 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-15 15:18:40 15712 ----a-w- c:\program files\common files\windows live\.cache\438545691cbe32410\MeshBetaRemover.exe
2011-03-15 15:18:38 469256 ----a-w- c:\program files\common files\windows live\.cache\3f9d83e91cbe3240f\InstallManager_WLE_WLE.exe
2011-03-15 15:17:28 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-15 15:17:28 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-15 15:17:22 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-15 15:17:00 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-15 15:14:23 94040 ----a-w- c:\program files\common files\windows live\.cache\a9e729091cbe32309\DSETUP.dll
2011-03-15 15:14:23 525656 ----a-w- c:\program files\common files\windows live\.cache\a9e729091cbe32309\DXSETUP.exe
2011-03-15 15:14:23 1691480 ----a-w- c:\program files\common files\windows live\.cache\a9e729091cbe32309\dsetup32.dll
2011-03-15 15:13:55 94040 ----a-w- c:\program files\common files\windows live\.cache\9795d4491cbe32307\DSETUP.dll
2011-03-15 15:13:55 525656 ----a-w- c:\program files\common files\windows live\.cache\9795d4491cbe32307\DXSETUP.exe
2011-03-15 15:13:55 1691480 ----a-w- c:\program files\common files\windows live\.cache\9795d4491cbe32307\dsetup32.dll
2011-03-15 14:58:46 -------- d-----w- c:\users\andreita\appdata\roaming\Lexmark Productivity Studio
2011-03-15 14:53:43 -------- d-----w- c:\program files\Lx_cats
2011-03-15 14:53:02 -------- d-----w- C:\logs
2011-03-15 14:52:33 103936 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdddrpp.dll
2011-03-15 14:47:13 -------- d-----w- c:\program files\Lexmark Toolbar
2011-03-15 14:47:05 -------- d-----w- c:\program files\Lexmark 2500 Series
2011-03-15 14:44:08 -------- d-----w- C:\drivers
2011-03-15 14:08:01 -------- d-----w- c:\program files\Windows Portable Devices
2011-03-15 13:42:44 -------- d-----w- c:\users\andreita\appdata\local\Windows Live
2011-03-15 13:38:46 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-15 13:36:31 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-03-15 13:36:30 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-15 13:36:30 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-15 13:35:29 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-15 13:35:27 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-15 13:35:27 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-15 13:35:27 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-15 13:35:27 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-15 13:35:27 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-15 13:35:26 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-15 13:31:46 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-15 13:31:44 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-15 13:31:44 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-15 05:55:28 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-03-15 05:55:24 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-03-15 05:55:05 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-03-15 05:54:49 -------- d-----w- c:\windows\system32\drivers\Avg
2011-03-15 05:51:17 -------- d-----w- c:\program files\AVG
2011-03-15 05:50:52 -------- d-----w- c:\progra~2\avg9
2011-03-15 02:59:10 3584 ----a-r- c:\users\andreita\appdata\roaming\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2011-03-15 02:59:10 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-03-15 01:17:52 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2011-03-14 23:00:54 -------- d-----w- c:\windows\system32\eu-ES
2011-03-14 23:00:54 -------- d-----w- c:\windows\system32\ca-ES
2011-03-14 23:00:43 -------- d-----w- c:\windows\system32\vi-VN
2011-03-14 21:43:44 -------- d-----w- c:\windows\system32\EventProviders
2011-03-14 21:41:15 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-03-14 21:41:10 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-03-14 21:41:10 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-03-14 21:41:07 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-03-14 21:41:07 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-03-14 21:41:05 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-03-14 21:41:01 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-03-14 21:39:59 1985024 ----a-w- c:\windows\system32\authui.dll
2011-03-14 21:38:59 92918 ----a-w- c:\windows\system32\slmgr.vbs
2011-03-14 21:37:59 75264 ----a-w- c:\windows\system32\dot3msm.dll
2011-03-14 21:36:57 17408 ----a-w- c:\windows\system32\vdmdbg.dll
2011-03-14 21:35:56 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-03-14 21:35:54 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-14 21:35:27 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-03-14 20:15:51 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-14 20:15:30 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-14 20:15:30 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-14 20:15:30 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-14 20:15:30 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-14 20:15:24 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-14 20:15:24 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-03-14 20:15:24 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-14 19:18:03 -------- d-----w- c:\program files\VS Revo Group
2011-03-14 18:30:50 -------- d--h--w- c:\progra~2\Common Files
2011-03-14 16:14:41 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-03-14 03:50:44 -------- d-----w- c:\program files\IObit
2011-03-13 22:29:35 -------- d-----w- C:\_OTL(19)
2011-03-13 20:04:27 -------- d-----w- c:\users\andreita\appdata\local\NOS
2011-03-13 17:26:38 -------- d-----w- c:\program files\ESET
2011-03-13 16:51:51 -------- d-----w- C:\_OTL
2011-03-13 03:30:49 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{13f85aa5-c7ef-41f1-a332-c1415cf23048}\mpengine.dll
2011-03-13 02:43:31 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-13 02:43:18 -------- d-----w- c:\users\andreita\appdata\local\temp
2011-03-13 02:11:08 89088 ----a-w- c:\windows\MBR.exe
2011-03-13 02:11:08 256512 ----a-w- c:\windows\PEV.exe
2011-03-13 02:11:08 161792 ----a-w- c:\windows\SWREG.exe
2011-03-13 02:11:07 98816 ----a-w- c:\windows\sed.exe
2011-03-05 21:01:17 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-05 21:01:02 40448 ----a-w- c:\windows\system32\winrs.exe
2011-03-05 21:01:02 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-03-05 21:01:02 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-03-05 21:01:00 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-03-05 21:01:00 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-03-05 04:52:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-05 04:51:52 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-03-05 01:39:35 -------- d-----w- c:\users\andreita\appdata\roaming\AVG9
2011-03-02 14:28:26 -------- d-----w- c:\users\andreita\appdata\local\offsync
2011-03-02 14:23:23 -------- d-----w- c:\users\andreita\appdata\local\Starfield
2011-02-25 14:24:30 73728 ----a-w- c:\windows\system32\APISlice_AVG_RESTORED.dll
2011-02-25 14:24:29 73728 ----a-w- c:\windows\system32\APISlice.dll
2011-02-24 23:37:28 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-02-24 22:49:07 -------- d-----w- c:\users\andreita\appdata\roaming\Malwarebytes
.
==================== Find3M ====================
.
2011-03-15 03:23:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-10 02:45:46 1409 ----a-w- c:\windows\QTFont.for
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2007-11-13 19:47:02 4364800 ----a-w- c:\program files\openofficeorg23.msi
2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
.
============= FINISH: 12:57:12.57 ===============



ATTACH.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/25/2007 8:08:54 AM
System Uptime: 3/16/2011 11:56:08 AM (1 hours ago)
.
Motherboard: Acer, Inc. | | Nestos
Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | U2E1 | 1467/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 14.889 GiB free.
D: is FIXED (NTFS) - 69 GiB total, 68.325 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011D1025&REV_02\4&3B390CB8&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011D1025&REV_02\4&3B390CB8&0&00E2
Service: b57nd60x
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
AAC Decoder
Acer Arcade Deluxe
Acer Assist
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acer Tour
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.1
Agere Systems HDA Modem
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG Free 9.0
Broadcom Gigabit Integrated Controller
Compatibility Pack for the 2007 Office system
D3DX10
DivX Codec
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
doPDF 5.3 printer
ESET Online Scanner v3
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Launch Manager
Lexmark 2500 Series
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
MKV Splitter
Move Networks Media Player for Internet Explorer
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
Picasa 3
PowerProducer 3.72
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.91
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Skype™ 5.0
Spelling Dictionaries Support For Adobe Reader 8
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
Winbond CIR Drivers
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

 

[Broni]

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

==================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

• Link 1 (.exe file)
  Link 2 (zipped file)
  Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

• Double-click on RKUnhookerLE.exe to start the program.
  Vista/Windows 7 users right-click and select Run As Administrator.
• Click the Report tab, then click Scan.
• Check Drivers, Stealth, and uncheck the rest.
• Click OK.
• Wait until it's finished and then go to File > Save Report.
• Save the report to your Desktop.
• Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

 

[MarkZaff]

MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 4720Z
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 156):
0x82402000 \SystemRoot\system32\ntkrnlpa.exe
0x827BC000 \SystemRoot\system32\hal.dll
0x8060B000 \SystemRoot\system32\kdcom.dll
0x8060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067E000 \SystemRoot\system32\PSHED.dll
0x8068F000 \SystemRoot\system32\BOOTVID.dll
0x80697000 \SystemRoot\system32\CLFS.SYS
0x806D8000 \SystemRoot\system32\CI.dll
0x82A08000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A84000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A91000 \SystemRoot\system32\drivers\acpi.sys
0x82AD7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82AE0000 \SystemRoot\system32\drivers\msisadrv.sys
0x82AE8000 \SystemRoot\system32\drivers\pci.sys
0x82B0F000 \SystemRoot\System32\drivers\partmgr.sys
0x82B1E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82B21000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82B2B000 \SystemRoot\system32\drivers\volmgr.sys
0x82B3A000 \SystemRoot\System32\drivers\volmgrx.sys
0x82B84000 \SystemRoot\system32\drivers\intelide.sys
0x82B8B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B99000 \SystemRoot\System32\drivers\mountmgr.sys
0x82C06000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82CCD000 \SystemRoot\system32\drivers\atapi.sys
0x82CD5000 \SystemRoot\system32\drivers\ataport.SYS
0x82CF3000 \SystemRoot\system32\drivers\fltmgr.sys
0x82D25000 \SystemRoot\system32\drivers\fileinfo.sys
0x82D35000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x82D3E000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82D47000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E06000 \SystemRoot\system32\drivers\ndis.sys
0x82F11000 \SystemRoot\system32\drivers\msrpc.sys
0x82F3C000 \SystemRoot\system32\drivers\NETIO.SYS
0x86A03000 \SystemRoot\System32\drivers\tcpip.sys
0x86AED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86C0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86D1C000 \SystemRoot\system32\drivers\volsnap.sys
0x86D55000 \SystemRoot\System32\Drivers\spldr.sys
0x86D5D000 \SystemRoot\system32\drivers\psdvdisk.sys
0x86D6F000 \SystemRoot\system32\drivers\PSDNServ.sys
0x86D78000 \SystemRoot\System32\Drivers\mup.sys
0x86D87000 \SystemRoot\System32\drivers\ecache.sys
0x86DAE000 \SystemRoot\system32\drivers\disk.sys
0x86DBF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x86DE0000 \SystemRoot\system32\drivers\crcdisk.sys
0x86C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86DE9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86B08000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B209000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B8C4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B964000 \SystemRoot\System32\drivers\watchdog.sys
0x8B970000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B97B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B9B9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x86B17000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BA0D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8BABE000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BACE000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BADC000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8BAF6000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BB05000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8BB19000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8BB6A000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8BB7F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8BB92000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8BB9C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BBA7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8BBD2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BBD4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BBDF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BBF7000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8BBF9000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8BA04000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B9C8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x86BA4000 \SystemRoot\system32\DRIVERS\storport.sys
0x86DF2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x86BE5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x82F77000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x82F82000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82FA5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82FB4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82FC8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x82FDD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B9F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x82DB8000 \SystemRoot\system32\DRIVERS\ks.sys
0x82FED000 \SystemRoot\system32\DRIVERS\circlass.sys
0x82DE2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x82DEC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x82BA9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x82BDE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C00A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C1BC000 \SystemRoot\system32\drivers\portcls.sys
0x807B8000 \SystemRoot\system32\drivers\drmk.sys
0x8C203000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8C320000 \SystemRoot\system32\drivers\modem.sys
0x8C32D000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8C338000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8C348000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C34F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C358000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8C360000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C369000 \SystemRoot\System32\Drivers\Null.SYS
0x8C370000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C377000 \SystemRoot\System32\drivers\vga.sys
0x8C383000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C3A4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C3AC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C3B4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C3BF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C3CD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C3D6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C3EC000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CA09000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8CA43000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CA75000 \SystemRoot\system32\drivers\afd.sys
0x8CABD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CAD3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CAE1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CAF4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CB30000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CB3A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CB51000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8CB57000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8D203000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8D3AA000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8D3B7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x95AE0000 \SystemRoot\System32\win32k.sys
0x8D3CB000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D3D5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95D00000 \SystemRoot\System32\TSDDD.dll
0x95D20000 \SystemRoot\System32\cdd.dll
0x8D3E4000 \SystemRoot\system32\drivers\luafv.sys
0x8CB8B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8CB9B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8CBC5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8CBCF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA40C000 \SystemRoot\system32\drivers\spsys.sys
0xAA4BC000 \SystemRoot\system32\drivers\HTTP.sys
0xAA529000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAA546000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAA55F000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAA574000 \SystemRoot\system32\drivers\mrxdav.sys
0xAA595000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA5B4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8CBE2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC003000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC02B000 \SystemRoot\System32\DRIVERS\srv.sys
0xAC091000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAC0A7000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xAC0B8000 \SystemRoot\system32\drivers\peauth.sys
0xAC196000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAC1A0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAC1AC000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
0xAC1AE000 \??\C:\Users\Andreita\AppData\Local\Temp\mbr.sys
0x776A0000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
556 csrss.exe
624 C:\Windows\System32\wininit.exe
636 csrss.exe
644 C:\Program Files\AVG\AVG9\avgchsvx.exe
652 C:\Program Files\AVG\AVG9\avgrsx.exe
712 C:\Windows\System32\services.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
768 C:\Program Files\AVG\AVG9\avgcsrvx.exe
848 C:\Windows\System32\winlogon.exe
1092 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\audiodg.exe
1424 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\SLsvc.exe
1512 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\svchost.exe
2040 C:\Windows\System32\spoolsv.exe
300 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\agrsmsvc.exe
1244 C:\Acer\ALaunch\ALaunchSvc.exe
1572 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1608 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1632 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
1948 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
1776 C:\Acer\Empowering Technology\eNet\eNet Service.exe
2208 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2216 C:\Windows\System32\taskeng.exe
2232 C:\Windows\System32\dwm.exe
2284 C:\Windows\explorer.exe
2348 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2468 C:\Program Files\AVG\AVG9\avgnsx.exe
2568 C:\Windows\System32\lxddcoms.exe
2632 C:\Acer\Mobility Center\MobilityService.exe
2784 C:\Windows\System32\svchost.exe
2796 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2920 C:\Windows\System32\svchost.exe
2964 C:\Windows\System32\svchost.exe
3016 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3096 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
3144 C:\Windows\System32\SearchIndexer.exe
3208 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3284 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3348 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3380 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3404 C:\Windows\RtHDVCpl.exe
3412 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3428 C:\Program Files\Launch Manager\QtZgAcer.EXE
3440 C:\Acer\Empowering Technology\eAudio\eAudio.exe
3488 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3500 C:\Program Files\AVG\AVG9\avgtray.exe
3516 C:\Windows\System32\igfxtray.exe
3540 WmiPrvSE.exe
3548 C:\Windows\System32\hkcmd.exe
3580 C:\Windows\System32\igfxpers.exe
3800 C:\Program Files\Lexmark 2500 Series\lxddamon.exe
3856 C:\Windows\ehome\ehtray.exe
4056 unsecapp.exe
3068 C:\Windows\System32\igfxsrvc.exe
3632 C:\Windows\ehome\ehmsas.exe
3892 C:\Windows\System32\wbem\unsecapp.exe
2260 C:\Users\Andreita\AppData\Local\temp\RtkBtMnt.exe
3816 C:\Windows\System32\igfxext.exe
4396 C:\Windows\System32\taskeng.exe
4484 C:\Windows\System32\svchost.exe
4676 C:\Program Files\Internet Explorer\iexplore.exe
4428 C:\Program Files\Internet Explorer\iexplore.exe
3752 C:\Windows\System32\SearchProtocolHost.exe
5412 C:\Windows\System32\SearchFilterHost.exe
5152 C:\Program Files\Internet Explorer\iexplore.exe
5172 taskeng.exe
5616 RacAgent.exe
5392 C:\Users\Andreita\Desktop\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`eda00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`1f200000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: EF8BDDFCE3316153C12FED7A663D8468DEEA06D0


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[MarkZaff]

RkU
Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8B209000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7057408 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82402000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82402000 PnpManager 3907584 bytes
0x82402000 RAW 3907584 bytes
0x82402000 WMIxWDM 3907584 bytes
0x95AE0000 Win32k 2109440 bytes
0x95AE0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C00A000 C:\Windows\system32\drivers\RTKVHDA.sys 1777664 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x8D203000 C:\Windows\system32\DRIVERS\snp2uvc.sys 1732608 bytes (-, USB2.0 PC Camera driver)
0x8C203000 C:\Windows\system32\DRIVERS\AGRSM.sys 1167360 bytes (Agere Systems, SoftModem Device Driver)
0x86C0C000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82E06000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x86A03000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806D8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAC0B8000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x82C06000 C:\Windows\system32\DRIVERS\iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8BA0D000 C:\Windows\system32\DRIVERS\athr.sys 724992 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0xAA40C000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8B8C4000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x86B17000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x82A08000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82D47000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8060E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAA4BC000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8BB19000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xAC02B000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x82B3A000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8CA75000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x82A91000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80697000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x86BA4000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8B97B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CAF4000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82F3C000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8CA09000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xAA5B4000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x86D1C000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x82BA9000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8CB57000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x827BC000 ACPI_HAL 208896 bytes
0x827BC000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82CF3000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8CA43000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B9C8000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8C1BC000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82F11000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8BBA7000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x82DB8000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8CB9B000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAC003000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x86D87000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x82AE8000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x807B8000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x82F82000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x86DBF000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAA574000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8C383000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAA595000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82CD5000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAA529000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x86AED000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D3E4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8BADC000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xAA546000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8BBDF000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8CBE2000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8CB3A000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x86BE5000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xAC091000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8CABD000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8C3D6000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAA55F000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x82FC8000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8BB6A000 C:\Windows\system32\DRIVERS\winbondcir.sys 86016 bytes (Winbond Electronics Corporation, Winbond MCE CIR Port Driver)
0x82FB4000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8BB05000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8C3EC000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8BB7F000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8CBCF000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8CAE1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x86D5D000 C:\Windows\system32\drivers\psdvdisk.sys 73728 bytes (HiTRUST, PSD Virtual Disk Driver)
0x86DAE000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0xAC0A7000 C:\Acer\Empowering Technology\eRecovery\int15.sys 69632 bytes
0x82BDE000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8067E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82D25000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8C338000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8CB8B000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82B99000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8BABE000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x82FDD000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x86B08000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8D3D5000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x86D78000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82B0F000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x82FA5000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8BAF6000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8B9B9000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82B2B000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8BACE000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x95D20000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x82FED000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x8CAD3000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C3BF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82B8B000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C320000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8D3AA000 C:\Windows\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x82DEC000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x82A84000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAC1A0000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C377000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B964000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8C32D000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8BB9C000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BBD4000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8C3B4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x82F77000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x86DF2000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x86C00000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8B970000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x82B21000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8BB92000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x8D3CB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x82DE2000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8CBC5000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8CB30000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAC196000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x86DE0000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8C360000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8C34F000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xAC1B5000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82D35000 C:\Windows\system32\DRIVERS\psdfilter.sys 36864 bytes (HiTRUST, PSD Filter Driver)
0x86D6F000 C:\Windows\system32\drivers\PSDNServ.sys 36864 bytes (HiTRUST, PSD Named Pipe Driver)
0x82D3E000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8C3CD000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x95D00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x86DE9000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8BA04000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x82AD7000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82CCD000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8068F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C358000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x82AE0000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C3A4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C3AC000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x86D55000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C370000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8BBF9000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0x8C348000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x82B84000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xAC1AE000 C:\Users\Andreita\AppData\Local\Temp\mbr.sys 28672 bytes
0x8C369000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8D3B7000 C:\Windows\system32\DRIVERS\sncduvc.SYS 28672 bytes (Microsoft Corporation, Universal Serial Bus Camera Driver)
0x8CB51000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8BA00000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8060B000 00000032 12288 bytes
0x82B1E000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8060B000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAC1AC000 C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 8192 bytes (Cyberlink Corp., FCL Driver)
0x8BBF7000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x8B9F7000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8BBD2000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x008F0000 Hidden Image-->eLock.Serv.Library.dll [ EPROCESS 0x85C144D0 ] PID: 1948, 110592 bytes
0x00A90000 Hidden Image-->esettings.model.computer.dll [ EPROCESS 0x85DDD4F0 ] PID: 3348, 126976 bytes
0x00AF0000 Hidden Image-->log4net.dll [ EPROCESS 0x85DDD4F0 ] PID: 3348, 282624 bytes
0x008E0000 Hidden Image-->eLock.Serv.Interface.dll [ EPROCESS 0x85C144D0 ] PID: 1948, 28672 bytes
0x00840000 Hidden Image-->IERYETF.dll [ EPROCESS 0x85E27B00 ] PID: 3284, 28672 bytes
0x00830000 Hidden Image-->ServiceInterface.dll [ EPROCESS 0x85E27B00 ] PID: 3284, 28672 bytes
0x01AE0000 Hidden Image-->App4R.DevMons.ScanDevMon.dll [ EPROCESS 0x85E29D90 ] PID: 3800, 28672 bytes
0x01AD0000 Hidden Image-->App4R.DevMons.NetworkCardDevMon.dll [ EPROCESS 0x85E29D90 ] PID: 3800, 28672 bytes
0x00A30000 Hidden Image-->App4R.Monitor.Common.dll [ EPROCESS 0x85E29D90 ] PID: 3800, 36864 bytes
0x00C60000 Hidden Image-->alaunchinterface.dll [ EPROCESS 0x85BCB660 ] PID: 1244, 45056 bytes
0x00A20000 Hidden Image-->eNetServiceInterface.dll [ EPROCESS 0x85C26218 ] PID: 1776, 45056 bytes
0x01B50000 Hidden Image-->MobilityInterface.dll [ EPROCESS 0x85D2EB30 ] PID: 2632, 45056 bytes
0x008E0000 Hidden Image-->WMIInterface.dll [ EPROCESS 0x85D38D90 ] PID: 3096, 45056 bytes
0x00B40000 Hidden Image-->esettings.model.computerinterfaces.dll [ EPROCESS 0x85DDD4F0 ] PID: 3348, 45056 bytes
0x00CD0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x85BCB660 ] PID: 1244, 507904 bytes
0x01960000 Hidden Image-->msvcm80.dll [ EPROCESS 0x85C26218 ] PID: 1776, 507904 bytes
0x03E30000 Hidden Image-->msvcm80.dll [ EPROCESS 0x85D2EB30 ] PID: 2632, 507904 bytes
0x043D0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x85D38D90 ] PID: 3096, 507904 bytes
0x00A10000 Hidden Image-->App4R.Monitor.Core.dll [ EPROCESS 0x85E29D90 ] PID: 3800, 53248 bytes
0x01AA0000 Hidden Image-->App4R.DevMons.MCMDevMon.dll [ EPROCESS 0x85E29D90 ] PID: 3800, 69632 bytes
0x008C0000 Hidden Image-->eLock.Serv.Main.dll [ EPROCESS 0x85C144D0 ] PID: 1948, 77824 bytes

 

[Broni]

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[MarkZaff]

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`eda00000
Boot sector MD5 is: 94cb13060aea6dd01e006978d03c0f04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[MarkZaff]

ComboFix FAILED to run due to remnants of AVG that I could not find/et ride of in spite of multiple runs of AppRemover in std and SAFE modes


RKILL

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/16/2011 at 22:26:13.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\System32\grpconv.exe


Rkill completed on 03/16/2011 at 22:26:18.

 

[Broni]

Does it just warn you about AVG leftovers, or it refuses to run at all?

 

[MarkZaff]

Warns then says dangerous to procede then shuts down the operation when you click OK...there is no option to bypass

 

[Broni]

Try Safe Mode.

 

[MarkZaff]

SAFE mode tried. Also tried the "Fix failed uninstalls" on AppRemover (It does not detect anything of AVG). Also ran Revo Uninstaller for grins but it didn't see AVG either