Inactive wininit.exe Trojan Patched_c.IWU

soolshock · 2010/09/10

[Inactive] wininit.exe Trojan Patched_c.IWU

AVG picks this up as a trojan and I can't seem to fix it.
Can someone help me fix this?

DDS (Ver_10-03-17.01) - NTFSx86
Run by Ben at 11:45:36.68 on 09/10/2010 Fri
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.949.82.1033.18.2814.871 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AIM\aim.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Ben\Desktop\SystemLook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ben\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [Google Update] "c:\users\ben\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0 "
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe "
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
StartupFolder: c:\users\ben\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {2533889d-f975-4b7f-bdea-45c87bbca878} = 68.94.156.1 68.94.157.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\rkjrtrlp.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 1\plugins\npnul32.dll
FF - plugin: c:\users\ben\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-28 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-28 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-28 243024]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-19 38224]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-8-23 105576]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

============== File Associations ===============

regfile= "regedit.exe" "%1 "

=============== Created Last 30 ================

2010-09-10 05:49:57 0 d-----w- c:\programdata\CopyPod
2010-09-10 05:25:53 0 d-----w- c:\program files\iPod
2010-09-10 05:25:52 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-10 05:25:52 0 d-----w- c:\program files\iTunes
2010-09-10 05:20:34 0 d-----w- c:\program files\Bonjour
2010-09-10 05:15:14 0 d-----w- c:\program files\iRip
2010-09-07 19:26:41 0 d-----w- c:\users\ben\Tracing
2010-09-07 19:24:17 0 d-----w- c:\program files\Microsoft
2010-09-07 19:23:59 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-07 19:11:59 0 d-----w- c:\program files\common files\Windows Live
2010-09-05 05:19:53 0 d-----w- c:\users\ben\appdata\roaming\TS3Client
2010-09-05 05:19:46 0 d-----w- c:\program files\TeamSpeak 3 Client
2010-09-03 00:24:45 0 d-----w- C:\totalcmd
2010-09-02 07:04:11 406052 ----a-w- c:\windows\system32\perfh012.dat
2010-09-02 07:04:11 31548 ----a-w- c:\windows\system32\perfd012.dat
2010-09-02 07:04:11 157694 ----a-w- c:\windows\system32\perfi012.dat
2010-09-02 07:04:11 102834 ----a-w- c:\windows\system32\perfc012.dat
2010-09-02 07:03:06 0 d-----w- c:\windows\ko-KR
2010-09-02 07:03:05 0 d-----w- c:\windows\system32\XPSViewer
2010-09-02 07:03:05 0 d-----w- c:\windows\system32\drivers\ko-KR
2010-09-02 07:02:57 0 d-----w- c:\windows\system32\ko
2010-09-02 07:02:56 0 d-----w- c:\windows\system32\wbem\ko-KR
2010-08-30 22:57:52 0 d-----w- c:\program files\MetaGeek
2010-08-30 08:22:01 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-30 08:22:01 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-30 08:22:01 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-30 08:22:01 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-30 08:22:01 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-28 17:20:24 0 d-----w- c:\program files\Team17
2010-08-28 06:27:52 0 d-----w- c:\program files\Rosetta Stone
2010-08-28 06:27:42 0 d-----w- c:\programdata\FLEXnet
2010-08-28 06:27:27 0 d-----w- c:\programdata\RosettaStoneLtdBackup
2010-08-28 06:27:08 0 d-----w- c:\program files\common files\Macrovision Shared
2010-08-28 06:26:51 0 d-----w- c:\programdata\Rosetta Stone
2010-08-27 22:20:46 0 d-----w- c:\programdata\Sun
2010-08-27 22:20:33 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-11 23:41:57 0 d-----w- c:\program files\Mozilla Firefox 4.0 Beta 3

==================== Find3M ====================

2010-09-02 07:02:44 31548 ----a-w- c:\windows\inf\perflib\0412\perfd.dat
2010-09-02 07:02:44 31548 ----a-w- c:\windows\inf\perflib\0412\perfc.dat
2010-09-02 07:02:44 157694 ----a-w- c:\windows\inf\perflib\0412\perfi.dat
2010-09-02 07:02:44 157694 ----a-w- c:\windows\inf\perflib\0412\perfh.dat
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-15 19:38:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 19:38:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 19:37:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-09 23:20:08 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:20:06 261736 ----a-w- c:\windows\system32\nvhotkey.dll
2010-07-09 23:20:06 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 23:20:06 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 23:20:06 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 23:20:06 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-07 21:03:14 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-21 22:07:47 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2010-06-21 22:07:45 600680 ----a-w- c:\windows\system32\nvuhda.exe
2010-06-21 22:07:43 232040 ----a-w- c:\windows\system32\nvcohda.dll
2010-06-21 22:07:41 64104 ----a-w- c:\windows\system32\nvapo32v.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 04:43:24 87608 ----a-w- c:\users\ben\appdata\roaming\inst.exe
2010-06-15 04:43:24 47360 ----a-w- c:\users\ben\appdata\roaming\pcouffin.sys
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 11:46:31.94 ===============

OTL Extras logfile created on: 9/10/2010 11:29:23 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Ben\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.03 Gb Total Space | 71.39 Gb Free Space | 32.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 308.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1397.26 Gb Total Space | 653.48 Gb Free Space | 46.77% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEN-PC
Current User Name: Ben
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Free Music Zilla\FMZilla.exe" = C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D6FAB8B-F22B-4272-AA27-9A188E21D047}" = iRip
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C7DEE429-4C9B-4126-894F-50B4F54FF196}" = inSSIDer
"{CA8056BC-05E8-41FB-82C2-4750568CD379}" = MiniCoder
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"AutoGK" = Auto Gordian Knot 2.55
"AutoHotkey" = AutoHotkey 1.0.48.05
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Defraggler" = Defraggler
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"foobar2000" = foobar2000 v1.0.3
"Free Music Zilla_is1" = Free Music Zilla
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.7.3.4677
"MediaInfo" = MediaInfo 0.7.33
"MeGUI" = MeGUI (remove only)
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"MiPony" = MiPony 1.0.12
"mIRC" = mIRC
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Mozilla Firefox (4.0b3)" = Mozilla Firefox (4.0b3)
"Mumble" = Mumble and Murmur
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"SafeConnect" = SafeConnect
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Soulseek2" = SoulSeek 157 NS 13e
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 215" = Source SDK Base
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Super Card_is1" = SC Ver 2.70
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VisualSubSync" = VisualSubSync (remove only)
"VobSub" = VobSub v2.23 (Remove Only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2010 2:21:17 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = 372: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/10/2010 2:21:17 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/10/2010 2:21:17 AM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/10/2010 4:52:18 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 9/10/2010 6:22:32 AM | Computer Name = Ben-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 9/10/2010 6:28:57 AM | Computer Name = Ben-PC | Source = System Restore | ID = 8193
Description =

Error - 9/10/2010 12:16:32 PM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/10/2010 12:16:32 PM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = 328: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/10/2010 12:16:32 PM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 9/10/2010 12:16:32 PM | Computer Name = Ben-PC | Source = Bonjour Service | ID = 100
Description = 372: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 9/2/2010 11:42:50 PM | Computer Name = Ben-PC | Source = ipnathlp | ID = 31004
Description =

Error - 9/3/2010 12:16:42 AM | Computer Name = Ben-PC | Source = ipnathlp | ID = 31004
Description =

Error - 9/3/2010 12:16:44 AM | Computer Name = Ben-PC | Source = ipnathlp | ID = 31004
Description =

Error - 9/3/2010 12:16:47 AM | Computer Name = Ben-PC | Source = ipnathlp | ID = 31004
Description =

Error - 9/3/2010 12:16:58 AM | Computer Name = Ben-PC | Source = ipnathlp | ID = 31004
Description =

Error - 9/6/2010 10:25:57 PM | Computer Name = Ben-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 20
Description = A fatal hardware error has occurred. Component: AMD Northbridge Error
Source: 3 Error Type: 11 Processor ID: 0 The details view of this entry contains further
information.

Error - 9/7/2010 11:53:00 PM | Computer Name = Ben-PC | Source = ipnathlp | ID = 31004
Description =

Error - 9/10/2010 1:20:46 AM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/10/2010 1:21:21 AM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/10/2010 1:22:21 AM | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

< End of report >

Admin. · 2010/09/10

Admin: Do not put [Active] in your subject!

You also have to post Attach.txt

soolshock · 2010/09/10

Sorry about that. Here is the attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 10/17/2009 9:32:17 PM
System Uptime: 9/6/2010 7:25:12 PM (88 hours ago)

Motherboard: Wistron | | 303C
Processor: AMD Turion Dual-Core RM-70 | Socket A | 2000/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 81.309 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 1397 GiB total, 643.966 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1EEBC87B&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1EEBC87B&0&01
Service: vwifimp

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.3.4
AIM 7
Alien Swarm
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auto Gordian Knot 2.55
AutoHotkey 1.0.48.05
AVG Free 9.0
AviSynth 2.5
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner
Conexant HD Audio
Counter-Strike
Counter-Strike: Source
CyberLink YouCam
Day of Defeat
Day of Defeat: Source
Defraggler
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVDFab 7.0.7.0 (08/06/2010)
foobar2000 v1.0.3
Free Music Zilla
Google Chrome
Guitar Pro 5.2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
inSSIDer
iRip
iTunes
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Mega Codec Pack 5.4.4
League of Legends
Malwarebytes' Anti-Malware
MediaCoder 0.7.3.4677
MediaInfo 0.7.33
MeGUI (remove only)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 Management Objects
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiniCoder
MiPony 1.0.12
mIRC
Mozilla Firefox (3.5.4)
Mozilla Firefox (3.6.9)
Mozilla Firefox (4.0b3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble and Murmur
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
ooVoo
OpenAL
PDF Settings CS5
QuickTime
Realtek USB 2.0 Card Reader
Rosetta Stone Version 3
SafeConnect
SC Ver 2.70
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SoulSeek 157 NS 13e
Source SDK Base
SQL Server System CLR Types
StarCraft II
Steam
Synaptics Pointing Device Driver
System Requirements Lab
Team Fortress 2
TeamSpeak 3 Client
Total Commander (Remove or Repair)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Ventrilo Client
VisualSubSync (remove only)
VobSub v2.23 (Remove Only)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
μTorrent

==== Event Viewer Messages From Past Week ========

9/9/2010 10:22:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
9/9/2010 10:21:21 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/9/2010 10:20:46 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/7/2010 8:53:00 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/6/2010 7:25:57 PM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information.

==== End Of File ===========================

Admin. · 2010/09/10

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2010/09/10

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

soolshock · 2010/09/10

Sorry, I decided to check some other threads to see what others have done before I saw your answer. I ran a scan with ESET online scanner which showed:
C:\Program Files\Internet Explorer\iexplore.exe Win32/Bamital.DX trojan
C:\Program Files\Mozilla Firefox\firefox.exe Win32/Bamital.DX trojan
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\6566bde4-2728a944 a variant of Win32/TrojanDownloader.Unruy.CA trojan
C:\Windows\System32\wininit.exe Win32/Bamital.DX trojan

I then proceeded to replace my copy of wininit.exe with one found in C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13 and restarted which seemed to have fixed AVG popping up. I have also uninstalled firefox but I'm not quite sure how to deal with the internet explorer.

Here's the MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4328

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/10/2010 3:57:35 PM
mbam-log-2010-09-10 (15-57-35).txt

Scan type: Quick scan
Objects scanned: 132104
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ( "regedit.exe" "%1 ") Good: (regedit.exe "%1 ") -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I tried to run the GMER but it has been giving me problems and BSODS. :|

Here is the MBR check you requested:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 204):
0x82E02000 \SystemRoot\system32\ntkrnlpa.exe
0x83212000 \SystemRoot\system32\halmacpi.dll
0x80BAA000 \SystemRoot\system32\kdcom.dll
0x8A617000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8A622000 \SystemRoot\system32\PSHED.dll
0x8A633000 \SystemRoot\system32\BOOTVID.dll
0x8A63B000 \SystemRoot\system32\CLFS.SYS
0x8A67D000 \SystemRoot\system32\CI.dll
0x8A728000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A799000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A80E000 \SystemRoot\System32\Drivers\spvf.sys
0x8A90F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8A918000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8A93E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8A986000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8A98E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8A999000 \SystemRoot\system32\DRIVERS\pci.sys
0x8A9C3000 \SystemRoot\System32\drivers\partmgr.sys
0x8A9D4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A9DC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A9E7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8A7A7000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A9F7000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8A800000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8A600000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A7F2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8AA11000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8AA34000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8AA3D000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AA71000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AA82000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8ABB1000 \SystemRoot\System32\Drivers\msrpc.sys
0x8ABDC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC24000 \SystemRoot\System32\Drivers\cng.sys
0x8AC81000 \SystemRoot\System32\drivers\pcw.sys
0x8AC8F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8AC98000 \SystemRoot\system32\drivers\ndis.sys
0x8AD4F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AD8D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8AE15000 \SystemRoot\System32\drivers\tcpip.sys
0x8AF5E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AF8F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8AF98000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8AFD7000 \SystemRoot\System32\Drivers\spldr.sys
0x8ADB2000 \SystemRoot\System32\drivers\rdyboost.sys
0x8AFDF000 \SystemRoot\System32\Drivers\mup.sys
0x8AFEF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B026000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B058000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B069000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B0C0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B0DF000 \SystemRoot\System32\Drivers\Null.SYS
0x8B0E6000 \SystemRoot\System32\drivers\vga.sys
0x8B0F2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B113000 \SystemRoot\System32\drivers\watchdog.sys
0x8B120000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B128000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B130000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B138000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B143000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B151000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B168000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B173000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8B1AD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F43E000 \SystemRoot\system32\drivers\afd.sys
0x8F498000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8F49F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F4BE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8F4CF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F4DD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F4F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F500000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F541000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F54B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F555000 \SystemRoot\System32\drivers\discache.sys
0x8F561000 \SystemRoot\system32\drivers\csc.sys
0x8F5C5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F5DD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F5EB000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8F400000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8B1DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B000000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x8F434000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8ADDF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F5F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91209000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x91239000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9123B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91248000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9124C000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x91255000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x9125F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x912AA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x912B9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x912D8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x912DE000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
0x92C11000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9368F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x93691000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93748000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91805000 \SystemRoot\system32\DRIVERS\athr.sys
0x91915000

broni · 2010/09/10

Did you read big, red sentence at the end of in my last reply?
Make sure, you follow ALL instructions very strictly.

MBRCheck log is incomplete.

soolshock · 2010/09/10

I did those things before I saw your reply.

Here's the full log:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 204):
0x82E02000 \SystemRoot\system32\ntkrnlpa.exe
0x83212000 \SystemRoot\system32\halmacpi.dll
0x80BAA000 \SystemRoot\system32\kdcom.dll
0x8A617000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8A622000 \SystemRoot\system32\PSHED.dll
0x8A633000 \SystemRoot\system32\BOOTVID.dll
0x8A63B000 \SystemRoot\system32\CLFS.SYS
0x8A67D000 \SystemRoot\system32\CI.dll
0x8A728000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A799000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A80E000 \SystemRoot\System32\Drivers\spvf.sys
0x8A90F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8A918000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8A93E000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8A986000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8A98E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8A999000 \SystemRoot\system32\DRIVERS\pci.sys
0x8A9C3000 \SystemRoot\System32\drivers\partmgr.sys
0x8A9D4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A9DC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A9E7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8A7A7000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A9F7000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8A800000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8A600000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A7F2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8AA11000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8AA34000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8AA3D000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AA71000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AA82000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8ABB1000 \SystemRoot\System32\Drivers\msrpc.sys
0x8ABDC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC24000 \SystemRoot\System32\Drivers\cng.sys
0x8AC81000 \SystemRoot\System32\drivers\pcw.sys
0x8AC8F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8AC98000 \SystemRoot\system32\drivers\ndis.sys
0x8AD4F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AD8D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8AE15000 \SystemRoot\System32\drivers\tcpip.sys
0x8AF5E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AF8F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8AF98000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8AFD7000 \SystemRoot\System32\Drivers\spldr.sys
0x8ADB2000 \SystemRoot\System32\drivers\rdyboost.sys
0x8AFDF000 \SystemRoot\System32\Drivers\mup.sys
0x8AFEF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B026000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B058000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B069000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B0C0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B0DF000 \SystemRoot\System32\Drivers\Null.SYS
0x8B0E6000 \SystemRoot\System32\drivers\vga.sys
0x8B0F2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B113000 \SystemRoot\System32\drivers\watchdog.sys
0x8B120000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B128000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B130000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B138000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B143000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B151000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B168000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B173000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8B1AD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F43E000 \SystemRoot\system32\drivers\afd.sys
0x8F498000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8F49F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F4BE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8F4CF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F4DD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F4F0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F500000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F541000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F54B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F555000 \SystemRoot\System32\drivers\discache.sys
0x8F561000 \SystemRoot\system32\drivers\csc.sys
0x8F5C5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F5DD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F5EB000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8F400000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8B1DF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B000000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x8F434000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8ADDF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F5F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91209000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x91239000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9123B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91248000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9124C000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x91255000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x9125F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x912AA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x912B9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x912D8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x912DE000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
0x92C11000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9368F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x93691000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93748000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91805000 \SystemRoot\system32\DRIVERS\athr.sys
0x91915000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9191F000 \SystemRoot\System32\Drivers\abmw5hyo.SYS
0x91956000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91963000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91975000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9198D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91998000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x919BA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x919D2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x919E9000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93781000 \SystemRoot\System32\Drivers\pcouffin.sys
0x9378D000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91800000 \SystemRoot\system32\DRIVERS\swenum.sys
0x93797000 \SystemRoot\system32\DRIVERS\ks.sys
0x937CB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91323000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x937D9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91367000 \SystemRoot\system32\drivers\CHDRT32.sys
0x9801F000 \SystemRoot\system32\drivers\portcls.sys
0x9804E000 \SystemRoot\system32\drivers\drmk.sys
0x98067000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x980A4000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x98420000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x984D5000 \SystemRoot\system32\drivers\modem.sys
0x984E2000 \SystemRoot\system32\drivers\nvhda32v.sys
0x99790000 \SystemRoot\System32\win32k.sys
0x984FF000 \SystemRoot\System32\drivers\Dxapi.sys
0x98509000 \SystemRoot\System32\Drivers\crashdmp.sys
0x98516000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x98521000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9852A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9853B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x98552000 \SystemRoot\System32\Drivers\usbvideo.sys
0x98576000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x98589000 \SystemRoot\system32\DRIVERS\monitor.sys
0x999F0000 \SystemRoot\System32\TSDDD.dll
0x99620000 \SystemRoot\System32\cdd.dll
0x98594000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9859F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x985B2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x985B9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x985C5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x99640000 \SystemRoot\System32\ATMFD.DLL
0x985D0000 \SystemRoot\system32\drivers\luafv.sys
0x98400000 \SystemRoot\system32\drivers\WudfPf.sys

broni · 2010/09/10

It's still incomplete...

soolshock · 2010/09/10

Really sorry about that...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 204):
0x82E4D000 \SystemRoot\system32\ntkrnlpa.exe
0x82E16000 \SystemRoot\system32\halmacpi.dll
0x80BA1000 \SystemRoot\system32\kdcom.dll
0x8A60D000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8A618000 \SystemRoot\system32\PSHED.dll
0x8A629000 \SystemRoot\system32\BOOTVID.dll
0x8A631000 \SystemRoot\system32\CLFS.SYS
0x8A673000 \SystemRoot\system32\CI.dll
0x8A71E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A78F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A808000 \SystemRoot\System32\Drivers\spnr.sys
0x8A909000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8A912000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8A938000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8A980000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8A988000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8A993000 \SystemRoot\system32\DRIVERS\pci.sys
0x8A9BD000 \SystemRoot\System32\drivers\partmgr.sys
0x8A9CE000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A9D6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A9E1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8A79D000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A9F1000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8A7E8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8AA39000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AA4F000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8AA58000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8AA7B000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8AA84000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AAB8000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AAC9000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AA00000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AC39000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC4C000 \SystemRoot\System32\Drivers\cng.sys
0x8ACA9000 \SystemRoot\System32\drivers\pcw.sys
0x8ACB7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8ACC0000 \SystemRoot\system32\drivers\ndis.sys
0x8AD77000 \SystemRoot\system32\drivers\NETIO.SYS
0x8ADB5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8AE23000 \SystemRoot\System32\drivers\tcpip.sys
0x8AF6C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AF9D000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8AFA6000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8AFE5000 \SystemRoot\System32\Drivers\spldr.sys
0x8AC00000 \SystemRoot\System32\drivers\rdyboost.sys
0x8AFED000 \SystemRoot\System32\Drivers\mup.sys
0x8AE00000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B014000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B046000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B057000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B0AE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B0CD000 \SystemRoot\System32\Drivers\Null.SYS
0x8B0D4000 \SystemRoot\System32\drivers\vga.sys
0x8B0E0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B101000 \SystemRoot\System32\drivers\watchdog.sys
0x8B10E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B116000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B11E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B126000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B131000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B13F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B156000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B161000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8B19B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FA03000 \SystemRoot\system32\drivers\afd.sys
0x8FA5D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8FA64000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FA83000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8FA94000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FAA2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FAB5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FAC5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FB06000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FB10000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FB1A000 \SystemRoot\System32\drivers\discache.sys
0x8FB26000 \SystemRoot\system32\drivers\csc.sys
0x8FB8A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FBA2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8FBB0000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8FBB6000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8B1CD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8FBEA000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x8B1EE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8AE08000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9060F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9063F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90641000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9064E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90652000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x9065B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90665000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x906B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x906BF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x906DE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x906E4000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
0x9102E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91AAC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x91AAE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91B65000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91E26000 \SystemRoot\system32\DRIVERS\athr.sys
0x91F36000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x91F40000 \SystemRoot\System32\Drivers\ahoycj2d.SYS
0x91F77000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91F84000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91F96000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91FAE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91FB9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91FDB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91E00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91B9E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91E17000 \SystemRoot\System32\Drivers\pcouffin.sys
0x91FF3000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91FFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91BB5000 \SystemRoot\system32\DRIVERS\ks.sys
0x91BE9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90729000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91000000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9076D000 \SystemRoot\system32\drivers\CHDRT32.sys
0x97A10000 \SystemRoot\system32\drivers\portcls.sys
0x97A3F000 \SystemRoot\system32\drivers\drmk.sys
0x97A58000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x97A95000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x97C14000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x97CC9000 \SystemRoot\system32\drivers\modem.sys
0x97CD6000 \SystemRoot\system32\drivers\nvhda32v.sys
0x98E80000 \SystemRoot\System32\win32k.sys
0x97CF3000 \SystemRoot\System32\drivers\Dxapi.sys
0x97CFD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x97D0A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x97D15000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x97D1E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97D2F000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x97D42000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x97D59000 \SystemRoot\System32\Drivers\usbvideo.sys
0x97D7D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x990E0000 \SystemRoot\System32\TSDDD.dll
0x99110000 \SystemRoot\System32\cdd.dll
0x97D88000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x97D93000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97DA6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97DAD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x97DB9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x99130000 \SystemRoot\System32\ATMFD.DLL
0x97DC4000 \SystemRoot\system32\drivers\luafv.sys
0x97DDF000 \SystemRoot\system32\drivers\WudfPf.sys
0x97C00000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97B97000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x97BDD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x97BED000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9CE03000 \SystemRoot\system32\drivers\HTTP.sys
0x9CE88000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9CEA1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9CEB3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CED6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CF11000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CF44000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9CF48000 \SystemRoot\system32\drivers\peauth.sys
0x9CFDF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8B07C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9CFE9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CFF6000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0xA0E29000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0E78000 \SystemRoot\System32\DRIVERS\srv.sys
0x77430000 \Windows\System32\ntdll.dll
0x48290000 \Windows\System32\smss.exe
0x77670000 \Windows\System32\apisetschema.dll
0x00440000 \Windows\System32\autochk.exe
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\alcoholx.dll
0x77290000 \Windows\System32\setupapi.dll
0x775B0000 \Windows\System32\rpcrt4.dll
0x77210000 \Windows\System32\comdlg32.dll
0x77570000 \Windows\System32\ws2_32.dll
0x771C0000 \Windows\System32\Wldap32.dll
0x770F0000 \Windows\System32\msctf.dll
0x770A0000 \Windows\System32\gdi32.dll
0x77000000 \Windows\System32\usp10.dll
0x76F70000 \Windows\System32\oleaut32.dll
0x76F60000 \Windows\System32\lpk.dll
0x76EC0000 \Windows\System32\advapi32.dll
0x76DF0000 \Windows\System32\user32.dll
0x76DD0000 \Windows\System32\imm32.dll
0x76DB0000 \Windows\System32\sechost.dll
0x76DA0000 \Windows\System32\psapi.dll
0x76CF0000 \Windows\System32\msvcrt.dll
0x76CE0000 \Windows\System32\normaliz.dll
0x76AE0000 \Windows\System32\iertutil.dll
0x76980000 \Windows\System32\ole32.dll
0x76840000 \Windows\System32\urlmon.dll
0x767B0000 \Windows\System32\clbcatq.dll
0x76780000 \Windows\System32\imagehlp.dll
0x76720000 \Windows\System32\shlwapi.dll
0x75AD0000 \Windows\System32\shell32.dll
0x75A70000 \Windows\System32\difxapi.dll
0x75970000 \Windows\System32\wininet.dll
0x75960000 \Windows\System32\nsi.dll
0x75880000 \Windows\System32\kernel32.dll
0x75830000 \Windows\System32\KernelBase.dll
0x75710000 \Windows\System32\crypt32.dll
0x756F0000 \Windows\System32\devobj.dll
0x756C0000 \Windows\System32\wintrust.dll
0x75630000 \Windows\System32\comctl32.dll
0x75600000 \Windows\System32\cfgmgr32.dll
0x755F0000 \Windows\System32\msasn1.dll

Processes (total 62):
0 System Idle Process
4 System
240 C:\Windows\System32\smss.exe
344 csrss.exe
404 C:\Windows\System32\wininit.exe
416 csrss.exe
424 C:\Program Files\AVG\AVG9\avgchsvx.exe
440 C:\Program Files\AVG\AVG9\avgrsx.exe
512 C:\Windows\System32\services.exe
528 C:\Windows\System32\lsass.exe
536 C:\Windows\System32\lsm.exe
584 C:\Program Files\AVG\AVG9\avgcsrvx.exe
832 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\winlogon.exe
944 C:\Windows\System32\nvvsvc.exe
972 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\svchost.exe
1728 C:\Windows\System32\spoolsv.exe
1788 C:\Windows\System32\svchost.exe
1904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1924 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1952 C:\Program Files\Bonjour\mDNSResponder.exe
2008 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2032 C:\Windows\System32\svchost.exe
260 C:\Program Files\SafeConnect\scManager.sys
372 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
296 C:\Windows\System32\svchost.exe
1248 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2352 C:\Windows\System32\svchost.exe
2412 C:\Program Files\AVG\AVG9\avgnsx.exe
2688 C:\Windows\System32\SearchIndexer.exe
2804 C:\Windows\System32\nvvsvc.exe
2916 C:\Windows\System32\taskhost.exe
3044 C:\Windows\System32\dwm.exe
3108 C:\Windows\explorer.exe
3288 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3296 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3344 C:\Program Files\AVG\AVG9\avgtray.exe
3372 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3384 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3628 C:\Program Files\iTunes\iTunesHelper.exe
3636 C:\Program Files\Steam\Steam.exe
3708 C:\Program Files\SafeConnect\SCClient.exe
3844 C:\Windows\System32\svchost.exe
2748 C:\Program Files\iPod\bin\iPodService.exe
2160 C:\Program Files\Windows Media Player\wmpnetwk.exe
3100 C:\Windows\System32\svchost.exe
1696 C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
1420 C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugin-container.exe
3488 C:\Windows\System32\conhost.exe
2092 C:\Windows\System32\wuauclt.exe
2732 C:\Windows\System32\audiodg.exe
2976 WmiPrvSE.exe
1652 C:\Users\Ben\Desktop\MBRCheck.exe
3772 C:\Windows\System32\conhost.exe
2520 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

broni · 2010/09/10

That looks good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Inactive wininit.exe Trojan Patched_c.IWU

soolshock Inactive Thread Starter

Admin. Administrator Administrator Staff

soolshock Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

soolshock Inactive Thread Starter

broni Moderator Malware Analyst

soolshock Inactive Thread Starter

broni Moderator Malware Analyst

soolshock Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive wininit.exe Trojan Patched_c.IWU

soolshock Inactive Thread Starter

Admin. Administrator Administrator Staff

soolshock Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

soolshock Inactive Thread Starter

broni Moderator Malware Analyst

soolshock Inactive Thread Starter

broni Moderator Malware Analyst

soolshock Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches