1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Search Engine redirect problem

By msmall10 · 7 replies
Nov 25, 2010
  1. For about 2 weeks, I've had the google (and other search engine) redirect virus/ trojan. I have malwarebytes, spyware doctor, superanti spyware and symantec, but none of them are picking it up. I also tried using TFC and GMER, but they came up with nothing. Let me know what logs and other info i need to post so i can finally get rid of this. Thanks.
  2. Broni

    Broni Malware Annihilator Posts: 53,860   +370

    Welcome aboard [​IMG]

    Please, complete all steps listed here: https://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    Through 3 steps... Here's the Malwarebytes log:
    Malwarebytes' Anti-Malware 1.46

    Database version: 5189

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/25/2010 7:45:34 PM
    mbam-log-2010-11-25 (19-45-34).txt

    Scan type: Quick scan
    Objects scanned: 166833
    Time elapsed: 13 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  4. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    GMER - http://www.gmer.net
    Rootkit quick scan 2010-11-25 19:48:35
    Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD321KJ rev.CP100-11
    Running: p5429gd1.exe; Driver: C:\Users\MATTSM~1\AppData\Local\Temp\fxldypow.sys

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-11-26.01) - NTFSx86
    Run by matt small at 19:49:49.52 on Thu 11/25/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3061.1420 [GMT -5:00]

    AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\AnywhereTS\srv\srvstart.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Xobni\XobniService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\AnywhereTS\srv\tftpd32.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Google\Update\\GoogleCrashHandler.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\matt small\Program Files\DNA\btdna.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Users\matt small\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYATQA9N\dds[1].scr

    ============== Pseudo HJT Report ===============

    uStart Page = https://secure.logmein.com/login.asp
    uWindow Title = Internet Explorer provided by Dell
    mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070927
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\\gears.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [BitTorrent DNA] "c:\users\matt small\program files\dna\btdna.exe"
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [dscactivate] c:\dell\dsca.exe 3
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
    mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    StartupFolder: c:\users\mattsm~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    StartupFolder: c:\users\mattsm~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mlbtvn~1.lnk - c:\users\matt small\appdata\local\autobahn\mlb-nexdef-autobahn.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
    uPolicies-explorer: NoThumbnailCache = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: webattend.com
    Trusted Zone: webtrain.com
    DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {21C6245C-9408-11D7-BF3B-00E09876DF26} - hxxp://www.webattend.com/components/wt0523.cab
    DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=cce877c8fbf127563&browserVersion=8.0
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
    DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: acaptuser32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\mattsm~1\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\
    FF - prefs.js: browser.startup.homepage - hxxp://facebook.com
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - component: c:\users\matt small\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\matt small\appdata\roaming\move networks\plugins\npqmp071500000347.dll
    FF - plugin: c:\users\matt small\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\users\matt small\appdata\roaming\move networks\plugins\npqmp071705000014.dll
    FF - plugin: c:\users\matt small\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
    FF - plugin: c:\users\matt small\appdata\roaming\mozilla\firefox\profiles\420w6fuk.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\users\matt small\program files\dna\plugins\npbtdna.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-24 218592]
    R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2008-12-19 81920]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-6 176128]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-11-24 112592]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-9-29 47640]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-23 304464]
    R2 MCEBuddy;MCEBuddy Service;c:\program files\tyrell\mcebuddy\MCEBuddySvc.exe [2010-1-24 20480]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-24 366840]
    R2 sdcoreservice;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-24 1142224]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
    R2 TS_TFTP;TS TFTP;c:\program files\anywherets\srv\srvstart.exe [2007-10-29 36864]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-21 24652]
    R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-10-12 46824]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
    R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-5-28 391296]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-23 20952]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-29 30576]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9e2c2e102d9f;Google Update Service (gupdate1c9e2c2e102d9f);c:\program files\google\update\GoogleUpdate.exe [2009-6-1 133104]
    S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-7-6 5882368]
    S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-6 210944]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-6-19 45736]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-19 29472]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2010-5-13 39048]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SavRoam;SavRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
    S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400]

    =============== Created Last 30 ================

    2010-11-25 04:56:31 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-11-25 04:56:30 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-11-25 04:56:29 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-11-25 04:56:29 1652688 ----a-w- c:\windows\PCTBDCore.dll
    2010-11-25 04:52:15 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-11-25 04:52:15 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2010-11-25 04:52:02 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-11-25 04:52:02 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-11-25 04:51:55 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-11-25 04:51:45 -------- d-----w- c:\users\mattsm~1\appdata\roaming\PC Tools
    2010-11-25 04:51:45 -------- d-----w- c:\program files\Spyware Doctor
    2010-11-25 04:51:45 -------- d-----w- c:\program files\common files\PC Tools
    2010-11-25 04:51:45 -------- d-----w- c:\progra~2\PC Tools
    2010-11-25 02:48:32 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
    2010-11-25 02:48:30 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
    2010-11-24 10:05:52 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-11-24 03:20:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-24 03:20:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-24 03:20:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-15 03:49:26 105984 --sha-r- c:\windows\system32\usp10J.dll
    2010-11-12 08:40:44 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{0b1a8904-f55d-4a1e-8e5b-6f028f1e69f6}\mpengine.dll
    2010-11-12 02:03:43 -------- d-----w- c:\users\mattsm~1\appdata\roaming\FixCleaner
    2010-11-12 02:01:35 -------- d-----w- c:\program files\FixCleaner
    2010-11-08 21:18:23 -------- d-----w- c:\progra~2\Metacafe
    2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2010-10-27 00:57:38 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-10-27 00:57:38 417792 ----a-w- c:\windows\system32\msdri.dll
    2010-10-27 00:57:38 204288 ----a-w- c:\windows\system32\MSNP.ax
    2010-10-27 00:57:38 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2010-10-27 00:57:31 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys

    ==================== Find3M ====================

    2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-29 18:46:50 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-09-29 18:46:50 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-09-29 18:46:50 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2010-09-29 18:46:50 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-09-25 21:06:12 172032 ----a-w- c:\windows\system32\rdpclip.exe
    2010-09-23 04:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-21 18:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
    2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-14 15:31:54 163802 ----a-w- c:\windows\Audio Converter Pro Uninstaller.exe
    2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll

    ============= FINISH: 19:51:21.49 ===============

    DDS (Ver_10-11-26.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 1/6/2010 6:38:55 PM
    System Uptime: 11/25/2010 7:26:48 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0RY007
    Processor: Intel(R) Core(TM)2 Duo CPU E4400 @ 2.00GHz | Socket 775 | 2000/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 273 GiB total, 109.96 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 6.025 GiB free.
    E: is FIXED (NTFS) - 932 GiB total, 186.775 GiB free.
    F: is CDROM ()
    I: is FIXED (NTFS) - 233 GiB total, 22.928 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet 6500 E709n
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: adfs
    Device ID: ROOT\LEGACY_ADFS\0000
    Name: adfs
    PNP Device ID: ROOT\LEGACY_ADFS\0000
    Service: adfs

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E709n
    Manufacturer: HP
    Name: Officejet 6500 E709n

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    "Nero SoundTrax Help
    32 Bit HP CIO Components Installer
    4Media Video Converter Ultimate
    7-Zip 4.57
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge CS4
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS3
    Adobe Device Central CS4
    Adobe Dreamweaver CS4
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 Professional
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS4
    Adobe Linguistics CS3
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop 6.0
    Adobe Photoshop CS3
    Adobe Reader 9.4.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Stock Photos CS3
    Adobe Type Support CS4
    Adobe Update Manager CS3
    Adobe Update Manager CS4
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    Advertising Center
    AIM 6
    AMD Drag and Drop Transcoding
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI AVIVO Codecs
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    ATI Parental Control & Encoder
    Audacity 1.3.4 (Unicode)
    AVS Update Manager 1.0
    AVS Video Converter 7
    AVS4YOU Software Navigator 1.4
    BitPim 1.0.7
    Boris Graffiti
    Browser Defender
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    CCC Help English
    Cinergy Script Editor
    Combined Community Codec Pack 2007-07-22
    Creative MediaSource 5
    Data Lifeguard Diagnostic for Windows
    Definition update for Microsoft Office 2010 (KB982726)
    Dell Support Center
    Dell System Customization Wizard
    Digital Cable Advisor
    Digital Line Detect
    Digital Voice Editor 3
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    EasyBCD 1.7.2
    EasyFLV FLV Converter Ver 7 build 0.0.1
    EVEREST Ultimate Edition v5.50
    FoxyTunes for Firefox
    Games, Music, & Photos Launcher
    GameSpy Arcade
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    GMail Drive Shell Extension
    Google Chrome
    Google Desktop
    Google Earth
    Google Gears
    Google Update Helper
    Google Video Uploader
    Guitar Hero III
    H.264 Encoder 1.5
    HP Customer Participation Program 13.0
    HP Document Manager 2.0
    HP Imaging Device Functions 13.0
    HP Officejet 6500 E709 Series
    HP Smart Web Printing 4.60
    HP Solution Center 13.0
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections
    Intel(R) TV Wizard
    Internet TV for Windows Media Center
    Ipswitch WS_FTP Pro
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    LAME v3.98.2 for Audacity
    LG USB Modem driver
    LimeWire 5.6.2
    LiveUpdate 3.2 (Symantec Corporation)
    Logitech Vid HD
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Magic Bullet Looks Studio
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    ManyCam 2.4 (remove only)
    Menu Templates - Starter Kit
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Facebook 32-bit
    Microsoft Picture It! Photo Premium 9
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft Works 2004 Setup Launcher
    Microsoft Xbox 360 Accessories 1.1
    MKVtoolnix 4.2.0
    MobileMe Control Panel
    Motorola Driver Installation 3.2.0
    Move Media Player
    Movie Templates - Starter Kit
    Mozilla Firefox (3.6.12)
    Mozilla Thunderbird (3.1.4)
    Mpeg2Decoder 1.3
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Lite
    Nero 9
    Nero BurningROM
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express
    Nero InfoTool
    Nero Installer
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    OCR Software by I.R.I.S. 13.0
    OGA Notifier 2.0.0048.0
    PDF Settings CS4
    PHOTOfunSTUDIO 5.0
    Photoshop Camera Raw
    Pinnacle Studio 12
    Pinnacle Studio 12 Ultimate Plugins
    Pinnacle Video Driver
    Pixel Bender Toolkit
    PlayReady PC Runtime x86
    proDAD Vitascene 1.0
    Product Documentation Launcher
    Quicken 2009
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    Rhapsody Player Engine
    Right PDF Printer 3.6 Server Edition
    River Past Audio Converter Pro
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Word 2010 (KB2345000)
    Shop for HP Supplies
    Skype Toolbars
    Skype™ 5.0
    Snagit 9.1.3
    Sonic Activation Module
    SopCast 2.0.4
    Sound Blaster Audigy ADVANCED MB
    Spyware Doctor 7.0
    Suite Shared Configuration CS4
    Symantec AntiVirus
    The Lord of the Rings FREE Trial
    The Weather Channel Desktop 6
    Tipard iPod to PC Transfer
    Tony Hawks Pro Skater 4
    Uniblue RegistryBooster 2010
    University of Miami Desktop Communicator
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft OneNote 2010 (KB2288640)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    URL Assistant
    User's Guides
    V CAST Music with Rhapsody
    VC80CRTRedist - 8.0.50727.4053
    Video Explosion 1.5
    Viewpoint Media Player
    Virtual Earth 3D (Beta)
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VLC media player 1.1.2
    WD Diagnostics
    WebTrain Communicator
    WIDCOMM Bluetooth Software
    Winamp Detector Plug-in
    Winamp Remote
    Windows 7 Upgrade Advisor
    Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010
    Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010
    Windows Driver Package - Broadcom Bluetooth (01/19/2010
    Windows Driver Package - Broadcom Bluetooth (07/30/2009
    Windows Driver Package - Broadcom HIDClass (07/28/2009
    Windows Installer Clean Up
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    Windows Mobile Device Center Driver Update
    Windows Movie Maker 2.6
    Windows Movie Maker 6.0
    Xobni Core
    Xvid 1.2.2 final uninstall
    Yahoo! Music Jukebox

    ==== Event Viewer Messages From Past Week ========

    11/25/2010 7:28:08 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    11/25/2010 7:28:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL sptd
    11/25/2010 7:27:31 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    11/25/2010 7:27:26 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
    11/25/2010 7:26:51 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    11/25/2010 7:24:22 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
    11/25/2010 6:26:05 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    11/25/2010 2:07:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    11/25/2010 12:39:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    11/19/2010 9:46:40 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 53,860   +370

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.


    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

    Make sure, you re-enable your security programs, when you're done with Combofix.


    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  6. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Inspiron 530
    Logical Drives Mask: 0x0000013c

    Kernel Drivers (total 215):
    0x83045000 \SystemRoot\system32\ntkrnlpa.exe
    0x8300E000 \SystemRoot\system32\halmacpi.dll
    0x80BB5000 \SystemRoot\system32\kdcom.dll
    0x83639000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x836B1000 \SystemRoot\system32\PSHED.dll
    0x836C2000 \SystemRoot\system32\BOOTVID.dll
    0x836CA000 \SystemRoot\system32\CLFS.SYS
    0x8370C000 \SystemRoot\system32\CI.dll
    0x8B419000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8B48A000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8B498000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8B4E0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x8B4E9000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8B51D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8B525000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8B530000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8B55A000 \SystemRoot\System32\drivers\partmgr.sys
    0x8B720000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x8B746000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8B756000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8B7A1000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x8B7A8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8B7B6000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8B7BD000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8B7D3000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8B7DC000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8B600000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8B609000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8B56B000 \SystemRoot\system32\drivers\PCTCore.sys
    0x8B5A4000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x8B81E000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8B94D000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8B978000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8B98B000 \SystemRoot\System32\Drivers\cng.sys
    0x8B9E8000 \SystemRoot\System32\drivers\pcw.sys
    0x8B9F6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8BA23000 \SystemRoot\system32\drivers\ndis.sys
    0x8BADA000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8BB18000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8BC28000 \SystemRoot\System32\drivers\tcpip.sys
    0x8BD71000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8BDA2000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8BDE1000 \SystemRoot\System32\Drivers\spldr.sys
    0x8BB3D000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8BDE9000 \SystemRoot\System32\Drivers\mup.sys
    0x8BC00000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8BB6A000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8BC08000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8BB9C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8BA00000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8B61A000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0x8BBE6000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0x90167000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x901A0000 \SystemRoot\System32\Drivers\Null.SYS
    0x901A7000 \SystemRoot\System32\Drivers\Beep.SYS
    0x901AE000 \SystemRoot\System32\drivers\vga.sys
    0x901BA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x901DB000 \SystemRoot\System32\drivers\watchdog.sys
    0x901E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x901F0000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x901F8000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x90000000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x9000B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8B800000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8B663000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8B66E000 \SystemRoot\system32\drivers\afd.sys
    0x8B6C8000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8BDF9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8B6FA000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8B5AE000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8B5BC000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8B5CF000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x837B7000 \SystemRoot\System32\Drivers\SYMTDI.SYS
    0x98621000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x98662000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x9866C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x98676000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x986D4000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x986F1000 \SystemRoot\System32\drivers\discache.sys
    0x986FD000 \SystemRoot\System32\Drivers\dfsc.sys
    0x98715000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x98723000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x98744000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x99A20000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x99F29000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x98756000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x9878F000 \SystemRoot\system32\DRIVERS\e1e6032.sys
    0x99FE0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x9A23D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x9A288000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x9A297000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x9A2B6000 \SystemRoot\system32\DRIVERS\atinavrr.sys
    0x9A3BF000 \SystemRoot\system32\DRIVERS\ks.sys
    0x9A3F3000 \SystemRoot\system32\DRIVERS\NCREMOTEPCI.SYS
    0x9A3F7000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x9A3F9000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
    0x9A200000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x9A025000 \SystemRoot\system32\drivers\hcw18bda.sys
    0x9A085000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x9A090000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x9A096000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x9A0A3000 \SystemRoot\system32\DRIVERS\lmimirr.sys
    0x9A0A4000 \SystemRoot\system32\DRIVERS\ManyCam.sys
    0x9A0AA000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x9A0B8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x9A0CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x9A0E2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x9A0ED000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x9A10F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x9A127000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x9A13E000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x9A155000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x9A162000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x9A16F000 \SystemRoot\system32\DRIVERS\mcdbus.sys
    0x9A18C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x9A18E000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x9A19C000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
    0x9A1CA000 \SystemRoot\system32\DRIVERS\umbus.sys
    0xA0E32000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xA0E76000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x82019000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8223E000 \SystemRoot\system32\drivers\portcls.sys
    0x8226D000 \SystemRoot\system32\drivers\drmk.sys
    0x82580000 \SystemRoot\System32\win32k.sys
    0x82286000 \SystemRoot\System32\drivers\Dxapi.sys
    0x82290000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8229D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x822A8000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x822B1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x822C2000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x827E0000 \SystemRoot\System32\TSDDD.dll
    0x82420000 \SystemRoot\System32\cdd.dll
    0x822CD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x822E4000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
    0x822EA000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x822F5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x82308000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8230F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8231B000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x82440000 \SystemRoot\System32\ATMFD.DLL
    0x82326000 \SystemRoot\system32\DRIVERS\usbcir.sys
    0x82341000 \SystemRoot\System32\Drivers\nx6000.sys
    0x8234B000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x8236F000 \SystemRoot\system32\drivers\usbaudio.sys
    0x82383000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x82392000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x823A9000 \SystemRoot\system32\drivers\luafv.sys
    0x823C4000 \SystemRoot\system32\drivers\WudfPf.sys
    0x823DE000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x82000000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA0E87000 \SystemRoot\system32\drivers\HTTP.sys
    0xA0F0C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x823EE000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA0F25000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA0F48000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA0F83000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x82013000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0x82015000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
    0xA0FB6000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
    0xBC61D000 \SystemRoot\system32\drivers\peauth.sys
    0xBC6B4000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xBC6BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xBC6DF000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xBC6EC000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xBC73B000 \SystemRoot\System32\DRIVERS\srv.sys
    0xBC7B4000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
    0xBC7B9000 \SystemRoot\system32\drivers\tdtcp.sys
    0xBC7C3000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0xA0FC0000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x90019000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101120.002\NAVEX15.SYS
    0xBC7E4000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101120.002\NAVENG.SYS
    0xA0E00000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xBC7F8000 \??\C:\Windows\system32\drivers\mbam.sys
    0xD50A8000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xD50B1000 \??\C:\Users\MATTSM~1\AppData\Local\Temp\fxldypow.sys
    0xD50C9000 \??\C:\Users\MATTSM~1\AppData\Local\Temp\mbr.sys
    0x770F0000 \Windows\System32\ntdll.dll
    0x48260000 \Windows\System32\smss.exe
    0x77330000 \Windows\System32\apisetschema.dll
    0x00FB0000 \Windows\System32\autochk.exe
    0x76FB0000 \Windows\System32\urlmon.dll
    0x77290000 \Windows\System32\clbcatq.dll
    0x77250000 \Windows\System32\ws2_32.dll
    0x76EB0000 \Windows\System32\wininet.dll
    0x76E60000 \Windows\System32\gdi32.dll
    0x76E10000 \Windows\System32\Wldap32.dll
    0x76DB0000 \Windows\System32\shlwapi.dll
    0x76D30000 \Windows\System32\comdlg32.dll
    0x76C60000 \Windows\System32\user32.dll
    0x77230000 \Windows\System32\imm32.dll
    0x76A60000 \Windows\System32\iertutil.dll
    0x769C0000 \Windows\System32\advapi32.dll
    0x76910000 \Windows\System32\msvcrt.dll
    0x76900000 \Windows\System32\psapi.dll
    0x767A0000 \Windows\System32\ole32.dll
    0x76780000 \Windows\System32\sechost.dll
    0x766B0000 \Windows\System32\msctf.dll
    0x766A0000 \Windows\System32\lpk.dll
    0x765F0000 \Windows\System32\rpcrt4.dll
    0x765C0000 \Windows\System32\imagehlp.dll
    0x765B0000 \Windows\System32\normaliz.dll
    0x76550000 \Windows\System32\difxapi.dll
    0x764C0000 \Windows\System32\oleaut32.dll
    0x763E0000 \Windows\System32\kernel32.dll
    0x76240000 \Windows\System32\setupapi.dll
    0x76230000 \Windows\System32\nsi.dll
    0x76190000 \Windows\System32\usp10.dll
    0x75540000 \Windows\System32\shell32.dll
    0x75420000 \Windows\System32\crypt32.dll
    0x753F0000 \Windows\System32\wintrust.dll
    0x753A0000 \Windows\System32\KernelBase.dll
    0x75370000 \Windows\System32\cfgmgr32.dll
    0x752E0000 \Windows\System32\comctl32.dll
    0x752C0000 \Windows\System32\devobj.dll
    0x752B0000 \Windows\System32\msasn1.dll

    Processes (total 114):
    0 System Idle Process
    4 System
    248 C:\Windows\System32\smss.exe
    428 csrss.exe
    480 csrss.exe
    488 C:\Windows\System32\wininit.exe
    544 C:\Windows\System32\winlogon.exe
    572 C:\Windows\System32\services.exe
    596 C:\Windows\System32\lsass.exe
    604 C:\Windows\System32\lsm.exe
    724 C:\Windows\System32\svchost.exe
    796 C:\Windows\System32\svchost.exe
    872 C:\Windows\System32\atiesrxx.exe
    936 C:\Windows\System32\svchost.exe
    996 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\audiodg.exe
    1176 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\atieclxx.exe
    1356 C:\Windows\System32\svchost.exe
    1504 C:\Windows\System32\spoolsv.exe
    1540 C:\Windows\System32\taskeng.exe
    1552 C:\Windows\System32\svchost.exe
    1668 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    1692 C:\Windows\System32\rundll32.exe
    1700 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1732 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    1772 C:\Program Files\Bonjour\mDNSResponder.exe
    1792 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    1828 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    1860 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    1896 C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    1936 C:\Windows\System32\CTSVCCDA.EXE
    1988 C:\Program Files\Symantec AntiVirus\DefWatch.exe
    2024 C:\Windows\System32\svchost.exe
    276 C:\Windows\System32\svchost.exe
    436 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    656 C:\Program Files\LogMeIn\x86\ramaint.exe
    780 C:\Program Files\LogMeIn\x86\LogMeIn.exe
    1572 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    1268 C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe
    1364 C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    1948 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    2060 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2124 C:\Windows\System32\svchost.exe
    2176 C:\Program Files\Winamp Remote\bin\OrbMediaService.exe
    2240 C:\Windows\System32\svchost.exe
    2348 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    2620 C:\Program Files\Spyware Doctor\pctsAuxs.exe
    2680 C:\Program Files\Spyware Doctor\pctsSvc.exe
    2740 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    2776 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2812 C:\Windows\System32\svchost.exe
    2860 C:\Program Files\AnywhereTS\srv\srvstart.exe
    2924 C:\Program Files\Viewpoint\Common\ViewpointService.exe
    2964 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    3004 C:\Program Files\Xobni\XobniService.exe
    3056 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3200 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    3224 C:\Program Files\AnywhereTS\srv\tftpd32.exe
    3988 C:\Windows\System32\svchost.exe
    4104 C:\Windows\System32\svchost.exe
    4696 C:\Program Files\LogMeIn\x86\LogMeIn.exe
    5088 C:\Windows\System32\taskhost.exe
    5172 C:\Windows\System32\dwm.exe
    5240 C:\Program Files\Spyware Doctor\pctsTray.exe
    5308 C:\Windows\explorer.exe
    5576 C:\Program Files\Google\Update\\GoogleCrashHandler.exe
    5700 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    6052 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    6072 C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
    4232 C:\Windows\System32\SearchIndexer.exe
    4392 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    2364 C:\Program Files\Symantec AntiVirus\VPTray.exe
    4476 C:\Program Files\iTunes\iTunesHelper.exe
    4612 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    4512 C:\Program Files\LimeWire\LimeWire.exe
    5096 C:\Windows\System32\hkcmd.exe
    5252 C:\Windows\System32\igfxpers.exe
    2724 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3092 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3176 C:\Windows\System32\igfxsrvc.exe
    5440 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    5708 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1320 C:\Users\matt small\Program Files\DNA\btdna.exe
    2056 C:\Program Files\DellSupport\DSAgnt.exe
    3160 C:\Program Files\Windows Sidebar\sidebar.exe
    2844 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3360 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    932 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    4324 C:\Program Files\iPod\bin\iPodService.exe
    4320 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    628 C:\Users\matt small\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    6104 WmiPrvSE.exe
    6728 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    7052 C:\Windows\System32\svchost.exe
    7592 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    8164 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    6480 dllhost.exe
    6824 C:\Windows\System32\dllhost.exe
    6788 C:\Windows\System32\svchost.exe
    3272 C:\Windows\System32\svchost.exe
    4780 C:\Program Files\Mozilla Firefox\firefox.exe
    6588 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2000 C:\Program Files\Trillian\trillian.exe
    5340 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    8140 C:\Program Files\Skype\Phone\Skype.exe
    7700 C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    2408 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    7692 C:\Windows\System32\SearchFilterHost.exe
    6364 C:\Windows\System32\taskeng.exe
    7716 C:\Windows\System32\SearchProtocolHost.exe
    7416 C:\Users\matt small\Downloads\MBRCheck.exe
    7892 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive1 at offset 0x00000002`83700000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`03700000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
    \\.\I: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive1 Model Number: SAMSUNGHD321KJ, Rev: CP100-11
    PhysicalDrive0 Model Number: WDCWD10EADS-00L5B1, Rev: 01.01A01
    PhysicalDrive2 Model Number: WD2500JB External, Rev: 0602

    Size Device Name MBR Status
    298 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    232 GB \\.\PhysicalDrive2 RE: Unknown MBR code
    SHA1: CE7DBBBEE43059700485C7835F4E1ED6D2FADB1C

    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

  7. msmall10

    msmall10 TS Rookie Topic Starter Posts: 44

    slight problem with comboFix... im working on it remotely (im at school and the computer is at home) so I can't run it without the internet connection. Is there another way or should I just wait until i can work on the computer directly.
  8. Broni

    Broni Malware Annihilator Posts: 53,860   +370

    I'd definitely wait until you got there.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...