cyansun

Chase Bank MFASA redirect

75 posts in this topic

Around a month or so ago, I tried to access my account at Chase Bank, but thankfully I noticed the site it redirected me to was (if I remember correctly) mfasa.chase.com before I entered any information. Though I have noscript installed and the program prevented the actual site from loading, research tells me that other users with this problem were promted to enter social security numbers, credit cards, pin numbers, and more.

Of course, I scanned my computer with Malwarebytes, but no problems were detected. I still believe the problem exists and wonder if I might have a rootkit issue? I don't really know.

Thank you!

At any rate, I have followed the instructions and here are my logs:

- - - - - -

Malwarebytes:

- - - -

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7082

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

7/12/2011 1:11:27 AM

mbam-log-2011-07-12 (01-11-27).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 545848

Time elapsed: 3 hour(s), 12 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

- - - -

DDS

- - -

DDS (Ver_2011-07-14.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514

Run by Kitty at 21:37:21 on 2011-07-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2641 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\SMINST\BLService.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Kitty\Desktop\Downloads\ivch49lm.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [AdobeBridge] <no file>

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{B5D5FC03-3E9E-4F9A-9FCB-FF61BD0A1283} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{B5D5FC03-3E9E-4F9A-9FCB-FF61BD0A1283}\05561636860516E64616 : DHCPNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{B5D5FC03-3E9E-4F9A-9FCB-FF61BD0A1283}\0596A7A71625563616C6 : DHCPNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{B5D5FC03-3E9E-4F9A-9FCB-FF61BD0A1283}\354756C6C616270205230275962756C6563737 : DHCPNameServer = 10.176.80.8 10.176.80.9

TCP: Interfaces\{B5D5FC03-3E9E-4F9A-9FCB-FF61BD0A1283}\36375736869636F6D2275637E65647 : DHCPNameServer = 132.241.82.215 132.241.66.6 132.241.80.10

TCP: Interfaces\{B5D5FC03-3E9E-4F9A-9FCB-FF61BD0A1283}\4586560244566796C67237023416573756771697 : DHCPNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{B5D5FC03-3E9E-4F9A-9FCB-FF61BD0A1283}\74F6C64656E62457666616C6F6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B5D5FC03-3E9E-4F9A-9FCB-FF61BD0A1283}\7616D65627F6F6D6 : DHCPNameServer = 192.168.1.1 68.87.76.178

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: ipp - <Clsid value has no data>

Handler: msdaipp - <Clsid value has no data>

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: ipp - <Clsid value has no data>

x64-Handler: msdaipp - <Clsid value has no data>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\4zjc8eq6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.goodsearch.com/?charityid=812192

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Kitty\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Users\Kitty\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Kitty\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-7-4 353168]

R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]

R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-20 365952]

R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2009-12-26 1908520]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-2-12 292864]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-20 227896]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-12-27 138752]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-8-20 216064]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-1 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-1 136176]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-3 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2011-07-17 16:17:15 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1A4D2AC-18F4-449D-A616-7E2120DBA17F}\mpengine.dll

2011-07-13 02:02:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-13 02:01:55 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-05 07:29:47 -------- d-----w- C:\Windows\System32\SPReview

2011-07-05 07:22:47 -------- d-----w- C:\Windows\System32\EventProviders

2011-07-04 17:31:44 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-07-04 17:31:44 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-07-04 05:15:04 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-03 07:08:59 4583424 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe

2011-07-03 07:07:59 630272 ----a-w- C:\Windows\System32\evr.dll

2011-07-03 07:06:59 624128 ----a-w- C:\Windows\System32\qedit.dll

2011-07-03 07:04:59 61440 ----a-w- C:\Windows\System32\drivers\appid.sys

2011-07-03 07:03:59 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll

2011-07-03 07:03:59 257024 ----a-w- C:\Windows\SysWow64\dpx.dll

2011-07-03 07:03:51 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2011-07-03 07:03:51 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2011-07-03 06:58:49 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2011-07-03 06:58:49 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2011-07-03 06:58:49 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-07-03 06:58:28 933376 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-07-03 06:58:17 199168 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-07-03 06:56:39 422912 ----a-w- C:\Windows\System32\drvstore.dll

2011-07-03 06:56:35 399872 ----a-w- C:\Windows\System32\dpx.dll

.

==================== Find3M ====================

.

2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-07-05 07:44:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-07-05 07:44:50 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys

2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe

2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll

2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll

2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe

2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll

2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll

2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll

2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll

2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll

2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll

2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe

2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe

2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe

2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll

2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll

2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll

2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll

2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll

2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll

2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe

2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe

2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe

2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

.

============= FINISH: 21:40:11.40 ===============

Share this post


Link to post
Share on other sites

Hello cyansun and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

I see you have IObit installed on your computer.

IObit Security 360 is a rogue security program known to cause system problems and that had stolen material from other computer security companies to use in their own program.

IOBit Steals Malwarebytes’ Intellectual Property

IOBit’s Denial of Theft Unconvincing

The program has also been seen to cause numerous system problems that tend to go away after uninstalling their software.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs:

IObit Security 360

Advanced SystemCare

(or any program from IObit)

T-Tools has created a free program that has been designed specifically to remove every last trace of the entries of IObit programs left behind if and when you had decided to uninstall one or more of these programs. Please download BitRemover from here:

http://www.t-tools.nl/bitremoveren.php

Save the program to your Desktop and double-click on the program to run it.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Share this post


Link to post
Share on other sites

Thanks for your response, D-FRED-BROWN!

I thought I should let you know that I might actually be away from my computer for a couple days, but as soon as I have time, I'll follow your instructions and post back. I just don't want you to think I'm not checking back.

Share this post


Link to post
Share on other sites

Sounds good, thank you for letting me know :)

Share this post


Link to post
Share on other sites

Okay, so I just ran combofix, but I have a slight problem. Now my computer won't let me open ANYTHING and it says "Illegal operation attempted on a registry key that has been marked for deletion."

It won't even let me run Firefox. I'm trying not to panic. What should I do?

Thank you.

Share this post


Link to post
Share on other sites

Reboot :)

Share this post


Link to post
Share on other sites

Really? You're sure that won't cause everything on my computer to be deleted since it says it is all "marked for deletion"?

Share this post


Link to post
Share on other sites

Trust me on this, it is a well-known issue ;)

Share this post


Link to post
Share on other sites

Okay, things seem to be back to normal. I'll continue following the instructions and then post the logs.

Thanks!

Share this post


Link to post
Share on other sites

Sounds good! :)

Share this post


Link to post
Share on other sites

Sounds good! :)

Share this post


Link to post
Share on other sites

I followed the instructions. One question,

though - if I downloaded some of the

programs to my downloads folder (not my

desktop) and ran them from there, is that a

problem?

Combofix:

- - -

ComboFix 11-07-24.03 - Kitty 07/24/2011

21:21:59.1.2 - x64

Microsoft Windows 7 Home Premium

6.1.7601.1.1252.1.1033.18.3999.2412 [GMT -

7:00]

Running from: c:\users\Kitty\Desktop

\ComboFix.exe

AV: Microsoft Security Essentials

*Disabled/Updated* {108DAC43-C256-20B7-BB05

-914135DA5160}

SP: Microsoft Security Essentials

*Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5

-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated*

{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created

from 2011-06-25 to 2011-07-25

)))))))))))))))))))))))))))))))

.

.

2011-07-25 04:56 . 2011-07-25 04:56

-------- d-----w- c:\users

\Default\AppData\Local\temp

2011-07-25 04:56 . 2011-07-25 04:56

-------- d-----w- c:\users

\dadmin\AppData\Local\temp

2011-07-25 04:19 . 2011-07-25 04:20

-------- d-----w- C:

\32788R22FWJFW

2011-07-24 20:37 . 2011-07-13 04:53

8578896 ----a-w- c:\programdata

\Microsoft\Microsoft Antimalware\Definition

Updates\{FD3E8461-564A-48B9-80CE-

720AA8E5192B}\mpengine.dll

2011-07-13 02:02 . 2011-06-03 06:44 3584

---ha-w- c:\windows\system32\api-ms-

win-core-processenvironment-l1-1-0.dll

2011-07-13 02:01 . 2011-06-03 06:57

362496 ----a-w- c:\windows

\system32\wow64win.dll

2011-07-05 07:29 . 2011-07-05 07:29

-------- d-----w- c:\windows

\system32\SPReview

2011-07-05 07:22 . 2011-07-05 07:22

-------- d-----w- c:\windows

\system32\EventProviders

2011-07-04 17:31 . 2011-07-04 17:31

2106216 ----a-w- c:\program files

(x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-07-04 17:31 . 2011-07-04 17:31

1998168 ----a-w- c:\program files

(x86)\Mozilla Firefox\d3dx9_43.dll

2011-07-04 05:15 . 2011-07-04 05:15

404640 ----a-w- c:\windows

\SysWow64\FlashPlayerCPLApp.cpl

2011-07-03 07:08 . 2010-11-20 13:27

3860992 ----a-w- c:\windows

\system32\UIRibbon.dll

2011-07-03 07:07 . 2010-11-20 13:27

409600 ----a-w- c:\windows

\system32\photowiz.dll

2011-07-03 07:06 . 2010-11-20 13:27

624128 ----a-w- c:\windows

\system32\qedit.dll

2011-07-03 07:05 . 2010-11-20 13:26

37376 ----a-w- c:\windows

\system32\iscsium.dll

2011-07-03 07:04 . 2010-11-20 13:25

102912 ----a-w- c:\program files

\Windows Media Player\wmpshare.exe

2011-07-03 07:03 . 2010-11-20 12:18

323072 ----a-w- c:\windows

\SysWow64\drvstore.dll

2011-07-03 07:03 . 2010-11-20 12:18

257024 ----a-w- c:\windows

\SysWow64\dpx.dll

2011-07-03 07:03 . 2010-11-20 12:21

363008 ----a-w- c:\windows

\SysWow64\wbemcomn.dll

2011-07-03 07:03 . 2010-11-20 12:19

606208 ----a-w- c:\windows

\SysWow64\wbem\fastprox.dll

2011-07-03 06:58 . 2010-11-20 13:27

524288 ----a-w- c:\windows

\system32\wmicmiplugin.dll

2011-07-03 06:58 . 2010-11-20 13:27

529408 ----a-w- c:\windows

\system32\wbemcomn.dll

2011-07-03 06:58 . 2010-11-20 13:27

1225216 ----a-w- c:\windows

\system32\wbem\wbemcore.dll

2011-07-03 06:58 . 2010-11-20 13:27

933376 ----a-w- c:\windows

\system32\SmiEngine.dll

2011-07-03 06:58 . 2010-11-20 13:25

199168 ----a-w- c:\windows

\system32\PkgMgr.exe

2011-07-03 06:56 . 2010-11-20 13:26

422912 ----a-w- c:\windows

\system32\drvstore.dll

2011-07-03 06:56 . 2010-11-20 13:26

399872 ----a-w- c:\windows

\system32\dpx.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((

Find3M Report

))))))))))))))))))))))))))))))))))))))))))))

))))))))

.

2011-07-07 02:52 . 2009-08-09 19:54

41272 ----a-w- c:\windows

\SysWow64\drivers\mbamswissarmy.sys

2011-07-07 02:52 . 2009-08-09 19:54

25912 ----a-w- c:\windows

\system32\drivers\mbam.sys

2011-07-05 07:44 . 2009-07-14 02:36

152576 ----a-w- c:\windows

\SysWow64\msclmd.dll

2011-07-05 07:44 . 2009-07-14 02:36

175616 ----a-w- c:\windows

\system32\msclmd.dll

2011-06-07 17:10 . 2010-08-24 05:20

8873296 ----a-w- c:\programdata

\Microsoft\Microsoft Antimalware\Definition

Updates\Backup\mpengine.dll

2011-06-03 05:57 . 2011-07-13 02:01

44032 ----a-w- c:\windows\apppatch

\acwow64.dll

2011-05-28 03:30 . 2011-06-17 03:15

1638912 ----a-w- c:\windows

\system32\mshtml.tlb

2011-05-28 02:53 . 2011-06-17 03:15

1638912 ----a-w- c:\windows

\SysWow64\mshtml.tlb

2011-05-03 05:29 . 2011-06-17 03:14

976896 ----a-w- c:\windows

\system32\inetcomm.dll

2011-05-03 04:30 . 2011-06-17 03:14

741376 ----a-w- c:\windows

\SysWow64\inetcomm.dll

2011-04-29 03:06 . 2011-06-17 03:14

467456 ----a-w- c:\windows

\system32\drivers\srv.sys

2011-04-29 03:05 . 2011-06-17 03:14

410112 ----a-w- c:\windows

\system32\drivers\srv2.sys

2011-04-29 03:05 . 2011-06-17 03:14

168448 ----a-w- c:\windows

\system32\drivers\srvnet.sys

2011-04-27 02:40 . 2011-06-17 03:16

158208 ----a-w- c:\windows

\system32\drivers\mrxsmb.sys

2011-04-27 02:39 . 2011-06-17 03:16

289280 ----a-w- c:\windows

\system32\drivers\mrxsmb10.sys

2011-04-27 02:39 . 2011-06-17 03:16

128000 ----a-w- c:\windows

\system32\drivers\mrxsmb20.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg

Loading Points

))))))))))))))))))))))))))))))))))))))))))))

))))))

.

.

*Note* empty entries & legit default entries

are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft

\Windows\CurrentVersion\Run]

"AdobeUpdater"="c:\program files

(x86)\Common Files\Adobe\Updater

\AdobeUpdater.exe" [2007-04-04 970752]

"LightScribe Control Panel"="c:\program

files (x86)\Common Files\LightScribe

\LightScribeControlPanel.exe" [2010-01-22

2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node

\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files

(x86)\HP\HP Software Update\HPWuSchd2.exe"

[2008-03-26 49152]

"hpqSRMon"="c:\program files (x86)\HP

\Digital Imaging\bin\hpqSRMon.exe" [2008-03

-13 81920]

"QlbCtrl.exe"="c:\program files

(x86)\Hewlett-Packard\HP Quick Launch

Buttons\QlbCtrl.exe" [2010-02-25 323640]

"WinPatrol"="c:\program files (x86)\BillP

Studios\WinPatrol\winpatrol.exe" [2009-07-27

341312]

"WirelessAssistant"="c:\program files

(x86)\Hewlett-Packard\HP Wireless Assistant

\HPWAMain.exe" [2009-05-11 513080]

"AdobeCS5ServiceManager"="c:\program files

(x86)\Common Files\Adobe\CS5ServiceManager

\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common

Files\Adobe\SwitchBoard\SwitchBoard.exe"

[2010-02-19 517096]

.

c:\programdata\Microsoft\Windows\Start Menu

\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program

files (x86)\Hp\Digital Imaging\bin

\hpqtra08.exe [2008-3-25 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft

\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system

\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\system

\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ

kerberos msv1_0 schannel wdigest tspkg pku2u

livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM

\CurrentControlSet\Control\SafeBoot\Minimal

\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM

\CurrentControlSet\Control\SafeBoot\Minimal

\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft

.NET Framework NGEN v4.0.30319_X86;c:

\windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft

.NET Framework NGEN v4.0.30319_X64;c:

\windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-

03-18 138576]

R2 gupdate;Google Update Service

(gupdate);c:\program files (x86)\Google

\Update\GoogleUpdate.exe [2010-07-01 136176]

R3 Com4QLBEx;Com4QLBEx;c:\program files

(x86)\Hewlett-Packard\HP Quick Launch

Buttons\Com4QLBEx.exe [2010-02-25 227896]

R3 gupdatem;Google Update Service

(gupdatem);c:\program files (x86)\Google

\Update\GoogleUpdate.exe [2010-07-01 136176]

R3 MpNWMon;Microsoft Malware Protection

Network Driver;c:\windows\system32\DRIVERS

\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection

System;c:\windows\system32\DRIVERS

\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:

\program files\Microsoft Security Client

\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 RtsUIR;Realtek IR Driver;c:\windows

\system32\DRIVERS\Rts516xIR.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program

files (x86)\Common Files\Adobe\SwitchBoard

\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows

\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:

\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation

Technologies Service;c:\windows

\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:

\windows\system32\DRIVERS\vwififlt.sys [x]

S2 FreeAgentGoNext Service;Seagate

Service;c:\program files (x86)\Seagate

\SeagateManager\Sync\FreeAgentService.exe

[2009-12-18 189736]

S2 HPDrvMntSvc.exe;HP Quick Synchronization

Service;c:\program files (x86)\Hewlett-

Packard\Shared\HPDrvMntSvc.exe [2010-10-15

92216]

S2 HsfXAudioService;HsfXAudioService;c:

\windows\system32\svchost.exe [2009-07-14

27136]

S2 Recovery Service for Windows;Recovery

Service for Windows;c:\program files

(x86)\SMINST\BLService.exe [2008-10-06

365952]

S2 TabletServiceWacom;TabletServiceWacom;c:

\windows\system32\Wacom_Tablet.exe [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows

\system32\DRIVERS\CAXHWAZL.sys [x]

S3 IntcHdmiAddService;Intel® High

Definition Audio HDMI;c:\windows

\system32\drivers\IntcHdmi.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card

Reader;c:\windows\system32\Drivers

\RtsUStor.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport

Service;c:\windows\system32\DRIVERS

\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - AvgTdiA

.

[HKEY_LOCAL_MACHINE\software\wow6432node

\microsoft\windows nt\currentversion

\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node

\microsoft\active setup\installed

components\{10880D85-AAD9-4558-ABDC-

2AB1552D831F}]

2010-01-22 18:06 451872 ----a-w-

c:\program files (x86)\Common Files

\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-25 c:\windows\Tasks

\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update

\GoogleUpdate.exe [2010-07-01 07:44]

.

2011-07-25 c:\windows\Tasks

\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update

\GoogleUpdate.exe [2010-07-01 07:44]

.

2011-07-24 c:\windows\Tasks

\GoogleUpdateTaskUserS-1-5-21-3398980415-

734378812-3893664885-1000Core.job

- c:\users\Kitty\AppData\Local\Google

\Update\GoogleUpdate.exe [2010-07-04 07:44]

.

2011-07-25 c:\windows\Tasks

\GoogleUpdateTaskUserS-1-5-21-3398980415-

734378812-3893664885-1000UA.job

- c:\users\Kitty\AppData\Local\Google

\Update\GoogleUpdate.exe [2010-07-04 07:44]

.

2011-07-25 c:\windows\Tasks

\HPCeeScheduleFordadmin.job

- c:\program files (x86)\Hewlett-Packard\HP

Ceement\HPCEE.exe [2009-10-07 11:22]

.

2011-07-25 c:\windows\Tasks

\HPCeeScheduleForKitty.job

- c:\program files (x86)\Hewlett-Packard\HP

Ceement\HPCEE.exe [2009-10-07 11:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft

\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files

(x86)\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe" [2010-03-06

500208]

"MSC"="c:\program files\Microsoft Security

Client\msseces.exe" [2010-11-30 1436224]

"IgfxTray"="c:\windows

\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows

\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows

\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft

\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uDefault_Search_URL =

hxxp://www.google.com/ie

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) =

hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:

\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:

\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Kitty\AppData

\Roaming\Mozilla\Firefox\Profiles

\4zjc8eq6.default\

FF - prefs.js: browser.startup.homepage -

hxxp://www.goodsearch.com/?charityid=812192

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

WebBrowser-{604BC32A-9680-40D1-9AC6-

E06B23A1BA4C} - (no file)

HKLM-Run-SynTPEnh - c:\program files

(x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS

---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93

-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\

\Macromed\\Flash\

\FlashUtil10g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93

-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93

-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\

\FlashUtil10g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93

-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8

-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8

-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\

\Flash10g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8

-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8

-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8

-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\

\Flash10g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8

-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8

-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8

-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8

-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8

-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\

\Flash10g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8

-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8

-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\

\Flash10g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8

-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8

-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8

-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-

B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-

B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes

\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-

B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM

\ControlSet001\Control\Class\{4D36E96D-E325

-11CE-BFC1-

08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SYSTEM

\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running

Processes ------------------------

.

c:\program files (x86)\Common Files\Apple

\Mobile Device Support

\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour

\mDNSResponder.exe

c:\program files (x86)\Cisco Systems\VPN

Client\cvpnd.exe

c:\program files (x86)\Common Files

\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared

files\RichVideo.exe

c:\program files (x86)\Yahoo!

\SoftwareUpdate\YahooAUService.exe

.

********************************************

******************************

.

Completion time: 2011-07-24 22:09:07 -

machine was rebooted

ComboFix-quarantined-files.txt 2011-07-25

05:09

.

Pre-Run: 44,131,758,080 bytes free

Post-Run: 45,041,577,984 bytes free

.

- - End Of File - -

E4C32F9D26C4B181B9628ECE60F9E274

- - - -

Here is my TDSSKiller log:

- - -

2011/07/24 13:50:42.0221 4764 TDSS rootkit

removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/24 13:50:42.0452 4764

============================================

====================================

2011/07/24 13:50:42.0452 4764 SystemInfo:

2011/07/24 13:50:42.0452 4764

2011/07/24 13:50:42.0452 4764 OS Version:

6.1.7601 ServicePack: 1.0

2011/07/24 13:50:42.0452 4764 Product

type: Workstation

2011/07/24 13:50:42.0452 4764

ComputerName: CIERRAS_LAPTOP

2011/07/24 13:50:42.0453 4764 UserName:

Kitty

2011/07/24 13:50:42.0453 4764 Windows

directory: C:\Windows

2011/07/24 13:50:42.0453 4764 System

windows directory: C:\Windows

2011/07/24 13:50:42.0453 4764 Running

under WOW64

2011/07/24 13:50:42.0453 4764 Processor

architecture: Intel x64

2011/07/24 13:50:42.0453 4764 Number of

processors: 2

2011/07/24 13:50:42.0453 4764 Page size:

0x1000

2011/07/24 13:50:42.0453 4764 Boot type:

Normal boot

2011/07/24 13:50:42.0453 4764

============================================

====================================

2011/07/24 13:50:44.0234 4764 Initialize

success

2011/07/24 13:51:00.0803 2544

============================================

====================================

2011/07/24 13:51:00.0803 2544 Scan started

2011/07/24 13:51:00.0803 2544 Mode:

Manual;

2011/07/24 13:51:00.0803 2544

============================================

====================================

2011/07/24 13:51:02.0132 2544 1394ohci

(a87d604aea360176311474c87a63bb88) C:

\Windows\system32\drivers\1394ohci.sys

2011/07/24 13:51:02.0351 2544 ACPI

(d81d9e70b8a6dd14d42d7b4efa65d5f2) C:

\Windows\system32\drivers\ACPI.sys

2011/07/24 13:51:02.0534 2544 AcpiPmi

(99f8e788246d495ce3794d7e7821d2ca) C:

\Windows\system32\drivers\acpipmi.sys

2011/07/24 13:51:02.0762 2544 adp94xx

(2f6b34b83843f0c5118b63ac634f5bf4) C:

\Windows\system32\DRIVERS\adp94xx.sys

2011/07/24 13:51:02.0961 2544 adpahci

(597f78224ee9224ea1a13d6350ced962) C:

\Windows\system32\DRIVERS\adpahci.sys

2011/07/24 13:51:03.0161 2544 adpu320

(e109549c90f62fb570b9540c4b148e54) C:

\Windows\system32\DRIVERS\adpu320.sys

2011/07/24 13:51:03.0388 2544 AFD

(d5b031c308a409a0a576bff4cf083d30) C:

\Windows\system32\drivers\afd.sys

2011/07/24 13:51:03.0585 2544 agp440

(608c14dba7299d8cb6ed035a68a15799) C:

\Windows\system32\drivers\agp440.sys

2011/07/24 13:51:03.0800 2544 aliide

(5812713a477a3ad7363c7438ca2ee038) C:

\Windows\system32\drivers\aliide.sys

2011/07/24 13:51:03.0990 2544 amdide

(1ff8b4431c353ce385c875f194924c0c) C:

\Windows\system32\drivers\amdide.sys

2011/07/24 13:51:04.0188 2544 AmdK8

(7024f087cff1833a806193ef9d22cda9) C:

\Windows\system32\DRIVERS\amdk8.sys

2011/07/24 13:51:04.0364 2544 AmdPPM

(1e56388b3fe0d031c44144eb8c4d6217) C:

\Windows\system32\DRIVERS\amdppm.sys

2011/07/24 13:51:04.0561 2544 amdsata

(d4121ae6d0c0e7e13aa221aa57ef2d49) C:

\Windows\system32\drivers\amdsata.sys

2011/07/24 13:51:04.0764 2544 amdsbs

(f67f933e79241ed32ff46a4f29b5120b) C:

\Windows\system32\DRIVERS\amdsbs.sys

2011/07/24 13:51:04.0966 2544 amdxata

(540daf1cea6094886d72126fd7c33048) C:

\Windows\system32\drivers\amdxata.sys

2011/07/24 13:51:05.0180 2544 AppID

(89a69c3f2f319b43379399547526d952) C:

\Windows\system32\drivers\appid.sys

2011/07/24 13:51:05.0412 2544 arc

(c484f8ceb1717c540242531db7845c4e) C:

\Windows\system32\DRIVERS\arc.sys

2011/07/24 13:51:05.0607 2544 arcsas

(019af6924aefe7839f61c830227fe79c) C:

\Windows\system32\DRIVERS\arcsas.sys

2011/07/24 13:51:05.0812 2544 AsyncMac

(769765ce2cc62867468cea93969b2242) C:

\Windows\system32\DRIVERS\asyncmac.sys

2011/07/24 13:51:05.0996 2544 atapi

(02062c0b390b7729edc9e69c680a6f3c) C:

\Windows\system32\drivers\atapi.sys

2011/07/24 13:51:06.0265 2544 athr

(96abf88241f90ff647e55c934c55c2f1) C:

\Windows\system32\DRIVERS\athrx.sys

2011/07/24 13:51:06.0530 2544 b06bdrv

(3e5b191307609f7514148c6832bb0842) C:

\Windows\system32\DRIVERS\bxvbda.sys

2011/07/24 13:51:06.0948 2544 b57nd60a

(b5ace6968304a3900eeb1ebfd9622df2) C:

\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/24 13:51:07.0155 2544 Beep

(16a47ce2decc9b099349a5f840654746) C:

\Windows\system32\drivers\Beep.sys

2011/07/24 13:51:07.0379 2544 blbdrive

(61583ee3c3a17003c4acd0475646b4d3) C:

\Windows\system32\DRIVERS\blbdrive.sys

2011/07/24 13:51:07.0626 2544 bowser

(6c02a83164f5cc0a262f4199f0871cf5) C:

\Windows\system32\DRIVERS\bowser.sys

2011/07/24 13:51:07.0812 2544 BrFiltLo

(f09eee9edc320b5e1501f749fde686c8) C:

\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/24 13:51:07.0996 2544 BrFiltUp

(b114d3098e9bdb8bea8b053685831be6) C:

\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/24 13:51:08.0187 2544 Brserid

(43bea8d483bf1870f018e2d02e06a5bd) C:

\Windows\System32\Drivers\Brserid.sys

2011/07/24 13:51:08.0400 2544 BrSerWdm

(a6eca2151b08a09caceca35c07f05b42) C:

\Windows\System32\Drivers\BrSerWdm.sys

2011/07/24 13:51:08.0598 2544 BrUsbMdm

(b79968002c277e869cf38bd22cd61524) C:

\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/24 13:51:08.0766 2544 BrUsbSer

(a87528880231c54e75ea7a44943b38bf) C:

\Windows\System32\Drivers\BrUsbSer.sys

2011/07/24 13:51:08.0958 2544 BTHMODEM

(9da669f11d1f894ab4eb69bf546a42e8) C:

\Windows\system32\DRIVERS\bthmodem.sys

2011/07/24 13:51:09.0159 2544 CAXHWAZL

(d1787e11c6a0078ddeaf8cf3ee2ab293) C:

\Windows\system32\DRIVERS\CAXHWAZL.sys

2011/07/24 13:51:09.0364 2544 cdfs

(b8bd2bb284668c84865658c77574381a) C:

\Windows\system32\DRIVERS\cdfs.sys

2011/07/24 13:51:09.0565 2544 cdrom

(f036ce71586e93d94dab220d7bdf4416) C:

\Windows\system32\drivers\cdrom.sys

2011/07/24 13:51:09.0774 2544 circlass

(d7cd5c4e1b71fa62050515314cfb52cf) C:

\Windows\system32\DRIVERS\circlass.sys

2011/07/24 13:51:09.0949 2544 CLFS

(fe1ec06f2253f691fe36217c592a0206) C:

\Windows\system32\CLFS.sys

2011/07/24 13:51:10.0205 2544 CmBatt

(0840155d0bddf1190f84a663c284bd33) C:

\Windows\system32\DRIVERS\CmBatt.sys

2011/07/24 13:51:10.0401 2544 cmdide

(e19d3f095812725d88f9001985b94edd) C:

\Windows\system32\drivers\cmdide.sys

2011/07/24 13:51:10.0612 2544 CNG

(d5fea92400f12412b3922087c09da6a5) C:

\Windows\system32\Drivers\cng.sys

2011/07/24 13:51:10.0811 2544

CnxtHdAudService

(d760753a9b2489a317d722133ce67efc) C:

\Windows\system32\drivers\CHDRT64.sys

2011/07/24 13:51:11.0036 2544 Compbatt

(102de219c3f61415f964c88e9085ad14) C:

\Windows\system32\DRIVERS\compbatt.sys

2011/07/24 13:51:11.0244 2544 CompositeBus

(03edb043586cceba243d689bdda370a8) C:

\Windows\system32\drivers\CompositeBus.sys

2011/07/24 13:51:11.0439 2544 crcdisk

(1c827878a998c18847245fe1f34ee597) C:

\Windows\system32\DRIVERS\crcdisk.sys

2011/07/24 13:51:11.0641 2544 CVirtA

(44bddeb03c84a1c993c992ffb5700357) C:

\Windows\system32\DRIVERS\CVirtA64.sys

2011/07/24 13:51:11.0831 2544 CVPNDRVA

(cc8e52daa9826064ba464dbe531f2bb5) C:

\Windows\system32\Drivers\CVPNDRVA.sys

2011/07/24 13:51:12.0267 2544 DfsC

(9bb2ef44eaa163b29c4a4587887a0fe4) C:

\Windows\system32\Drivers\dfsc.sys

2011/07/24 13:51:12.0476 2544 discache

(13096b05847ec78f0977f2c0f79e9ab3) C:

\Windows\system32\drivers\discache.sys

2011/07/24 13:51:12.0679 2544 Disk

(9819eee8b5ea3784ec4af3b137a5244c) C:

\Windows\system32\DRIVERS\disk.sys

2011/07/24 13:51:12.0880 2544 DNE

(05cb5910b3ca6019fc3cca815ee06ffb) C:

\Windows\system32\DRIVERS\dne64x.sys

2011/07/24 13:51:13.0077 2544 Dot4

(b42ed0320c6e41102fde0005154849bb) C:

\Windows\system32\DRIVERS\Dot4.sys

2011/07/24 13:51:13.0288 2544 Dot4Print

(e9f5969233c5d89f3c35e3a66a52a361) C:

\Windows\system32\drivers\Dot4Prt.sys

2011/07/24 13:51:13.0442 2544 dot4usb

(fd05a02b0370bc3000f402e543ca5814) C:

\Windows\system32\DRIVERS\dot4usb.sys

2011/07/24 13:51:13.0669 2544 drmkaud

(9b19f34400d24df84c858a421c205754) C:

\Windows\system32\drivers\drmkaud.sys

2011/07/24 13:51:13.0893 2544 DXGKrnl

(f5bee30450e18e6b83a5012c100616fd) C:

\Windows\System32\drivers\dxgkrnl.sys

2011/07/24 13:51:14.0183 2544 ebdrv

(dc5d737f51be844d8c82c695eb17372f) C:

\Windows\system32\DRIVERS\evbda.sys

2011/07/24 13:51:14.0494 2544 elxstor

(0e5da5369a0fcaea12456dd852545184) C:

\Windows\system32\DRIVERS\elxstor.sys

2011/07/24 13:51:14.0751 2544 ErrDev

(34a3c54752046e79a126e15c51db409b) C:

\Windows\system32\drivers\errdev.sys

2011/07/24 13:51:14.0955 2544 exfat

(a510c654ec00c1e9bdd91eeb3a59823b) C:

\Windows\system32\drivers\exfat.sys

2011/07/24 13:51:15.0141 2544 fastfat

(0adc83218b66a6db380c330836f3e36d) C:

\Windows\system32\drivers\fastfat.sys

2011/07/24 13:51:15.0384 2544 fdc

(d765d19cd8ef61f650c384f62fac00ab) C:

\Windows\system32\DRIVERS\fdc.sys

2011/07/24 13:51:15.0628 2544 FileInfo

(655661be46b5f5f3fd454e2c3095b930) C:

\Windows\system32\drivers\fileinfo.sys

2011/07/24 13:51:15.0833 2544 Filetrace

(5f671ab5bc87eea04ec38a6cd5962a47) C:

\Windows\system32\drivers\filetrace.sys

2011/07/24 13:51:16.0014 2544 flpydisk

(c172a0f53008eaeb8ea33fe10e177af5) C:

\Windows\system32\DRIVERS\flpydisk.sys

2011/07/24 13:51:16.0205 2544 FltMgr

(da6b67270fd9db3697b20fce94950741) C:

\Windows\system32\drivers\fltmgr.sys

2011/07/24 13:51:16.0447 2544 FsDepends

(d43703496149971890703b4b1b723eac) C:

\Windows\system32\drivers\FsDepends.sys

2011/07/24 13:51:16.0637 2544 Fs_Rec

(e95ef8547de20cf0603557c0cf7a9462) C:

\Windows\system32\drivers\Fs_Rec.sys

2011/07/24 13:51:16.0833 2544 fvevol

(1f7b25b858fa27015169fe95e54108ed) C:

\Windows\system32\DRIVERS\fvevol.sys

2011/07/24 13:51:17.0019 2544 gagp30kx

(8c778d335c9d272cfd3298ab02abe3b6) C:

\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/24 13:51:17.0232 2544 GEARAspiWDM

(e403aacf8c7bb11375122d2464560311) C:

\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/24 13:51:17.0497 2544 hcw85cir

(f2523ef6460fc42405b12248338ab2f0) C:

\Windows\system32\drivers\hcw85cir.sys

2011/07/24 13:51:17.0688 2544 HDAudBus

(97bfed39b6b79eb12cddbfeed51f56bb) C:

\Windows\system32\drivers\HDAudBus.sys

2011/07/24 13:51:17.0884 2544 HidBatt

(78e86380454a7b10a5eb255dc44a355f) C:

\Windows\system32\DRIVERS\HidBatt.sys

2011/07/24 13:51:18.0058 2544 HidBth

(7fd2a313f7afe5c4dab14798c48dd104) C:

\Windows\system32\DRIVERS\hidbth.sys

2011/07/24 13:51:18.0231 2544 HidIr

(0a77d29f311b88cfae3b13f9c1a73825) C:

\Windows\system32\DRIVERS\hidir.sys

2011/07/24 13:51:18.0438 2544 HidUsb

(9592090a7e2b61cd582b612b6df70536) C:

\Windows\system32\drivers\hidusb.sys

2011/07/24 13:51:18.0716 2544 HpqKbFiltr

(9af482d058be59cc28bce52e7c4b747c) C:

\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/07/24 13:51:18.0910 2544 HpSAMD

(39d2abcd392f3d8a6dce7b60ae7b8efc) C:

\Windows\system32\drivers\HpSAMD.sys

2011/07/24 13:51:19.0148 2544 HSF_DPV

(26c5d00321937e49b6bc91029947d094) C:

\Windows\system32\DRIVERS\CAX_DPV.sys

2011/07/24 13:51:19.0360 2544 HTTP

(0ea7de1acb728dd5a369fd742d6eee28) C:

\Windows\system32\drivers\HTTP.sys

2011/07/24 13:51:19.0554 2544 hwpolicy

(a5462bd6884960c9dc85ed49d34ff392) C:

\Windows\system32\drivers\hwpolicy.sys

2011/07/24 13:51:19.0746 2544 i8042prt

(fa55c73d4affa7ee23ac4be53b4592d3) C:

\Windows\system32\drivers\i8042prt.sys

2011/07/24 13:51:19.0954 2544 iaStorV

(aaaf44db3bd0b9d1fb6969b23ecc8366) C:

\Windows\system32\drivers\iaStorV.sys

2011/07/24 13:51:20.0390 2544 igfx

(677aa5991026a65ada128c4b59cf2bad) C:

\Windows\system32\DRIVERS\igdkmd64.sys

2011/07/24 13:51:20.0804 2544 iirsp

(5c18831c61933628f5bb0ea2675b9d21) C:

\Windows\system32\DRIVERS\iirsp.sys

2011/07/24 13:51:20.0981 2544

IntcHdmiAddService

(d485d3bd3e2179aa86853a182f70699f) C:

\Windows\system32\drivers\IntcHdmi.sys

2011/07/24 13:51:21.0178 2544 intelide

(f00f20e70c6ec3aa366910083a0518aa) C:

\Windows\system32\drivers\intelide.sys

2011/07/24 13:51:21.0375 2544 intelppm

(ada036632c664caa754079041cf1f8c1) C:

\Windows\system32\DRIVERS\intelppm.sys

2011/07/24 13:51:21.0587 2544

IpFilterDriver

(c9f0e1bd74365a8771590e9008d22ab6) C:

\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/24 13:51:21.0771 2544 IPMIDRV

(0fc1aea580957aa8817b8f305d18ca3a) C:

\Windows\system32\drivers\IPMIDrv.sys

2011/07/24 13:51:21.0931 2544 IPNAT

(af9b39a7e7b6caa203b3862582e9f2d0) C:

\Windows\system32\drivers\ipnat.sys

2011/07/24 13:51:22.0132 2544 IRENUM

(3abf5e7213eb28966d55d58b515d5ce9) C:

\Windows\system32\drivers\irenum.sys

2011/07/24 13:51:22.0492 2544 isapnp

(2f7b28dc3e1183e5eb418df55c204f38) C:

\Windows\system32\drivers\isapnp.sys

2011/07/24 13:51:22.0939 2544 iScsiPrt

(d931d7309deb2317035b07c9f9e6b0bd) C:

\Windows\system32\drivers\msiscsi.sys

2011/07/24 13:51:23.0149 2544 kbdclass

(bc02336f1cba7dcc7d1213bb588a68a5) C:

\Windows\system32\drivers\kbdclass.sys

2011/07/24 13:51:23.0333 2544 kbdhid

(0705eff5b42a9db58548eec3b26bb484) C:

\Windows\system32\drivers\kbdhid.sys

2011/07/24 13:51:23.0542 2544 KSecDD

(ccd53b5bd33ce0c889e830d839c8b66e) C:

\Windows\system32\Drivers\ksecdd.sys

2011/07/24 13:51:23.0713 2544 KSecPkg

(9ff918a261752c12639e8ad4208d2c2f) C:

\Windows\system32\Drivers\ksecpkg.sys

2011/07/24 13:51:23.0907 2544 ksthunk

(6869281e78cb31a43e969f06b57347c4) C:

\Windows\system32\drivers\ksthunk.sys

2011/07/24 13:51:24.0130 2544 lltdio

(1538831cf8ad2979a04c423779465827) C:

\Windows\system32\DRIVERS\lltdio.sys

2011/07/24 13:51:24.0328 2544 LSI_FC

(1a93e54eb0ece102495a51266dcdb6a6) C:

\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/24 13:51:24.0537 2544 LSI_SAS

(1047184a9fdc8bdbff857175875ee810) C:

\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/24 13:51:24.0722 2544 LSI_SAS2

(30f5c0de1ee8b5bc9306c1f0e4a75f93) C:

\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/24 13:51:24.0938 2544 LSI_SCSI

(0504eacaff0d3c8aed161c4b0d369d4a) C:

\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/24 13:51:25.0109 2544 luafv

(43d0f98e1d56ccddb0d5254cff7b356e) C:

\Windows\system32\drivers\luafv.sys

2011/07/24 13:51:25.0314 2544 mdmxsdk

(e4f44ec214b3e381e1fc844a02926666) C:

\Windows\system32\DRIVERS\mdmxsdk.sys

2011/07/24 13:51:25.0493 2544 megasas

(a55805f747c6edb6a9080d7c633bd0f4) C:

\Windows\system32\DRIVERS\megasas.sys

2011/07/24 13:51:25.0669 2544 MegaSR

(baf74ce0072480c3b6b7c13b2a94d6b3) C:

\Windows\system32\DRIVERS\MegaSR.sys

2011/07/24 13:51:25.0866 2544 Modem

(800ba92f7010378b09f9ed9270f07137) C:

\Windows\system32\drivers\modem.sys

2011/07/24 13:51:26.0055 2544 monitor

(b03d591dc7da45ece20b3b467e6aadaa) C:

\Windows\system32\DRIVERS\monitor.sys

2011/07/24 13:51:26.0245 2544 mouclass

(7d27ea49f3c1f687d357e77a470aea99) C:

\Windows\system32\drivers\mouclass.sys

2011/07/24 13:51:26.0444 2544 mouhid

(d3bf052c40b0c4166d9fd86a4288c1e6) C:

\Windows\system32\DRIVERS\mouhid.sys

2011/07/24 13:51:26.0627 2544 mountmgr

(32e7a3d591d671a6df2db515a5cbe0fa) C:

\Windows\system32\drivers\mountmgr.sys

2011/07/24 13:51:26.0815 2544 MpFilter

(e6ba8e5a4a871899e23d64573ef58ee9) C:

\Windows\system32\DRIVERS\MpFilter.sys

2011/07/24 13:51:26.0993 2544 mpio

(a44b420d30bd56e145d6a2bc8768ec58) C:

\Windows\system32\drivers\mpio.sys

2011/07/24 13:51:27.0221 2544 MpNWMon

(98b09a4f2c462441030b83a80a3f6fb3) C:

\Windows\system32\DRIVERS\MpNWMon.sys

2011/07/24 13:51:27.0390 2544 mpsdrv

(6c38c9e45ae0ea2fa5e551f2ed5e978f) C:

\Windows\system32\drivers\mpsdrv.sys

2011/07/24 13:51:27.0590 2544 MRxDAV

(dc722758b8261e1abafd31a3c0a66380) C:

\Windows\system32\drivers\mrxdav.sys

2011/07/24 13:51:27.0766 2544 mrxsmb

(a5d9106a73dc88564c825d317cac68ac) C:

\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/24 13:51:28.0087 2544 mrxsmb10

(2086d463bd371d8a37d153897430916d) C:

\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/24 13:51:28.0185 2544 mrxsmb20

(9423e9d355c8d303e76b8cfbd8a5c30c) C:

\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/24 13:51:28.0367 2544 msahci

(c25f0bafa182cbca2dd3c851c2e75796) C:

\Windows\system32\drivers\msahci.sys

2011/07/24 13:51:28.0554 2544 msdsm

(db801a638d011b9633829eb6f663c900) C:

\Windows\system32\drivers\msdsm.sys

2011/07/24 13:51:28.0767 2544 Msfs

(aa3fb40e17ce1388fa1bedab50ea8f96) C:

\Windows\system32\drivers\Msfs.sys

2011/07/24 13:51:28.0953 2544 mshidkmdf

(f9d215a46a8b9753f61767fa72a20326) C:

\Windows\System32\drivers\mshidkmdf.sys

2011/07/24 13:51:29.0134 2544 msisadrv

(d916874bbd4f8b07bfb7fa9b3ccae29d) C:

\Windows\system32\drivers\msisadrv.sys

2011/07/24 13:51:29.0352 2544 MSKSSRV

(49ccf2c4fea34ffad8b1b59d49439366) C:

\Windows\system32\drivers\MSKSSRV.sys

2011/07/24 13:51:29.0569 2544 MSPCLOCK

(bdd71ace35a232104ddd349ee70e1ab3) C:

\Windows\system32\drivers\MSPCLOCK.sys

2011/07/24 13:51:29.0761 2544 MSPQM

(4ed981241db27c3383d72092b618a1d0) C:

\Windows\system32\drivers\MSPQM.sys

2011/07/24 13:51:29.0953 2544 MsRPC

(759a9eeb0fa9ed79da1fb7d4ef78866d) C:

\Windows\system32\drivers\MsRPC.sys

2011/07/24 13:51:30.0148 2544 mssmbios

(0eed230e37515a0eaee3c2e1bc97b288) C:

\Windows\system32\drivers\mssmbios.sys

2011/07/24 13:51:30.0334 2544 MSTEE

(2e66f9ecb30b4221a318c92ac2250779) C:

\Windows\system32\drivers\MSTEE.sys

2011/07/24 13:51:30.0508 2544 MTConfig

(7ea404308934e675bffde8edf0757bcd) C:

\Windows\system32\DRIVERS\MTConfig.sys

2011/07/24 13:51:30.0694 2544 Mup

(f9a18612fd3526fe473c1bda678d61c8) C:

\Windows\system32\Drivers\mup.sys

2011/07/24 13:51:30.0883 2544 NativeWifiP

(1ea3749c4114db3e3161156ffffa6b33) C:

\Windows\system32\DRIVERS\nwifi.sys

2011/07/24 13:51:31.0098 2544 NDIS

(79b47fd40d9a817e932f9d26fac0a81c) C:

\Windows\system32\drivers\ndis.sys

2011/07/24 13:51:31.0300 2544 NdisCap

(9f9a1f53aad7da4d6fef5bb73ab811ac) C:

\Windows\system32\DRIVERS\ndiscap.sys

2011/07/24 13:51:31.0496 2544 NdisTapi

(30639c932d9fef22b31268fe25a1b6e5) C:

\Windows\system32\DRIVERS\ndistapi.sys

2011/07/24 13:51:31.0685 2544 Ndisuio

(136185f9fb2cc61e573e676aa5402356) C:

\Windows\system32\DRIVERS\ndisuio.sys

2011/07/24 13:51:31.0869 2544 NdisWan

(53f7305169863f0a2bddc49e116c2e11) C:

\Windows\system32\DRIVERS\ndiswan.sys

2011/07/24 13:51:32.0070 2544 NDProxy

(015c0d8e0e0421b4cfd48cffe2825879) C:

\Windows\system32\drivers\NDProxy.sys

2011/07/24 13:51:32.0272 2544 NetBIOS

(86743d9f5d2b1048062b14b1d84501c4) C:

\Windows\system32\DRIVERS\netbios.sys

2011/07/24 13:51:32.0457 2544 NetBT

(09594d1089c523423b32a4229263f068) C:

\Windows\system32\DRIVERS\netbt.sys

2011/07/24 13:51:32.0677 2544 nfrd960

(77889813be4d166cdab78ddba990da92) C:

\Windows\system32\DRIVERS\nfrd960.sys

2011/07/24 13:51:32.0894 2544 NisDrv

(3713e8452b88d3e0be095e06b6fbc776) C:

\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/07/24 13:51:33.0095 2544 Npfs

(1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:

\Windows\system32\drivers\Npfs.sys

2011/07/24 13:51:33.0343 2544 nsiproxy

(e7f5ae18af4168178a642a9247c63001) C:

\Windows\system32\drivers\nsiproxy.sys

2011/07/24 13:51:33.0577 2544 Ntfs

(a2f74975097f52a00745f9637451fdd8) C:

\Windows\system32\drivers\Ntfs.sys

2011/07/24 13:51:33.0766 2544 Null

(9899284589f75fa8724ff3d16aed75c1) C:

\Windows\system32\drivers\Null.sys

2011/07/24 13:51:33.0959 2544 nvraid

(0a92cb65770442ed0dc44834632f66ad) C:

\Windows\system32\drivers\nvraid.sys

2011/07/24 13:51:34.0137 2544 nvstor

(dab0e87525c10052bf65f06152f37e4a) C:

\Windows\system32\drivers\nvstor.sys

2011/07/24 13:51:34.0352 2544 nv_agp

(270d7cd42d6e3979f6dd0146650f0e05) C:

\Windows\system32\drivers\nv_agp.sys

2011/07/24 13:51:34.0526 2544 ohci1394

(3589478e4b22ce21b41fa1bfc0b8b8a0) C:

\Windows\system32\drivers\ohci1394.sys

2011/07/24 13:51:34.0742 2544 Parport

(0086431c29c35be1dbc43f52cc273887) C:

\Windows\system32\DRIVERS\parport.sys

2011/07/24 13:51:34.0924 2544 partmgr

(871eadac56b0a4c6512bbe32753ccf79) C:

\Windows\system32\drivers\partmgr.sys

2011/07/24 13:51:35.0111 2544 pci

(94575c0571d1462a0f70bde6bd6ee6b3) C:

\Windows\system32\drivers\pci.sys

2011/07/24 13:51:35.0306 2544 pciide

(b5b8b5ef2e5cb34df8dcf8831e3534fa) C:

\Windows\system32\drivers\pciide.sys

2011/07/24 13:51:35.0484 2544 pcmcia

(b2e81d4e87ce48589f98cb8c05b01f2f) C:

\Windows\system32\DRIVERS\pcmcia.sys

2011/07/24 13:51:35.0662 2544 pcw

(d6b9c2e1a11a3a4b26a182ffef18f603) C:

\Windows\system32\drivers\pcw.sys

2011/07/24 13:51:35.0851 2544 PEAUTH

(68769c3356b3be5d1c732c97b9a80d6e) C:

\Windows\system32\drivers\peauth.sys

2011/07/24 13:51:36.0154 2544 PptpMiniport

(f92a2c41117a11a00be01ca01a7fcde9) C:

\Windows\system32\DRIVERS\raspptp.sys

2011/07/24 13:51:36.0333 2544 Processor

(0d922e23c041efb1c3fac2a6f943c9bf) C:

\Windows\system32\DRIVERS\processr.sys

2011/07/24 13:51:36.0537 2544 Psched

(0557cf5a2556bd58e26384169d72438d) C:

\Windows\system32\DRIVERS\pacer.sys

2011/07/24 13:51:36.0749 2544 ql2300

(a53a15a11ebfd21077463ee2c7afeef0) C:

\Windows\system32\DRIVERS\ql2300.sys

2011/07/24 13:51:36.0934 2544 ql40xx

(4f6d12b51de1aaeff7dc58c4d75423c8) C:

\Windows\system32\DRIVERS\ql40xx.sys

2011/07/24 13:51:37.0132 2544 QWAVEdrv

(76707bb36430888d9ce9d705398adb6c) C:

\Windows\system32\drivers\qwavedrv.sys

2011/07/24 13:51:37.0310 2544 RasAcd

(5a0da8ad5762fa2d91678a8a01311704) C:

\Windows\system32\DRIVERS\rasacd.sys

2011/07/24 13:51:37.0501 2544 RasAgileVpn

(7ecff9b22276b73f43a99a15a6094e90) C:

\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/24 13:51:37.0708 2544 Rasl2tp

(471815800ae33e6f1c32fb1b97c490ca) C:

\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/24 13:51:37.0911 2544 RasPppoe

(855c9b1cd4756c5e9a2aa58a15f58c25) C:

\Windows\system32\DRIVERS\raspppoe.sys

2011/07/24 13:51:38.0093 2544 RasSstp

(e8b1e447b008d07ff47d016c2b0eeecb) C:

\Windows\system32\DRIVERS\rassstp.sys

2011/07/24 13:51:38.0306 2544 rdbss

(77f665941019a1594d887a74f301fa2f) C:

\Windows\system32\DRIVERS\rdbss.sys

2011/07/24 13:51:38.0497 2544 rdpbus

(302da2a0539f2cf54d7c6cc30c1f2d8d) C:

\Windows\system32\DRIVERS\rdpbus.sys

2011/07/24 13:51:38.0675 2544 RDPCDD

(cea6cc257fc9b7715f1c2b4849286d24) C:

\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/24 13:51:38.0880 2544 RDPENCDD

(bb5971a4f00659529a5c44831af22365) C:

\Windows\system32\drivers\rdpencdd.sys

2011/07/24 13:51:39.0055 2544 RDPREFMP

(216f3fa57533d98e1f74ded70113177a) C:

\Windows\system32\drivers\rdprefmp.sys

2011/07/24 13:51:39.0121 2544 RDPWD

(15b66c206b5cb095bab980553f38ed23) C:

\Windows\system32\drivers\RDPWD.sys

2011/07/24 13:51:39.0332 2544 rdyboost

(34ed295fa0121c241bfef24764fc4520) C:

\Windows\system32\drivers\rdyboost.sys

2011/07/24 13:51:39.0560 2544 rspndr

(ddc86e4f8e7456261e637e3552e804ff) C:

\Windows\system32\DRIVERS\rspndr.sys

2011/07/24 13:51:39.0805 2544 RSUSBSTOR

(2db8116d52b19216812c4e6d5d837810) C:

\Windows\system32\Drivers\RtsUStor.sys

2011/07/24 13:51:40.0006 2544 RTL8169

(dfadcae64aebe2c67da9cd2ae74ccde5) C:

\Windows\system32\DRIVERS\Rtlh64.sys

2011/07/24 13:51:40.0200 2544 RTSTOR

(4ad8464fece8ebe276d4a7d75e418452) C:

\Windows\system32\drivers\RTSTOR64.SYS

2011/07/24 13:51:40.0561 2544 sbp2port

(ac03af3329579fffb455aa2daabbe22b) C:

\Windows\system32\drivers\sbp2port.sys

2011/07/24 13:51:40.0745 2544 scfilter

(253f38d0d7074c02ff8deb9836c97d2b) C:

\Windows\system32\DRIVERS\scfilter.sys

2011/07/24 13:51:40.0987 2544 secdrv

(3ea8a16169c26afbeb544e0e48421186) C:

\Windows\system32\drivers\secdrv.sys

2011/07/24 13:51:41.0201 2544 Serenum

(cb624c0035412af0debec78c41f5ca1b) C:

\Windows\system32\DRIVERS\serenum.sys

2011/07/24 13:51:41.0247 2544 Serial

(c1d8e28b2c2adfaec4ba89e9fda69bd6) C:

\Windows\system32\DRIVERS\serial.sys

2011/07/24 13:51:41.0416 2544 sermouse

(1c545a7d0691cc4a027396535691c3e3) C:

\Windows\system32\DRIVERS\sermouse.sys

2011/07/24 13:51:41.0630 2544 sffdisk

(a554811bcd09279536440c964ae35bbf) C:

\Windows\system32\drivers\sffdisk.sys

2011/07/24 13:51:41.0813 2544 sffp_mmc

(ff414f0baefeba59bc6c04b3db0b87bf) C:

\Windows\system32\drivers\sffp_mmc.sys

2011/07/24 13:51:41.0993 2544 sffp_sd

(dd85b78243a19b59f0637dcf284da63c) C:

\Windows\system32\drivers\sffp_sd.sys

2011/07/24 13:51:42.0168 2544 sfloppy

(a9d601643a1647211a1ee2ec4e433ff4) C:

\Windows\system32\DRIVERS\sfloppy.sys

2011/07/24 13:51:42.0367 2544 SiSRaid2

(843caf1e5fde1ffd5ff768f23a51e2e1) C:

\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/24 13:51:42.0537 2544 SiSRaid4

(6a6c106d42e9ffff8b9fcb4f754f6da4) C:

\Windows\system32\DRIVERS\sisraid4.sys

2011/07/24 13:51:42.0736 2544 Smb

(548260a7b8654e024dc30bf8a7c5baa4) C:

\Windows\system32\DRIVERS\smb.sys

2011/07/24 13:51:42.0965 2544 spldr

(b9e31e5cacdfe584f34f730a677803f9) C:

\Windows\system32\drivers\spldr.sys

2011/07/24 13:51:43.0204 2544 srv

(441fba48bff01fdb9d5969ebc1838f0b) C:

\Windows\system32\DRIVERS\srv.sys

2011/07/24 13:51:43.0449 2544 srv2

(b4adebbf5e3677cce9651e0f01f7cc28) C:

\Windows\system32\DRIVERS\srv2.sys

2011/07/24 13:51:43.0685 2544 srvnet

(27e461f0be5bff5fc737328f749538c3) C:

\Windows\system32\DRIVERS\srvnet.sys

2011/07/24 13:51:43.0893 2544 stexstor

(f3817967ed533d08327dc73bc4d5542a) C:

\Windows\system32\DRIVERS\stexstor.sys

2011/07/24 13:51:44.0090 2544 swenum

(d01ec09b6711a5f8e7e6564a4d0fbc90) C:

\Windows\system32\drivers\swenum.sys

2011/07/24 13:51:44.0325 2544 SynTP

(bcf305959b53b200ceb2ad25ad22f8a7) C:

\Windows\system32\DRIVERS\SynTP.sys

2011/07/24 13:51:44.0598 2544 Tcpip

(92ce29d95ac9dd2d0ee9061d551ba250) C:

\Windows\system32\drivers\tcpip.sys

2011/07/24 13:51:44.0860 2544 TCPIP6

(92ce29d95ac9dd2d0ee9061d551ba250) C:

\Windows\system32\DRIVERS\tcpip.sys

2011/07/24 13:51:45.0056 2544 tcpipreg

(df687e3d8836bfb04fcc0615bf15a519) C:

\Windows\system32\drivers\tcpipreg.sys

2011/07/24 13:51:45.0246 2544 TDPIPE

(3371d21011695b16333a3934340c4e7c) C:

\Windows\system32\drivers\tdpipe.sys

2011/07/24 13:51:45.0430 2544 TDTCP

(e4245bda3190a582d55ed09e137401a9) C:

\Windows\system32\drivers\tdtcp.sys

2011/07/24 13:51:45.0604 2544 tdx

(ddad5a7ab24d8b65f8d724f5c20fd806) C:

\Windows\system32\DRIVERS\tdx.sys

2011/07/24 13:51:45.0792 2544 TermDD

(561e7e1f06895d78de991e01dd0fb6e5) C:

\Windows\system32\drivers\termdd.sys

2011/07/24 13:51:46.0014 2544 tssecsrv

(ce18b2cdfc837c99e5fae9ca6cba5d30) C:

\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/24 13:51:46.0268 2544 TsUsbFlt

(d11c783e3ef9a3c52c0ebe83cc5000e9) C:

\Windows\system32\drivers\tsusbflt.sys

2011/07/24 13:51:46.0465 2544 tunnel

(3566a8daafa27af944f5d705eaa64894) C:

\Windows\system32\DRIVERS\tunnel.sys

2011/07/24 13:51:46.0634 2544 uagp35

(b4dd609bd7e282bfc683cec7eaaaad67) C:

\Windows\system32\DRIVERS\uagp35.sys

2011/07/24 13:51:46.0809 2544 udfs

(ff4232a1a64012baa1fd97c7b67df593) C:

\Windows\system32\DRIVERS\udfs.sys

2011/07/24 13:51:47.0032 2544 uliagpkx

(4bfe1bc28391222894cbf1e7d0e42320) C:

\Windows\system32\drivers\uliagpkx.sys

2011/07/24 13:51:47.0244 2544 umbus

(dc54a574663a895c8763af0fa1ff7561) C:

\Windows\system32\drivers\umbus.sys

2011/07/24 13:51:47.0449 2544 UmPass

(b2e8e8cb557b156da5493bbddcc1474d) C:

\Windows\system32\DRIVERS\umpass.sys

2011/07/24 13:51:47.0622 2544 USBAAPL64

(f724b03c3dfaacf08d17d38bf3333583) C:

\Windows\system32\Drivers\usbaapl64.sys

2011/07/24 13:51:47.0817 2544 usbaudio

(82e8f44688e6fac57b5b7c6fc7adbc2a) C:

\Windows\system32\drivers\usbaudio.sys

2011/07/24 13:51:48.0002 2544 usbccgp

(6f1a3157a1c89435352ceb543cdb359c) C:

\Windows\system32\DRIVERS\usbccgp.sys

2011/07/24 13:51:48.0358 2544 usbcir

(af0892a803fdda7492f595368e3b68e7) C:

\Windows\system32\drivers\usbcir.sys

2011/07/24 13:51:48.0508 2544 usbehci

(c025055fe7b87701eb042095df1a2d7b) C:

\Windows\system32\DRIVERS\usbehci.sys

2011/07/24 13:51:48.0930 2544 usbhub

(287c6c9410b111b68b52ca298f7b8c24) C:

\Windows\system32\DRIVERS\usbhub.sys

2011/07/24 13:51:49.0118 2544 usbohci

(9840fc418b4cbd632d3d0a667a725c31) C:

\Windows\system32\drivers\usbohci.sys

2011/07/24 13:51:49.0319 2544 usbprint

(73188f58fb384e75c4063d29413cee3d) C:

\Windows\system32\DRIVERS\usbprint.sys

2011/07/24 13:51:49.0496 2544 usbscan

(aaa2513c8aed8b54b189fd0c6b1634c0) C:

\Windows\system32\DRIVERS\usbscan.sys

2011/07/24 13:51:49.0695 2544 USBSTOR

(fed648b01349a3c8395a5169db5fb7d6) C:

\Windows\system32\drivers\USBSTOR.SYS

2011/07/24 13:51:49.0870 2544 usbuhci

(62069a34518bcf9c1fd9e74b3f6db7cd) C:

\Windows\system32\DRIVERS\usbuhci.sys

2011/07/24 13:51:50.0099 2544 usbvideo

(454800c2bc7f3927ce030141ee4f4c50) C:

\Windows\System32\Drivers\usbvideo.sys

2011/07/24 13:51:50.0307 2544 vdrvroot

(c5c876ccfc083ff3b128f933823e87bd) C:

\Windows\system32\drivers\vdrvroot.sys

2011/07/24 13:51:50.0508 2544 vga

(da4da3f5e02943c2dc8c6ed875de68dd) C:

\Windows\system32\DRIVERS\vgapnp.sys

2011/07/24 13:51:50.0683 2544 VgaSave

(53e92a310193cb3c03bea963de7d9cfc) C:

\Windows\System32\drivers\vga.sys

2011/07/24 13:51:50.0867 2544 vhdmp

(2ce2df28c83aeaf30084e1b1eb253cbb) C:

\Windows\system32\drivers\vhdmp.sys

2011/07/24 13:51:51.0063 2544 viaide

(e5689d93ffe4e5d66c0178761240dd54) C:

\Windows\system32\drivers\viaide.sys

2011/07/24 13:51:51.0246 2544 volmgr

(d2aafd421940f640b407aefaaebd91b0) C:

\Windows\system32\drivers\volmgr.sys

2011/07/24 13:51:51.0445 2544 volmgrx

(a255814907c89be58b79ef2f189b843b) C:

\Windows\system32\drivers\volmgrx.sys

2011/07/24 13:51:51.0634 2544 volsnap

(0d08d2f3b3ff84e433346669b5e0f639) C:

\Windows\system32\drivers\volsnap.sys

2011/07/24 13:51:51.0959 2544 vsmraid

(5e2016ea6ebaca03c04feac5f330d997) C:

\Windows\system32\DRIVERS\vsmraid.sys

2011/07/24 13:51:52.0152 2544 vwifibus

(36d4720b72b5c5d9cb2b9c29e9df67a1) C:

\Windows\system32\DRIVERS\vwifibus.sys

2011/07/24 13:51:52.0350 2544 vwififlt

(6a3d66263414ff0d6fa754c646612f3f) C:

\Windows\system32\DRIVERS\vwififlt.sys

2011/07/24 13:51:52.0552 2544 vwifimp

(6a638fc4bfddc4d9b186c28c91bd1a01) C:

\Windows\system32\DRIVERS\vwifimp.sys

2011/07/24 13:51:52.0738 2544 WacomPen

(4e9440f4f152a7b944cb1663d3935a3e) C:

\Windows\system32\DRIVERS\wacompen.sys

2011/07/24 13:51:52.0952 2544 WANARP

(356afd78a6ed4457169241ac3965230c) C:

\Windows\system32\DRIVERS\wanarp.sys

2011/07/24 13:51:52.0974 2544 Wanarpv6

(356afd78a6ed4457169241ac3965230c) C:

\Windows\system32\DRIVERS\wanarp.sys

2011/07/24 13:51:53.0220 2544 Wd

(72889e16ff12ba0f235467d6091b17dc) C:

\Windows\system32\DRIVERS\wd.sys

2011/07/24 13:51:53.0406 2544 Wdf01000

(441bd2d7b4f98134c3a4f9fa570fd250) C:

\Windows\system32\drivers\Wdf01000.sys

2011/07/24 13:51:53.0630 2544 WfpLwf

(611b23304bf067451a9fdee01fbdd725) C:

\Windows\system32\DRIVERS\wfplwf.sys

2011/07/24 13:51:53.0813 2544 WIMMount

(05ecaec3e4529a7153b3136ceb49f0ec) C:

\Windows\system32\drivers\wimmount.sys

2011/07/24 13:51:53.0984 2544 winachsf

(a6ea7a3fc4b00f48535b506db1e86efd) C:

\Windows\system32\DRIVERS\CAX_CNXT.sys

2011/07/24 13:51:54.0237 2544 WinUsb

(fe88b288356e7b47b74b13372add906d) C:

\Windows\system32\DRIVERS\WinUsb.sys

2011/07/24 13:51:54.0466 2544 WmiAcpi

(f6ff8944478594d0e414d3f048f0d778) C:

\Windows\system32\drivers\wmiacpi.sys

2011/07/24 13:51:54.0688 2544 ws2ifsl

(6bcc1d7d2fd2453957c5479a32364e52) C:

\Windows\system32\drivers\ws2ifsl.sys

2011/07/24 13:51:54.0903 2544 WudfPf

(d3381dc54c34d79b22cee0d65ba91b7c) C:

\Windows\system32\drivers\WudfPf.sys

2011/07/24 13:51:55.0093 2544 WUDFRd

(cf8d590be3373029d57af80914190682) C:

\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/24 13:51:55.0270 2544 XAudio

(e8f3fa126a06f8e7088f63757112a186) C:

\Windows\system32\DRIVERS\xaudio64.sys

2011/07/24 13:51:55.0358 2544 MBR (0x1B8)

(588ae8f0c685c02ba11f30d9cd7e61a0)

\Device\Harddisk0\DR0

2011/07/24 13:51:55.0372 2544 Boot

(0x1200)

(b410517322cccbb166482dfd1dbbaae8) \Device

\Harddisk0\DR0\Partition0

2011/07/24 13:51:55.0422 2544 Boot

(0x1200)

(791513a1631b0ba7fb05bdaecd172504) \Device

\Harddisk0\DR0\Partition1

2011/07/24 13:51:55.0428 2544

============================================

====================================

2011/07/24 13:51:55.0428 2544 Scan

finished

2011/07/24 13:51:55.0428 2544

============================================

====================================

2011/07/24 13:51:55.0444 4752 Detected

object count: 0

2011/07/24 13:51:55.0444 4752 Actual

detected object count: 0

- - - -

And here is

my security check checkup log:

- - -

Results of screen317's Security Check

version 0.99.17

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for

antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

WinPatrol 2009 (Outdated!

Latest version is WinPatrol 2011)

Malwarebytes' Anti-Malware

CCleaner (remove only)

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

WinPatrol winpatrol.exe

Microsoft Security Essentials msseces.exe

BillP Studios WinPatrol WinPatrol.exe

``````````End of Log````````````

- - -

Share this post


Link to post
Share on other sites

Forgot to say, my computer appears to be running fine now, but it was before. The problem is just with the Chase Bank website... which I have been afraid to try logging onto from this computer since.

Share this post


Link to post
Share on other sites

My sincerest apologies for the delay,

I followed the instructions. One question,

though - if I downloaded some of the

programs to my downloads folder (not my

desktop) and ran them from there, is that a

problem?

Yes, it would be a problem. All programs need to be run from the Desktop unless I specifically instruct you to do otherwise ;)

You have Word Wrap selected in your Notepad- could you please open Notepad, click on Format, and uncheck Word Wrap- then, please repost the ComboFix log (C:\ComboFix.txt) :)

Share this post


Link to post
Share on other sites

Sorry, I tend to keep word wrap on - I'll take it off.

Share this post


Link to post
Share on other sites

Okay, here we go.

I re-ran the TTS Killer since I'd originally run that one from a location other than the desktop. Here is the new log:

- - -

2011/07/26 20:13:02.0485 2128 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/26 20:13:03.0094 2128 ================================================================================

2011/07/26 20:13:03.0094 2128 SystemInfo:

2011/07/26 20:13:03.0094 2128

2011/07/26 20:13:03.0094 2128 OS Version: 6.1.7601 ServicePack: 1.0

2011/07/26 20:13:03.0094 2128 Product type: Workstation

2011/07/26 20:13:03.0094 2128 ComputerName: CIERRAS_LAPTOP

2011/07/26 20:13:03.0094 2128 UserName: Kitty

2011/07/26 20:13:03.0094 2128 Windows directory: C:\Windows

2011/07/26 20:13:03.0094 2128 System windows directory: C:\Windows

2011/07/26 20:13:03.0094 2128 Running under WOW64

2011/07/26 20:13:03.0094 2128 Processor architecture: Intel x64

2011/07/26 20:13:03.0094 2128 Number of processors: 2

2011/07/26 20:13:03.0094 2128 Page size: 0x1000

2011/07/26 20:13:03.0094 2128 Boot type: Normal boot

2011/07/26 20:13:03.0094 2128 ================================================================================

2011/07/26 20:13:05.0013 2128 Initialize success

2011/07/26 20:13:11.0362 3984 ================================================================================

2011/07/26 20:13:11.0362 3984 Scan started

2011/07/26 20:13:11.0362 3984 Mode: Manual;

2011/07/26 20:13:11.0362 3984 ================================================================================

2011/07/26 20:13:12.0438 3984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

2011/07/26 20:13:12.0672 3984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

2011/07/26 20:13:12.0859 3984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

2011/07/26 20:13:13.0093 3984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/26 20:13:13.0312 3984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/26 20:13:13.0546 3984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/26 20:13:13.0811 3984 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

2011/07/26 20:13:14.0248 3984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

2011/07/26 20:13:14.0482 3984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

2011/07/26 20:13:14.0669 3984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

2011/07/26 20:13:14.0887 3984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/26 20:13:15.0059 3984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/26 20:13:15.0262 3984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

2011/07/26 20:13:15.0480 3984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/26 20:13:15.0730 3984 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

2011/07/26 20:13:15.0964 3984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

2011/07/26 20:13:16.0260 3984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/07/26 20:13:16.0479 3984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/26 20:13:16.0697 3984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/26 20:13:16.0884 3984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

2011/07/26 20:13:17.0149 3984 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys

2011/07/26 20:13:17.0399 3984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/07/26 20:13:17.0602 3984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/26 20:13:17.0820 3984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/07/26 20:13:18.0054 3984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/26 20:13:18.0304 3984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/26 20:13:18.0491 3984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/26 20:13:18.0725 3984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/26 20:13:18.0928 3984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/07/26 20:13:19.0115 3984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/26 20:13:19.0318 3984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/26 20:13:19.0536 3984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/26 20:13:19.0755 3984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/26 20:13:19.0957 3984 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

2011/07/26 20:13:20.0145 3984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/26 20:13:20.0363 3984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

2011/07/26 20:13:20.0566 3984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/26 20:13:20.0753 3984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/07/26 20:13:21.0003 3984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/26 20:13:21.0205 3984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

2011/07/26 20:13:21.0408 3984 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

2011/07/26 20:13:21.0627 3984 CnxtHdAudService (d760753a9b2489a317d722133ce67efc) C:\Windows\system32\drivers\CHDRT64.sys

2011/07/26 20:13:21.0845 3984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/26 20:13:22.0048 3984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

2011/07/26 20:13:22.0266 3984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/26 20:13:22.0485 3984 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

2011/07/26 20:13:22.0687 3984 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

2011/07/26 20:13:22.0906 3984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

2011/07/26 20:13:23.0124 3984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/07/26 20:13:23.0343 3984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/07/26 20:13:23.0577 3984 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

2011/07/26 20:13:23.0795 3984 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

2011/07/26 20:13:24.0045 3984 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys

2011/07/26 20:13:24.0341 3984 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/07/26 20:13:24.0653 3984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/07/26 20:13:24.0856 3984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/26 20:13:25.0152 3984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/07/26 20:13:25.0433 3984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/26 20:13:25.0683 3984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

2011/07/26 20:13:25.0901 3984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/07/26 20:13:26.0104 3984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/07/26 20:13:26.0307 3984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/26 20:13:26.0525 3984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/07/26 20:13:26.0712 3984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/07/26 20:13:26.0899 3984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/26 20:13:27.0087 3984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

2011/07/26 20:13:27.0321 3984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/07/26 20:13:27.0523 3984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/26 20:13:27.0726 3984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/26 20:13:27.0929 3984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/26 20:13:28.0132 3984 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/07/26 20:13:28.0428 3984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/26 20:13:28.0631 3984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

2011/07/26 20:13:28.0834 3984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/26 20:13:29.0021 3984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/26 20:13:29.0193 3984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/26 20:13:29.0411 3984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

2011/07/26 20:13:29.0723 3984 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/07/26 20:13:29.0941 3984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

2011/07/26 20:13:30.0175 3984 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys

2011/07/26 20:13:30.0409 3984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

2011/07/26 20:13:30.0612 3984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/26 20:13:30.0815 3984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

2011/07/26 20:13:31.0080 3984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

2011/07/26 20:13:31.0501 3984 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/07/26 20:13:31.0891 3984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/26 20:13:32.0079 3984 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys

2011/07/26 20:13:32.0281 3984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

2011/07/26 20:13:32.0484 3984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/26 20:13:32.0687 3984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/26 20:13:32.0890 3984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

2011/07/26 20:13:33.0061 3984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/07/26 20:13:33.0295 3984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/07/26 20:13:33.0483 3984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

2011/07/26 20:13:33.0717 3984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

2011/07/26 20:13:33.0997 3984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

2011/07/26 20:13:34.0231 3984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

2011/07/26 20:13:34.0465 3984 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/26 20:13:34.0699 3984 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/26 20:13:34.0949 3984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/07/26 20:13:35.0261 3984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/26 20:13:35.0526 3984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/26 20:13:35.0745 3984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/26 20:13:35.0947 3984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/26 20:13:36.0213 3984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/26 20:13:36.0415 3984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/07/26 20:13:36.0603 3984 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/07/26 20:13:36.0790 3984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/26 20:13:36.0993 3984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/26 20:13:37.0227 3984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/07/26 20:13:37.0429 3984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/26 20:13:37.0648 3984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

2011/07/26 20:13:37.0851 3984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/26 20:13:38.0053 3984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

2011/07/26 20:13:38.0256 3984 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/07/26 20:13:38.0459 3984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

2011/07/26 20:13:38.0677 3984 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/07/26 20:13:38.0865 3984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/26 20:13:39.0067 3984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

2011/07/26 20:13:39.0270 3984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/26 20:13:39.0473 3984 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/26 20:13:39.0660 3984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/26 20:13:39.0863 3984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

2011/07/26 20:13:40.0050 3984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

2011/07/26 20:13:40.0269 3984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/07/26 20:13:40.0471 3984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/26 20:13:40.0659 3984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

2011/07/26 20:13:40.0893 3984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/26 20:13:41.0111 3984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/26 20:13:41.0345 3984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/07/26 20:13:41.0579 3984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

2011/07/26 20:13:41.0797 3984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

2011/07/26 20:13:42.0000 3984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/07/26 20:13:42.0187 3984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/26 20:13:42.0390 3984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/07/26 20:13:42.0624 3984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/26 20:13:42.0858 3984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

2011/07/26 20:13:43.0077 3984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/26 20:13:43.0279 3984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/26 20:13:43.0482 3984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/26 20:13:43.0732 3984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/26 20:13:43.0935 3984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

2011/07/26 20:13:44.0153 3984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/26 20:13:44.0356 3984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/26 20:13:44.0605 3984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/26 20:13:44.0824 3984 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/07/26 20:13:45.0042 3984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/07/26 20:13:45.0245 3984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/26 20:13:45.0495 3984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

2011/07/26 20:13:45.0713 3984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/07/26 20:13:45.0916 3984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

2011/07/26 20:13:46.0103 3984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

2011/07/26 20:13:46.0353 3984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

2011/07/26 20:13:46.0555 3984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

2011/07/26 20:13:46.0805 3984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/07/26 20:13:47.0008 3984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

2011/07/26 20:13:47.0195 3984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

2011/07/26 20:13:47.0398 3984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

2011/07/26 20:13:47.0585 3984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/26 20:13:47.0772 3984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/07/26 20:13:47.0991 3984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/07/26 20:13:48.0303 3984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/26 20:13:48.0490 3984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/07/26 20:13:48.0724 3984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/26 20:13:48.0942 3984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/26 20:13:49.0145 3984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/26 20:13:49.0348 3984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/26 20:13:49.0566 3984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/26 20:13:49.0816 3984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/26 20:13:50.0034 3984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/26 20:13:50.0253 3984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/26 20:13:50.0455 3984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/26 20:13:50.0658 3984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/26 20:13:50.0861 3984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/26 20:13:51.0033 3984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/26 20:13:51.0267 3984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/26 20:13:51.0454 3984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/26 20:13:51.0703 3984 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

2011/07/26 20:13:51.0937 3984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

2011/07/26 20:13:52.0187 3984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/26 20:13:52.0437 3984 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys

2011/07/26 20:13:52.0655 3984 RTL8169 (dfadcae64aebe2c67da9cd2ae74ccde5) C:\Windows\system32\DRIVERS\Rtlh64.sys

2011/07/26 20:13:52.0858 3984 RTSTOR (4ad8464fece8ebe276d4a7d75e418452) C:\Windows\system32\drivers\RTSTOR64.SYS

2011/07/26 20:13:53.0248 3984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

2011/07/26 20:13:53.0419 3984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/26 20:13:53.0669 3984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/26 20:13:53.0887 3984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/26 20:13:54.0075 3984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/07/26 20:13:54.0277 3984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/26 20:13:54.0496 3984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2011/07/26 20:13:54.0683 3984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2011/07/26 20:13:54.0855 3984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

2011/07/26 20:13:55.0057 3984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/26 20:13:55.0276 3984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/26 20:13:55.0479 3984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/26 20:13:55.0697 3984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/07/26 20:13:55.0931 3984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/07/26 20:13:56.0149 3984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

2011/07/26 20:13:56.0352 3984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/26 20:13:56.0539 3984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/26 20:13:56.0820 3984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/26 20:13:57.0023 3984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

2011/07/26 20:13:57.0273 3984 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys

2011/07/26 20:13:57.0600 3984 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys

2011/07/26 20:13:57.0850 3984 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/26 20:13:58.0068 3984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/26 20:13:58.0271 3984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/07/26 20:13:58.0474 3984 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/07/26 20:13:58.0661 3984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/26 20:13:58.0864 3984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

2011/07/26 20:13:59.0098 3984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/26 20:13:59.0332 3984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

2011/07/26 20:13:59.0581 3984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/26 20:13:59.0769 3984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/26 20:13:59.0971 3984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/26 20:14:00.0205 3984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

2011/07/26 20:14:00.0408 3984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

2011/07/26 20:14:00.0611 3984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/26 20:14:00.0798 3984 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

2011/07/26 20:14:01.0001 3984 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

2011/07/26 20:14:01.0204 3984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/26 20:14:01.0578 3984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

2011/07/26 20:14:01.0765 3984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/26 20:14:01.0999 3984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/26 20:14:02.0202 3984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

2011/07/26 20:14:02.0436 3984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/26 20:14:02.0623 3984 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/07/26 20:14:02.0811 3984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

2011/07/26 20:14:03.0013 3984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/26 20:14:03.0232 3984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

2011/07/26 20:14:03.0481 3984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

2011/07/26 20:14:03.0700 3984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/26 20:14:03.0903 3984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/07/26 20:14:04.0090 3984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

2011/07/26 20:14:04.0293 3984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

2011/07/26 20:14:04.0495 3984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

2011/07/26 20:14:04.0698 3984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

2011/07/26 20:14:04.0885 3984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

2011/07/26 20:14:05.0229 3984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/26 20:14:05.0431 3984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/26 20:14:05.0665 3984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/26 20:14:05.0884 3984 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/07/26 20:14:06.0102 3984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/26 20:14:06.0336 3984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/26 20:14:06.0352 3984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/26 20:14:06.0617 3984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/07/26 20:14:06.0991 3984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/26 20:14:07.0257 3984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/26 20:14:07.0444 3984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/07/26 20:14:07.0631 3984 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

2011/07/26 20:14:07.0896 3984 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/26 20:14:08.0130 3984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

2011/07/26 20:14:08.0364 3984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/26 20:14:08.0583 3984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

2011/07/26 20:14:08.0785 3984 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/26 20:14:08.0957 3984 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\xaudio64.sys

2011/07/26 20:14:09.0051 3984 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0

2011/07/26 20:14:09.0066 3984 Boot (0x1200) (b410517322cccbb166482dfd1dbbaae8) \Device\Harddisk0\DR0\Partition0

2011/07/26 20:14:09.0113 3984 Boot (0x1200) (791513a1631b0ba7fb05bdaecd172504) \Device\Harddisk0\DR0\Partition1

2011/07/26 20:14:09.0113 3984 ================================================================================

2011/07/26 20:14:09.0113 3984 Scan finished

2011/07/26 20:14:09.0113 3984 ================================================================================

2011/07/26 20:14:09.0129 0548 Detected object count: 0

2011/07/26 20:14:09.0129 0548 Actual detected object count: 0

2011/07/26 20:14:43.0762 3524 Deinitialize success

- - -

Here is the combo fix log without word wrap:

- - -

ComboFix 11-07-24.03 - Kitty 07/24/2011 21:21:59.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2412 [GMT -7:00]

Running from: c:\users\Kitty\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))

.

.

2011-07-25 04:56 . 2011-07-25 04:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-07-25 04:56 . 2011-07-25 04:56 -------- d-----w- c:\users\dadmin\AppData\Local\temp

2011-07-25 04:19 . 2011-07-25 04:20 -------- d-----w- C:\32788R22FWJFW

2011-07-24 20:37 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD3E8461-564A-48B9-80CE-720AA8E5192B}\mpengine.dll

2011-07-13 02:02 . 2011-06-03 06:44 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-13 02:01 . 2011-06-03 06:57 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-05 07:29 . 2011-07-05 07:29 -------- d-----w- c:\windows\system32\SPReview

2011-07-05 07:22 . 2011-07-05 07:22 -------- d-----w- c:\windows\system32\EventProviders

2011-07-04 17:31 . 2011-07-04 17:31 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-07-04 17:31 . 2011-07-04 17:31 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-07-04 05:15 . 2011-07-04 05:15 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-03 07:08 . 2010-11-20 13:27 3860992 ----a-w- c:\windows\system32\UIRibbon.dll

2011-07-03 07:07 . 2010-11-20 13:27 409600 ----a-w- c:\windows\system32\photowiz.dll

2011-07-03 07:06 . 2010-11-20 13:27 624128 ----a-w- c:\windows\system32\qedit.dll

2011-07-03 07:05 . 2010-11-20 13:26 37376 ----a-w- c:\windows\system32\iscsium.dll

2011-07-03 07:04 . 2010-11-20 13:25 102912 ----a-w- c:\program files\Windows Media Player\wmpshare.exe

2011-07-03 07:03 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll

2011-07-03 07:03 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll

2011-07-03 07:03 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll

2011-07-03 07:03 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll

2011-07-03 06:58 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-07-03 06:58 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2011-07-03 06:58 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2011-07-03 06:58 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll

2011-07-03 06:58 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe

2011-07-03 06:56 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll

2011-07-03 06:56 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-07 02:52 . 2009-08-09 19:54 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-07-07 02:52 . 2009-08-09 19:54 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-05 07:44 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-07-05 07:44 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-07 17:10 . 2010-08-24 05:20 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-06-03 05:57 . 2011-07-13 02:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-05-28 03:30 . 2011-06-17 03:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-28 02:53 . 2011-06-17 03:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-05-03 05:29 . 2011-06-17 03:14 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-05-03 04:30 . 2011-06-17 03:14 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-04-29 03:06 . 2011-06-17 03:14 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-29 03:05 . 2011-06-17 03:14 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-29 03:05 . 2011-06-17 03:14 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-27 02:40 . 2011-06-17 03:16 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-27 02:39 . 2011-06-17 03:16 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-27 02:39 . 2011-06-17 03:16 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeUpdater"="c:\program files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe" [2007-04-04 970752]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-01 136176]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-01 136176]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-10-06 365952]

S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - AvgTdiA

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-01 07:44]

.

2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-01 07:44]

.

2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3398980415-734378812-3893664885-1000Core.job

- c:\users\Kitty\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-04 07:44]

.

2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3398980415-734378812-3893664885-1000UA.job

- c:\users\Kitty\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-04 07:44]

.

2011-07-25 c:\windows\Tasks\HPCeeScheduleFordadmin.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]

.

2011-07-25 c:\windows\Tasks\HPCeeScheduleForKitty.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Kitty\AppData\Roaming\Mozilla\Firefox\Profiles\4zjc8eq6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.goodsearch.com/?charityid=812192

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2011-07-24 22:09:07 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-25 05:09

.

Pre-Run: 44,131,758,080 bytes free

Post-Run: 45,041,577,984 bytes free

.

- - End Of File - - E4C32F9D26C4B181B9628ECE60F9E274

- - -

And here is my security check checkup log again in case you need it:

- - -

Results of screen317's Security Check version 0.99.17

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

WinPatrol 2009 (Outdated! Latest version is WinPatrol 2011)

Malwarebytes' Anti-Malware

CCleaner (remove only)

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

WinPatrol winpatrol.exe

Microsoft Security Essentials msseces.exe

BillP Studios WinPatrol WinPatrol.exe

``````````End of Log````````````

- - -

Share this post


Link to post
Share on other sites

Let's run the following scans to give us a better look ;):

Please do the following:

  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

----------

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

----------

Please include the aswMBR log and MBR.dat Zip File, as well as the MBRCheck log in your next reply ;)

Share this post


Link to post
Share on other sites

aswMBR wanted me to download Avast! but I didn't since you didn't say to. Should I?

aswMBR log:

-----

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software

Run date: 2011-07-28 10:21:20

-----------------------------

10:21:20.782 OS Version: Windows x64 6.1.7601 Service Pack 1

10:21:20.782 Number of processors: 2 586 0x170A

10:21:20.783 ComputerName: CIERRAS_LAPTOP UserName: Kitty

10:21:21.957 Initialize success

10:22:22.314 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

10:22:22.318 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 11

10:22:22.349 Disk 0 MBR read successfully

10:22:22.353 Disk 0 MBR scan

10:22:22.361 Disk 0 unknown MBR code

10:22:22.367 Service scanning

10:22:24.176 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

10:22:25.258 Modules scanning

10:22:25.265 Disk 0 trace - called modules:

10:22:25.371 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

10:22:25.378 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048f8060]

10:22:25.386 3 CLASSPNP.SYS[fffff8800199243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800472a060]

10:22:25.393 Scan finished successfully

10:24:25.940 Disk 0 MBR has been saved successfully to "C:\Users\Kitty\Desktop\7-18-11_virus stuff\MBR.dat"

10:24:25.951 The log file has been saved successfully to "C:\Users\Kitty\Desktop\7-18-11_virus stuff\aswMBR.txt"

-----

MBR Check log:

-----

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Wistron

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP G60 Notebook PC

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 192):

0x03009000 \SystemRoot\system32\ntoskrnl.exe

0x035F2000 \SystemRoot\system32\hal.dll

0x00BA2000 \SystemRoot\system32\kdcom.dll

0x00C75000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CC4000 \SystemRoot\system32\PSHED.dll

0x00CD8000 \SystemRoot\system32\CLFS.SYS

0x00D36000 \SystemRoot\system32\CI.dll

0x00EB8000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F5C000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F6B000 \SystemRoot\system32\drivers\ACPI.sys

0x00FC2000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00FCB000 \SystemRoot\system32\drivers\msisadrv.sys

0x00E00000 \SystemRoot\system32\drivers\pci.sys

0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00E40000 \SystemRoot\System32\drivers\partmgr.sys

0x00E55000 \SystemRoot\system32\drivers\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E6A000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00E73000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys

0x00E99000 \SystemRoot\system32\drivers\atapi.sys

0x00FD5000 \SystemRoot\system32\drivers\ataport.SYS

0x00EA2000 \SystemRoot\system32\drivers\msahci.sys

0x00C5C000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x00EAD000 \SystemRoot\system32\drivers\amdxata.sys

0x01060000 \SystemRoot\system32\drivers\fltmgr.sys

0x010AC000 \SystemRoot\system32\drivers\fileinfo.sys

0x0125C000 \SystemRoot\System32\Drivers\Ntfs.sys

0x010C0000 \SystemRoot\System32\Drivers\msrpc.sys

0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0111E000 \SystemRoot\System32\Drivers\cng.sys

0x0121B000 \SystemRoot\System32\drivers\pcw.sys

0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01486000 \SystemRoot\system32\drivers\ndis.sys

0x01579000 \SystemRoot\system32\drivers\NETIO.SYS

0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x0164A000 \SystemRoot\System32\drivers\tcpip.sys

0x0184E000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01898000 \SystemRoot\system32\drivers\volsnap.sys

0x018E4000 \SystemRoot\System32\Drivers\spldr.sys

0x018EC000 \SystemRoot\System32\drivers\rdyboost.sys

0x01926000 \SystemRoot\System32\Drivers\mup.sys

0x01938000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01941000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x0197B000 \SystemRoot\system32\DRIVERS\disk.sys

0x01991000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x019CF000 \SystemRoot\system32\drivers\cdrom.sys

0x01600000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x01631000 \SystemRoot\System32\Drivers\Null.SYS

0x0163A000 \SystemRoot\System32\Drivers\Beep.SYS

0x019C1000 \SystemRoot\System32\drivers\vga.sys

0x0142B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01450000 \SystemRoot\System32\drivers\watchdog.sys

0x01641000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x01460000 \SystemRoot\system32\drivers\rdpencdd.sys

0x01469000 \SystemRoot\system32\drivers\rdprefmp.sys

0x01472000 \SystemRoot\System32\Drivers\Msfs.SYS

0x015D9000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01236000 \SystemRoot\system32\DRIVERS\tdx.sys

0x015EA000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01190000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02C80000 \SystemRoot\system32\drivers\afd.sys

0x02D09000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02D12000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02D38000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x02D4E000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02D5D000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02D78000 \SystemRoot\system32\drivers\termdd.sys

0x02D8C000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x02DDD000 \SystemRoot\system32\drivers\nsiproxy.sys

0x02DE9000 \SystemRoot\system32\drivers\mssmbios.sys

0x02C00000 \SystemRoot\System32\drivers\discache.sys

0x02C0F000 \SystemRoot\System32\Drivers\dfsc.sys

0x02C2D000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x02C3E000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02C64000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x02DF4000 \SystemRoot\system32\drivers\wmiacpi.sys

0x048E5000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x05304000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04846000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x04853000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x048A9000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x048BA000 \SystemRoot\system32\drivers\HDAudBus.sys

0x01000000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x03C32000 \SystemRoot\system32\DRIVERS\athrx.sys

0x03E7C000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x03E89000 \SystemRoot\system32\drivers\i8042prt.sys

0x03EA7000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

0x03EB3000 \SystemRoot\system32\drivers\kbdclass.sys

0x03EC2000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x03F0B000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x03F0D000 \SystemRoot\system32\drivers\mouclass.sys

0x03F1C000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x03F21000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x03F2E000 \SystemRoot\system32\drivers\CompositeBus.sys

0x03F3E000 \SystemRoot\system32\DRIVERS\dne64x.sys

0x03F6A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x03F80000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03FA4000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03FB0000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03FDF000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03C00000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x01036000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x03C21000 \SystemRoot\system32\drivers\swenum.sys

0x040AC000 \SystemRoot\system32\drivers\ks.sys

0x040EF000 \SystemRoot\system32\drivers\umbus.sys

0x04101000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x0415B000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04170000 \SystemRoot\system32\drivers\CHDRT64.sys

0x041B6000 \SystemRoot\system32\drivers\portcls.sys

0x04000000 \SystemRoot\system32\drivers\drmk.sys

0x04022000 \SystemRoot\system32\drivers\ksthunk.sys

0x04028000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys

0x05E63000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys

0x06635000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys

0x06700000 \SystemRoot\system32\drivers\modem.sys

0x0670F000 \SystemRoot\system32\drivers\IntcHdmi.sys

0x06736000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x06753000 \SystemRoot\System32\Drivers\RtsUStor.sys

0x0678D000 \SystemRoot\System32\Drivers\usbvideo.sys

0x000B0000 \SystemRoot\System32\win32k.sys

0x067BB000 \SystemRoot\System32\drivers\Dxapi.sys

0x067D5000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004B0000 \SystemRoot\System32\TSDDD.dll

0x00710000 \SystemRoot\System32\cdd.dll

0x008E0000 \SystemRoot\System32\ATMFD.DLL

0x06600000 \SystemRoot\system32\drivers\luafv.sys

0x05FD7000 \SystemRoot\system32\drivers\WudfPf.sys

0x067E3000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x05E00000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x0407A000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x0408D000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x0284A000 \SystemRoot\system32\drivers\HTTP.sys

0x02913000 \SystemRoot\system32\DRIVERS\bowser.sys

0x02931000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02949000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x02976000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x029C4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x029E8000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x02800000 \SystemRoot\system32\DRIVERS\MpNWMon.sys

0x02810000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x03800000 \SystemRoot\system32\drivers\peauth.sys

0x038A6000 \SystemRoot\System32\Drivers\secdrv.SYS

0x038B1000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x038E2000 \SystemRoot\System32\drivers\tcpipreg.sys

0x038F4000 \SystemRoot\system32\DRIVERS\xaudio64.sys

0x038FC000 \SystemRoot\System32\DRIVERS\srv2.sys

0x03965000 \SystemRoot\System32\DRIVERS\srv.sys

0x07E17000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys

0x07EA4000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys

0x07F2A000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x07F35000 \??\C:\Users\Kitty\AppData\Local\Temp\aswMBR.sys

0x76CF0000 \Windows\System32\ntdll.dll

0x48090000 \Windows\System32\smss.exe

0xFF010000 \Windows\System32\apisetschema.dll

0xFEDA0000 \Windows\System32\iertutil.dll

0xFEBC0000 \Windows\System32\setupapi.dll

0xFEB40000 \Windows\System32\shlwapi.dll

0xFEA60000 \Windows\System32\advapi32.dll

0xFE850000 \Windows\System32\ole32.dll

0xFE800000 \Windows\System32\ws2_32.dll

0xFE730000 \Windows\System32\usp10.dll

0x76BD0000 \Windows\System32\kernel32.dll

0xFE690000 \Windows\System32\msvcrt.dll

0xFE5B0000 \Windows\System32\oleaut32.dll

0xFE590000 \Windows\System32\imagehlp.dll

0xFE510000 \Windows\System32\difxapi.dll

0xFE3E0000 \Windows\System32\rpcrt4.dll

0xFE3B0000 \Windows\System32\imm32.dll

0x76AD0000 \Windows\System32\user32.dll

0xFE2A0000 \Windows\System32\msctf.dll

0xFE290000 \Windows\System32\lpk.dll

0x76EC0000 \Windows\System32\psapi.dll

0xFE160000 \Windows\System32\wininet.dll

0xFD3D0000 \Windows\System32\shell32.dll

0xFD330000 \Windows\System32\clbcatq.dll

0xFD320000 \Windows\System32\nsi.dll

0xFD2C0000 \Windows\System32\Wldap32.dll

0x76EB0000 \Windows\System32\normaliz.dll

0xFD140000 \Windows\System32\urlmon.dll

0xFD0A0000 \Windows\System32\comdlg32.dll

0xFD080000 \Windows\System32\sechost.dll

0xFD010000 \Windows\System32\gdi32.dll

0xFCF70000 \Windows\System32\comctl32.dll

0xFCF50000 \Windows\System32\devobj.dll

0xFCDE0000 \Windows\System32\crypt32.dll

0xFCDA0000 \Windows\System32\cfgmgr32.dll

0xFCD30000 \Windows\System32\KernelBase.dll

0xFCCF0000 \Windows\System32\wintrust.dll

0xFCCE0000 \Windows\System32\msasn1.dll

0x75DD0000 \Windows\SysWOW64\normaliz.dll

Processes (total 80):

0 System Idle Process

4 System

272 C:\Windows\System32\smss.exe

380 csrss.exe

432 C:\Windows\System32\wininit.exe

448 csrss.exe

480 C:\Windows\System32\services.exe

504 C:\Windows\System32\lsass.exe

512 C:\Windows\System32\lsm.exe

620 C:\Windows\System32\svchost.exe

672 C:\Windows\System32\winlogon.exe

740 C:\Windows\System32\svchost.exe

788 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

916 C:\Windows\System32\svchost.exe

972 C:\Windows\System32\svchost.exe

1016 C:\Windows\System32\svchost.exe

724 C:\Windows\System32\svchost.exe

1136 C:\Windows\System32\svchost.exe

1268 C:\Windows\System32\wlanext.exe

1276 C:\Windows\System32\conhost.exe

1328 C:\Windows\System32\spoolsv.exe

1364 C:\Windows\System32\svchost.exe

1584 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1736 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1768 C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

1820 C:\Windows\System32\svchost.exe

1860 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

1896 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

1972 C:\Windows\SysWOW64\svchost.exe

2000 C:\Windows\System32\svchost.exe

2036 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

1104 C:\Windows\System32\svchost.exe

1428 C:\Windows\System32\svchost.exe

1436 C:\Program Files (x86)\SMINST\BLService.exe

1520 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2052 C:\Windows\System32\svchost.exe

2104 C:\Windows\System32\Wacom_Tablet.exe

2164 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2204 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

2320 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2576 C:\Windows\System32\taskhost.exe

2652 C:\Windows\System32\dwm.exe

2688 C:\Windows\explorer.exe

2908 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2924 C:\Program Files\Microsoft Security Client\msseces.exe

3008 C:\Windows\System32\hkcmd.exe

3020 C:\Windows\System32\igfxpers.exe

2144 C:\Windows\System32\WTablet\Wacom_TabletUser.exe

204 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

2800 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

2564 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

3108 C:\Windows\System32\Wacom_Tablet.exe

3152 C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

3196 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

3272 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

3280 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

3728 C:\Windows\System32\SearchIndexer.exe

3760 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

3960 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

3972 WmiPrvSE.exe

928 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

3596 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

548 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe

1796 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe

3840 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe

3900 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

3944 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

888 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

2732 C:\Windows\System32\svchost.exe

4812 C:\Windows\servicing\TrustedInstaller.exe

5048 C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe

1292 C:\Windows\System32\taskeng.exe

3064 C:\Windows\System32\svchost.exe

4508 C:\Windows\System32\rundll32.exe

2180 C:\Windows\System32\audiodg.exe

4860 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

608 C:\Windows\System32\SearchProtocolHost.exe

1716 C:\Users\Kitty\Desktop\MBRCheck.exe

760 C:\Windows\System32\conhost.exe

4552 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`26800000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2555GSX, Rev: FG002C

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Share this post


Link to post
Share on other sites

Don't worry about Avast.

You got the MBR attachment right :)

We need to do some more fixing. Please do the following ;)

1. Run MBRCheck.exe

2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:

3. Please push the 'Y' key and then press Enter

4. When program ask you Enter your choice: enter 2 and press the Enter key

5. Now the program will ask you "Enter the physical disk number to fix (00-99, --1 to cancel):

6. Enter 0 and press the Enter key.

7. The program will show Available MBR codes:, followed by a list of operating systems. Please enter the number for Windows 7, and then press Enter.

8. The program will prompt for confirmation. Type 'YES' and hit Enter.

9. Left click on the title bar (where program name and path is written).

10. From menu chose Edit => Select All

11. Hit the Enter key on your keyboard to copy selected text.

12. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"

13. Restart your PC.

14. Post the text in "MBRCheck results.txt" here, please.

Share this post


Link to post
Share on other sites

Here is the log:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Wistron

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP G60 Notebook PC

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 190):

0x0304B000 \SystemRoot\system32\ntoskrnl.exe

0x03002000 \SystemRoot\system32\hal.dll

0x00B96000 \SystemRoot\system32\kdcom.dll

0x00CBF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00D0E000 \SystemRoot\system32\PSHED.dll

0x00D22000 \SystemRoot\system32\CLFS.SYS

0x00E46000 \SystemRoot\system32\CI.dll

0x00F06000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00FAA000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00D80000 \SystemRoot\system32\drivers\ACPI.sys

0x00FB9000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00FC2000 \SystemRoot\system32\drivers\msisadrv.sys

0x00FCC000 \SystemRoot\system32\drivers\pci.sys

0x00E00000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys

0x00E22000 \SystemRoot\system32\drivers\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E37000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00C5C000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00C68000 \SystemRoot\System32\drivers\mountmgr.sys

0x00C82000 \SystemRoot\system32\drivers\atapi.sys

0x00C8B000 \SystemRoot\system32\drivers\ataport.SYS

0x00DD7000 \SystemRoot\system32\drivers\msahci.sys

0x00DE2000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x00DF2000 \SystemRoot\system32\drivers\amdxata.sys

0x01017000 \SystemRoot\system32\drivers\fltmgr.sys

0x01063000 \SystemRoot\system32\drivers\fileinfo.sys

0x0125C000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01077000 \SystemRoot\System32\Drivers\msrpc.sys

0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys

0x010D5000 \SystemRoot\System32\Drivers\cng.sys

0x0121B000 \SystemRoot\System32\drivers\pcw.sys

0x0122C000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01477000 \SystemRoot\system32\drivers\ndis.sys

0x0156A000 \SystemRoot\system32\drivers\NETIO.SYS

0x015CA000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01688000 \SystemRoot\System32\drivers\tcpip.sys

0x0188C000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x018D6000 \SystemRoot\system32\drivers\volsnap.sys

0x01922000 \SystemRoot\System32\Drivers\spldr.sys

0x0192A000 \SystemRoot\System32\drivers\rdyboost.sys

0x01964000 \SystemRoot\System32\Drivers\mup.sys

0x01976000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0197F000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x019B9000 \SystemRoot\system32\DRIVERS\disk.sys

0x019CF000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x0160E000 \SystemRoot\system32\drivers\cdrom.sys

0x01638000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x01669000 \SystemRoot\System32\Drivers\Null.SYS

0x01672000 \SystemRoot\System32\Drivers\Beep.SYS

0x01679000 \SystemRoot\System32\drivers\vga.sys

0x01400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01425000 \SystemRoot\System32\drivers\watchdog.sys

0x01600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x01435000 \SystemRoot\system32\drivers\rdpencdd.sys

0x0143E000 \SystemRoot\system32\drivers\rdprefmp.sys

0x01447000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01452000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01236000 \SystemRoot\system32\DRIVERS\tdx.sys

0x01463000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01147000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02C54000 \SystemRoot\system32\drivers\afd.sys

0x02CDD000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02CE6000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02D0C000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x02D22000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02D31000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02D4C000 \SystemRoot\system32\drivers\termdd.sys

0x02D60000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x02DB1000 \SystemRoot\system32\drivers\nsiproxy.sys

0x02DBD000 \SystemRoot\system32\drivers\mssmbios.sys

0x02DC8000 \SystemRoot\System32\drivers\discache.sys

0x02DD7000 \SystemRoot\System32\Drivers\dfsc.sys

0x02C00000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x02C11000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02C37000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x02DF5000 \SystemRoot\system32\drivers\wmiacpi.sys

0x0482B000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x0524A000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0533E000 \SystemRoot\System32\drivers\dxgmms1.sys

0x05384000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x05391000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x053E7000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x04800000 \SystemRoot\system32\drivers\HDAudBus.sys

0x0118C000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x03EC1000 \SystemRoot\system32\DRIVERS\athrx.sys

0x0410B000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x04118000 \SystemRoot\system32\drivers\i8042prt.sys

0x04136000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

0x04142000 \SystemRoot\system32\drivers\kbdclass.sys

0x04151000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x0419A000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x0419C000 \SystemRoot\system32\drivers\mouclass.sys

0x041AB000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x041B0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x041BD000 \SystemRoot\system32\drivers\CompositeBus.sys

0x041CD000 \SystemRoot\system32\DRIVERS\dne64x.sys

0x03E00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x03E16000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x03E3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03E46000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x03E75000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03E90000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x011C2000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x03EB1000 \SystemRoot\system32\drivers\swenum.sys

0x042D5000 \SystemRoot\system32\drivers\ks.sys

0x04318000 \SystemRoot\system32\drivers\umbus.sys

0x0432A000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x04384000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04399000 \SystemRoot\system32\drivers\CHDRT64.sys

0x04200000 \SystemRoot\system32\drivers\portcls.sys

0x0423D000 \SystemRoot\system32\drivers\drmk.sys

0x0425F000 \SystemRoot\system32\drivers\ksthunk.sys

0x04265000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys

0x06413000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys

0x066ED000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys

0x067B8000 \SystemRoot\system32\drivers\modem.sys

0x067C7000 \SystemRoot\system32\drivers\IntcHdmi.sys

0x06600000 \SystemRoot\System32\Drivers\RtsUStor.sys

0x0663A000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x06657000 \SystemRoot\System32\Drivers\usbvideo.sys

0x00070000 \SystemRoot\System32\win32k.sys

0x06685000 \SystemRoot\System32\drivers\Dxapi.sys

0x0669F000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004D0000 \SystemRoot\System32\TSDDD.dll

0x00790000 \SystemRoot\System32\cdd.dll

0x008C0000 \SystemRoot\System32\ATMFD.DLL

0x066AD000 \SystemRoot\system32\drivers\luafv.sys

0x06587000 \SystemRoot\system32\drivers\WudfPf.sys

0x066D0000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x065A8000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x06400000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x042B7000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x067EE000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x0280B000 \SystemRoot\system32\drivers\HTTP.sys

0x028D4000 \SystemRoot\system32\DRIVERS\bowser.sys

0x028F2000 \SystemRoot\System32\drivers\mpsdrv.sys

0x0290A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x02937000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x02985000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x029A9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x0461B000 \SystemRoot\system32\drivers\peauth.sys

0x046C1000 \SystemRoot\System32\Drivers\secdrv.SYS

0x046CC000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x046FD000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0470F000 \SystemRoot\system32\DRIVERS\xaudio64.sys

0x04717000 \SystemRoot\System32\DRIVERS\srv2.sys

0x06CD6000 \SystemRoot\System32\DRIVERS\srv.sys

0x06D6E000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys

0x06C00000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys

0x06C86000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x77090000 \Windows\System32\ntdll.dll

0x47CB0000 \Windows\System32\smss.exe

0xFF3B0000 \Windows\System32\apisetschema.dll

0xFF320000 \Windows\System32\shlwapi.dll

0xFF310000 \Windows\System32\nsi.dll

0xFF290000 \Windows\System32\difxapi.dll

0xFF0B0000 \Windows\System32\setupapi.dll

0xFF010000 \Windows\System32\msvcrt.dll

0x77260000 \Windows\System32\normaliz.dll

0xFEFA0000 \Windows\System32\gdi32.dll

0xFEF50000 \Windows\System32\ws2_32.dll

0xFE1C0000 \Windows\System32\shell32.dll

0xFE040000 \Windows\System32\urlmon.dll

0xFE020000 \Windows\System32\imagehlp.dll

0xFDEF0000 \Windows\System32\rpcrt4.dll

0xFDDE0000 \Windows\System32\msctf.dll

0x76F70000 \Windows\System32\kernel32.dll

0x77250000 \Windows\System32\psapi.dll

0xFDB80000 \Windows\System32\iertutil.dll

0x76E70000 \Windows\System32\user32.dll

0xFDAA0000 \Windows\System32\advapi32.dll

0xFDA90000 \Windows\System32\lpk.dll

0xFDA70000 \Windows\System32\sechost.dll

0xFD990000 \Windows\System32\oleaut32.dll

0xFD8F0000 \Windows\System32\clbcatq.dll

0xFD850000 \Windows\System32\comdlg32.dll

0xFD820000 \Windows\System32\imm32.dll

0xFD610000 \Windows\System32\ole32.dll

0xFD540000 \Windows\System32\usp10.dll

0xFD4E0000 \Windows\System32\Wldap32.dll

0xFD3B0000 \Windows\System32\wininet.dll

0xFD310000 \Windows\System32\comctl32.dll

0xFD2D0000 \Windows\System32\wintrust.dll

0xFD290000 \Windows\System32\cfgmgr32.dll

0xFD120000 \Windows\System32\crypt32.dll

0xFD100000 \Windows\System32\devobj.dll

0xFD090000 \Windows\System32\KernelBase.dll

0xFD080000 \Windows\System32\msasn1.dll

0x75F40000 \Windows\SysWOW64\normaliz.dll

Processes (total 74):

0 System Idle Process

4 System

272 C:\Windows\System32\smss.exe

376 csrss.exe

428 C:\Windows\System32\wininit.exe

440 csrss.exe

476 C:\Windows\System32\services.exe

500 C:\Windows\System32\lsass.exe

508 C:\Windows\System32\lsm.exe

620 C:\Windows\System32\svchost.exe

676 C:\Windows\System32\winlogon.exe

744 C:\Windows\System32\svchost.exe

792 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

900 C:\Windows\System32\svchost.exe

984 C:\Windows\System32\svchost.exe

112 C:\Windows\System32\svchost.exe

1096 C:\Windows\System32\svchost.exe

1216 C:\Windows\System32\svchost.exe

1364 C:\Windows\System32\wlanext.exe

1372 C:\Windows\System32\conhost.exe

1520 C:\Windows\System32\spoolsv.exe

1552 C:\Windows\System32\svchost.exe

1652 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1684 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1724 C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

1784 C:\Windows\System32\svchost.exe

1812 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

1880 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

1960 C:\Windows\SysWOW64\svchost.exe

1988 C:\Windows\System32\svchost.exe

2044 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

1172 C:\Windows\System32\svchost.exe

1044 C:\Windows\System32\svchost.exe

1468 C:\Program Files (x86)\SMINST\BLService.exe

2176 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2232 C:\Windows\System32\svchost.exe

2348 C:\Windows\System32\Wacom_Tablet.exe

2404 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2460 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

2580 C:\Windows\System32\taskhost.exe

2648 C:\Windows\System32\dwm.exe

2676 C:\Windows\explorer.exe

2768 C:\Windows\System32\WTablet\Wacom_TabletUser.exe

2792 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2840 C:\Windows\System32\Wacom_Tablet.exe

2532 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2516 C:\Program Files\Microsoft Security Client\msseces.exe

3048 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

936 C:\Windows\System32\hkcmd.exe

2560 C:\Windows\System32\igfxpers.exe

3116 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

3192 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

3248 C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

3264 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

3280 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

3296 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

3784 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

3880 WmiPrvSE.exe

4004 C:\Windows\System32\SearchIndexer.exe

3404 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

3440 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

3536 C:\Windows\System32\svchost.exe

1528 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

1668 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

1776 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe

2388 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

956 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe

3172 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe

3796 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

1144 C:\Windows\System32\audiodg.exe

3436 C:\Windows\System32\notepad.exe

3488 C:\Users\Kitty\Desktop\MBRCheck.exe

884 C:\Windows\System32\conhost.exe

152 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`26800000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2555GSX, Rev: FG002C

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:

[ 0] Default (Windows 7)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 5

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

Share this post


Link to post
Share on other sites

Please reboot and run MBRCheck once more (don't go through the fixes), and post the log it creates.

Share this post


Link to post
Share on other sites

Will do. I'll try to get this done and post in later today or tomorrow. Thank you!

Share this post


Link to post
Share on other sites

Sounds good, thank you for letting me know ;)

Share this post


Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Wistron

BIOS Manufacturer: Hewlett-Packard

System Manufacturer: Hewlett-Packard

System Product Name: HP G60 Notebook PC

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 192):

0x0304B000 \SystemRoot\system32\ntoskrnl.exe

0x03002000 \SystemRoot\system32\hal.dll

0x00BD1000 \SystemRoot\system32\kdcom.dll

0x00C4C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C9B000 \SystemRoot\system32\PSHED.dll

0x00CAF000 \SystemRoot\system32\CLFS.SYS

0x00D0D000 \SystemRoot\system32\CI.dll

0x00EFA000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F9E000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00E00000 \SystemRoot\system32\drivers\ACPI.sys

0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys

0x00E6A000 \SystemRoot\system32\drivers\pci.sys

0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys

0x00EBF000 \SystemRoot\system32\drivers\volmgr.sys

0x01005000 \SystemRoot\System32\drivers\volmgrx.sys

0x01061000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x0106A000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x01076000 \SystemRoot\System32\drivers\mountmgr.sys

0x01090000 \SystemRoot\system32\drivers\atapi.sys

0x01099000 \SystemRoot\system32\drivers\ataport.SYS

0x010C3000 \SystemRoot\system32\drivers\msahci.sys

0x010CE000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x010DE000 \SystemRoot\system32\drivers\amdxata.sys

0x010E9000 \SystemRoot\system32\drivers\fltmgr.sys

0x01135000 \SystemRoot\system32\drivers\fileinfo.sys

0x01237000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01149000 \SystemRoot\System32\Drivers\msrpc.sys

0x013DA000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0142E000 \SystemRoot\System32\Drivers\cng.sys

0x014A0000 \SystemRoot\System32\drivers\pcw.sys

0x014B1000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x014BB000 \SystemRoot\system32\drivers\ndis.sys

0x0163B000 \SystemRoot\system32\drivers\NETIO.SYS

0x0169B000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x018B2000 \SystemRoot\System32\drivers\tcpip.sys

0x01AB6000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01B00000 \SystemRoot\system32\drivers\volsnap.sys

0x01B4C000 \SystemRoot\System32\Drivers\spldr.sys

0x01B54000 \SystemRoot\System32\drivers\rdyboost.sys

0x01B8E000 \SystemRoot\System32\Drivers\mup.sys

0x01BA0000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01BA9000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01BE3000 \SystemRoot\system32\DRIVERS\disk.sys

0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x0183E000 \SystemRoot\system32\drivers\cdrom.sys

0x01868000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x01899000 \SystemRoot\System32\Drivers\Null.SYS

0x018A2000 \SystemRoot\System32\Drivers\Beep.SYS

0x01830000 \SystemRoot\System32\drivers\vga.sys

0x016C6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x016EB000 \SystemRoot\System32\drivers\watchdog.sys

0x018A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x016FB000 \SystemRoot\system32\drivers\rdpencdd.sys

0x01704000 \SystemRoot\system32\drivers\rdprefmp.sys

0x0170D000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01718000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01729000 \SystemRoot\system32\DRIVERS\tdx.sys

0x0174B000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01758000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03ECC000 \SystemRoot\system32\drivers\afd.sys

0x03F55000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03F5E000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03F84000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x03F9A000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03FA9000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03FC4000 \SystemRoot\system32\drivers\termdd.sys

0x03E00000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03E51000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03E5D000 \SystemRoot\system32\drivers\mssmbios.sys

0x03E68000 \SystemRoot\System32\drivers\discache.sys

0x03E77000 \SystemRoot\System32\Drivers\dfsc.sys

0x03E95000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03EA6000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03FD8000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x03FEE000 \SystemRoot\system32\drivers\wmiacpi.sys

0x04ABB000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x054DA000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04A46000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x04A53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x04AA9000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x055CE000 \SystemRoot\system32\drivers\HDAudBus.sys

0x0179D000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x04044000 \SystemRoot\system32\DRIVERS\athrx.sys

0x0428E000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x0429B000 \SystemRoot\system32\drivers\i8042prt.sys

0x042B9000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

0x042C5000 \SystemRoot\system32\drivers\kbdclass.sys

0x042D4000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x0431D000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x0431F000 \SystemRoot\system32\drivers\mouclass.sys

0x0432E000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x04333000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x04340000 \SystemRoot\system32\drivers\CompositeBus.sys

0x04350000 \SystemRoot\system32\DRIVERS\dne64x.sys

0x0437C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x04392000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x043B6000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x043C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x04000000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x0401B000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x017D3000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x0403C000 \SystemRoot\system32\drivers\swenum.sys

0x015AE000 \SystemRoot\system32\drivers\ks.sys

0x017ED000 \SystemRoot\system32\drivers\umbus.sys

0x0449E000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x044F8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x0450D000 \SystemRoot\system32\drivers\CHDRT64.sys

0x04553000 \SystemRoot\system32\drivers\portcls.sys

0x04590000 \SystemRoot\system32\drivers\drmk.sys

0x045B2000 \SystemRoot\system32\drivers\ksthunk.sys

0x04400000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys

0x0664F000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys

0x0689B000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys

0x06966000 \SystemRoot\system32\drivers\modem.sys

0x06975000 \SystemRoot\system32\drivers\IntcHdmi.sys

0x0699C000 \SystemRoot\System32\Drivers\RtsUStor.sys

0x069D6000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x06800000 \SystemRoot\System32\Drivers\usbvideo.sys

0x00050000 \SystemRoot\System32\win32k.sys

0x0682E000 \SystemRoot\System32\drivers\Dxapi.sys

0x06848000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004C0000 \SystemRoot\System32\TSDDD.dll

0x006A0000 \SystemRoot\System32\cdd.dll

0x00980000 \SystemRoot\System32\ATMFD.DLL

0x06856000 \SystemRoot\system32\drivers\luafv.sys

0x06879000 \SystemRoot\system32\drivers\WudfPf.sys

0x067C3000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x011A7000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x067D8000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x06600000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x02A9C000 \SystemRoot\system32\drivers\HTTP.sys

0x02B65000 \SystemRoot\system32\DRIVERS\bowser.sys

0x02B83000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02B9B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x02A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x02A72000 \SystemRoot\system32\DRIVERS\MpNWMon.sys

0x02A82000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x02A8C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x06497000 \SystemRoot\system32\drivers\peauth.sys

0x0653D000 \SystemRoot\System32\Drivers\secdrv.SYS

0x06548000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x06579000 \SystemRoot\System32\drivers\tcpipreg.sys

0x0658B000 \SystemRoot\system32\DRIVERS\xaudio64.sys

0x06593000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07007000 \SystemRoot\System32\DRIVERS\srv.sys

0x0709F000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys

0x070B4000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys

0x071B2000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x07141000 \SystemRoot\system32\drivers\spsys.sys

0x76DD0000 \Windows\System32\ntdll.dll

0x48390000 \Windows\System32\smss.exe

0xFF0F0000 \Windows\System32\apisetschema.dll

0xFEF00000 \Windows\System32\setupapi.dll

0xFEEB0000 \Windows\System32\ws2_32.dll

0xFEDA0000 \Windows\System32\msctf.dll

0xFE010000 \Windows\System32\shell32.dll

0xFE000000 \Windows\System32\nsi.dll

0x76FA0000 \Windows\System32\psapi.dll

0xFDFA0000 \Windows\System32\Wldap32.dll

0xFDF00000 \Windows\System32\msvcrt.dll

0xFDE60000 \Windows\System32\comdlg32.dll

0xFDE30000 \Windows\System32\imm32.dll

0xFDE20000 \Windows\System32\lpk.dll

0xFDD50000 \Windows\System32\usp10.dll

0xFDCE0000 \Windows\System32\gdi32.dll

0x76F90000 \Windows\System32\normaliz.dll

0x76CD0000 \Windows\System32\user32.dll

0xFDA80000 \Windows\System32\iertutil.dll

0xFDA00000 \Windows\System32\shlwapi.dll

0x76BB0000 \Windows\System32\kernel32.dll

0xFD8D0000 \Windows\System32\rpcrt4.dll

0xFD850000 \Windows\System32\difxapi.dll

0xFD720000 \Windows\System32\wininet.dll

0xFD640000 \Windows\System32\advapi32.dll

0xFD4C0000 \Windows\System32\urlmon.dll

0xFD2B0000 \Windows\System32\ole32.dll

0xFD210000 \Windows\System32\clbcatq.dll

0xFD1F0000 \Windows\System32\imagehlp.dll

0xFD1D0000 \Windows\System32\sechost.dll

0xFD0F0000 \Windows\System32\oleaut32.dll

0xFD0B0000 \Windows\System32\wintrust.dll

0xFD070000 \Windows\System32\cfgmgr32.dll

0xFCF00000 \Windows\System32\crypt32.dll

0xFCE90000 \Windows\System32\KernelBase.dll

0xFCE70000 \Windows\System32\devobj.dll

0xFCDD0000 \Windows\System32\comctl32.dll

0xFCDC0000 \Windows\System32\msasn1.dll

0x74B70000 \Windows\SysWOW64\normaliz.dll

Processes (total 79):

0 System Idle Process

4 System

272 C:\Windows\System32\smss.exe

376 csrss.exe

428 C:\Windows\System32\wininit.exe

440 csrss.exe

476 C:\Windows\System32\services.exe

500 C:\Windows\System32\lsass.exe

508 C:\Windows\System32\lsm.exe

632 C:\Windows\System32\winlogon.exe

648 C:\Windows\System32\svchost.exe

740 C:\Windows\System32\svchost.exe

788 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

888 C:\Windows\System32\svchost.exe

956 C:\Windows\System32\svchost.exe

1004 C:\Windows\System32\svchost.exe

756 C:\Windows\System32\svchost.exe

1128 C:\Windows\System32\svchost.exe

1264 C:\Windows\System32\wlanext.exe

1272 C:\Windows\System32\conhost.exe

1328 C:\Windows\System32\spoolsv.exe

1360 C:\Windows\System32\svchost.exe

1492 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1632 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1664 C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

1744 C:\Windows\System32\svchost.exe

1784 C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

1996 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

2020 C:\Windows\SysWOW64\svchost.exe

2040 C:\Windows\System32\svchost.exe

1092 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

1400 C:\Windows\System32\svchost.exe

1608 C:\Windows\System32\svchost.exe

1596 C:\Program Files (x86)\SMINST\BLService.exe

1220 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

1992 C:\Windows\System32\taskhost.exe

2060 C:\Windows\System32\svchost.exe

2268 C:\Windows\System32\dwm.exe

2320 C:\Windows\explorer.exe

2364 C:\Windows\System32\Wacom_Tablet.exe

2440 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2476 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

2572 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2720 C:\Windows\System32\WTablet\Wacom_TabletUser.exe

2888 C:\Windows\System32\Wacom_Tablet.exe

2988 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3004 C:\Program Files\Microsoft Security Client\msseces.exe

3020 C:\Windows\System32\hkcmd.exe

3028 C:\Windows\System32\igfxpers.exe

3076 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

3176 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

3296 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

3336 C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe

3356 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

3388 C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

3404 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

3832 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

3908 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

3940 WmiPrvSE.exe

924 C:\Windows\System32\SearchIndexer.exe

2384 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

324 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

3760 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

1912 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

3048 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe

3268 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe

3812 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe

588 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

4000 C:\Windows\System32\svchost.exe

3544 C:\Windows\System32\taskeng.exe

860 C:\Windows\servicing\TrustedInstaller.exe

504 C:\Windows\System32\sppsvc.exe

1800 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

944 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

2284 C:\Windows\System32\audiodg.exe

2484 C:\Windows\System32\rundll32.exe

2768 C:\Users\Kitty\Desktop\MBRCheck.exe

1672 C:\Windows\System32\conhost.exe

4064 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`26800000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2555GSX, Rev: FG002C

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): -1

Done!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.