1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive MBRCheck question

Discussion in 'Malware and Virus Removal Archive' started by slipperystuff, 2011/03/15.

Thread Status:
Not open for further replies.
  1. 2011/03/15
    slipperystuff

    slipperystuff Well-Known Member Thread Starter

    Joined:
    2005/03/08
    Messages:
    33
    Likes Received:
    0
    [Inactive] MBRCheck question

    Whilst running the MBR check program as instructed in the before you post, MBR reports

    "\\ physical drive 2 TRE: unknown MBR CODE "

    physical drive o just says the MBR is detected.
    Whats up with the unknown MBR code????
     
    slipperystuff,
    #1
  2. 2011/03/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Don't worry about it.
    Post all logs and I'll check them out.
     
    broni,
    #2


  3. to hide this advert.

  4. 2011/03/15
    slipperystuff

    slipperystuff Well-Known Member Thread Starter

    Joined:
    2005/03/08
    Messages:
    33
    Likes Received:
    0
    Basically my problem is when I enter a URL into Mozilla v3.6.15, the browser ends up with a search result rather then the target website.I ran hijackthis and I am not able to remove unwanted entries, even though I run it as admin. Below is the hijack this log, along with the other requested. Hopefully I am posting this correctly. Apologies if not, dont taze me bro.

    HIJACK LOG

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:53:36 AM, on 3/15/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16722)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\sfs\Desktop\STUFF\TOOLS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
    O4 - Global Startup: FancyStart daemon.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    O23 - Service: B-Service - Unknown owner - C:\Users\sfs\AppData\Roaming\Mikogo\B-Service.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10297 bytes


    DDS LOG1:
    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by sfs at 22:26:09.37 on Tue 03/15/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6069.3860 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\explorer.exe
    C:\Windows\explorer.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\sfs\AppData\Roaming\Mikogo\Mikogo-Host.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\explorer.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\sfs\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
    mRun-x64: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\sfs\AppData\Roaming\Mozilla\Firefox\Profiles\w4zwgew3.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d0ef879&v=6.011.025.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Pixlr Grabber: {d47a9f51-8281-43fa-f450-f28ef8735e9a} - %profile%\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
    FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(general.useragent.extra.brc, BRI/1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-5 202752]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
    R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-12-19 142120]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-5 2314240]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
    R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-2 44032]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
    R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
    R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-5 56344]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-4-21 76912]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-23 7689216]
    R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2010-10-20 59048]
    R3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-12-20 517448]
    S3 B-Service;B-Service;C:\Users\sfs\AppData\Roaming\Mikogo\B-Service.exe [2010-12-23 185640]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-5 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-5 79360]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S4 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-5 379520]
    .
    =============== Created Last 30 ================
    .
    2011-03-15 22:05:28 -------- d-----w- C:\Users\sfs\AppData\Roaming\Malwarebytes
    2011-03-15 22:05:24 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-15 22:05:24 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-03-15 22:05:21 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-03-15 22:05:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-03-15 21:35:00 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-03-15 21:34:58 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3B1F62B9-292A-460D-84B5-9897637A7537}\mpengine.dll
    2011-03-15 21:05:44 388096 ----a-r- C:\Users\sfs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-15 21:05:44 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-03-12 18:30:17 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2011-03-12 18:30:17 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2011-03-12 18:30:17 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-03-12 18:30:17 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2011-03-12 18:30:17 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2011-03-12 18:30:17 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2011-03-12 18:30:17 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2011-03-12 18:30:17 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-03-12 18:30:17 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-03-12 18:30:17 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2011-03-12 18:25:54 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2011-03-12 18:24:33 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-03-12 18:24:33 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2011-03-12 18:24:33 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2011-03-12 18:24:33 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2011-03-12 18:24:33 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-03-12 18:24:33 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-03-12 18:24:33 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-03-12 18:24:33 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-03-12 18:24:33 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2011-03-12 18:24:33 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2011-03-12 18:24:20 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2011-03-12 18:24:20 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2011-03-12 18:24:20 112000 ----a-w- C:\Windows\System32\consent.exe
    2011-03-12 18:23:49 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2011-03-12 18:23:49 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-03-12 18:23:49 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-03-12 18:23:49 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2011-03-12 18:23:49 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-03-12 18:12:24 -------- d-----w- C:\Program Files (x86)\Common Files\ControlDeck
    2011-03-07 16:27:14 -------- d-----w- C:\Program Files (x86)\Scan2CADv8
    2011-03-07 16:27:06 -------- d-----w- C:\Windows\Scan2CAD v8
    .
    ==================== Find3M ====================
    .
    2011-02-02 22:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-01-28 14:53:36 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-01-28 14:53:36 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-23 06:07:50 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2010-12-23 06:07:49 723968 ----a-w- C:\Windows\System32\EncDec.dll
    2010-12-23 06:02:33 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-12-23 05:28:29 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
    2010-12-23 05:28:28 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-12-23 05:28:28 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2010-12-23 05:24:02 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-12-18 06:15:38 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-18 06:12:28 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2010-12-18 06:08:15 1097216 ----a-w- C:\Windows\System32\mstsc.exe
    2010-12-18 05:32:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-18 05:30:20 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2010-12-18 05:26:55 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 22:26:32.14 ===============

    DDSLOG 2
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/19/2010 12:53:01 AM
    System Uptime: 3/15/2011 5:27:06 PM (5 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | G73Jh
    Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | Socket 989 | 1734/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 577 GiB total, 503.62 GiB free.
    D: is FIXED (FAT32) - 233 GiB total, 58.035 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP35: 2/19/2011 8:52:06 AM - Scheduled Checkpoint
    RP36: 2/24/2011 7:40:32 AM - Installed Adobe Reader X.
    RP37: 3/3/2011 4:27:11 PM - Scheduled Checkpoint
    RP38: 3/10/2011 7:10:20 PM - Scheduled Checkpoint
    RP39: 3/12/2011 1:17:22 PM - restorepoint
    RP40: 3/12/2011 1:27:42 PM - Windows Update
    RP41: 3/15/2011 5:05:25 PM - Installed HiJackThis
    RP42: 3/15/2011 5:29:50 PM - Windows Update
    RP43: 3/15/2011 5:34:46 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Alcor Micro USB Card Reader
    ASUS AI Recovery
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    Asus_G73_Screensaver
    ATK Package
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Canon Easy-PhotoPrint EX
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Choice Guard
    ControlDeck
    Creative MediaSource 5
    Express Gate
    HiJackThis
    Intel(R) Management Engine Components
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Microsoft Default Manager
    Microsoft Office 2010
    Microsoft Office XP Professional with FrontPage
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mikogo
    Mozilla Firefox (3.6.15)
    Mozilla Thunderbird (3.1.9)
    MSXML 4.0 SP3 Parser (KB973685)
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    REScheck 4.4.1 (Current User)
    Scan2CAD v8
    Sentinel Protection Installer 7.4.0
    SoftPlan 2012 [C:\SoftPlan2012]
    SoftPlan reView 2012 File Viewers
    SoftPlan version 14 [C:\SoftPlan14]
    Sound Blaster Audigy HD
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinFlash
    Wireless Console 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/15/2011 5:30:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.99.1226.0).
    3/15/2011 5:26:06 PM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
    3/15/2011 4:50:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR4.
    3/14/2011 9:54:04 PM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
    3/12/2011 2:20:35 PM, Error: Service Control Manager [7023] -
    .
    ==== End Of File ===========================


    GMER LOG IS EMPTY




    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6069

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/15/2011 10:56:57 PM
    mbam-log-2011-03-15 (22-56-57).txt

    Scan type: Quick scan
    Objects scanned: 160721
    Time elapsed: 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    slipperystuff,
    #3
  5. 2011/03/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I still need MBRCheck and GMER logs.
     
    broni,
    #4
  6. 2011/03/15
    slipperystuff

    slipperystuff Well-Known Member Thread Starter

    Joined:
    2005/03/08
    Messages:
    33
    Likes Received:
    0
    MBRCHECK

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer Inc.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: ASUSTeK Computer Inc.
    System Product Name: G73Jh
    Logical Drives Mask: 0x0000007c

    Kernel Drivers (total 170):
    0x02E01000 \SystemRoot\system32\ntoskrnl.exe
    0x033DE000 \SystemRoot\system32\hal.dll
    0x00BCC000 \SystemRoot\system32\kdcom.dll
    0x00C9B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CDF000 \SystemRoot\system32\PSHED.dll
    0x00CF3000 \SystemRoot\system32\CLFS.SYS
    0x00E5B000 \SystemRoot\system32\CI.dll
    0x00F1B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00FBF000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FCE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FD7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00D51000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00FE1000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00D84000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FEE000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00D99000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00DA5000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FF7000 \SystemRoot\system32\drivers\pciide.sys
    0x00C5C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x0104D000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x01169000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01172000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x0119C000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x011A7000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x011B2000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0124F000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0142E000 \SystemRoot\System32\Drivers\msrpc.sys
    0x0148C000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x014A6000 \SystemRoot\System32\Drivers\cng.sys
    0x01519000 \SystemRoot\System32\drivers\pcw.sys
    0x0152A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016BE000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01800000 \SystemRoot\System32\drivers\tcpip.sys
    0x017B0000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01534000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0168B000 \SystemRoot\System32\Drivers\spldr.sys
    0x01580000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01693000 \SystemRoot\System32\Drivers\mup.sys
    0x016A5000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x015BA000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x016AE000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
    0x01416000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
    0x02D88000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02DB2000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
    0x02DC1000 \SystemRoot\System32\Drivers\Null.SYS
    0x02DCA000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02DD1000 \SystemRoot\System32\drivers\vga.sys
    0x02C00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02C25000 \SystemRoot\System32\drivers\watchdog.sys
    0x02C35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02C3E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02C47000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02DDF000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02DEA000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01230000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x013F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03CFB000 \SystemRoot\system32\DRIVERS\avgtdia.sys
    0x03D5C000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03C00000 \SystemRoot\system32\drivers\afd.sys
    0x03C8A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03C93000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03CB9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x03CCF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03CDE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03DA1000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x0426B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x042BC000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x042C8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x042D3000 \SystemRoot\System32\drivers\discache.sys
    0x042E2000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04300000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x04311000 \SystemRoot\system32\DRIVERS\avgldx64.sys
    0x04361000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04814000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x04E4B000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04F3F000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04F85000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04FA9000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x04FBA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x04387000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x05608000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
    0x05D6A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x05D77000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x05D8C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x05DAA000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x05DFC000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04FCB000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x05600000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
    0x04FDA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04FE9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x043DD000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04FEE000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys
    0x04800000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04216000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0423A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03DB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04246000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x01014000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03DE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x05DFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x00DBA000 \SystemRoot\system32\DRIVERS\ks.sys
    0x01035000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04410000 \SystemRoot\system32\DRIVERS\bpenum.sys
    0x04447000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x044A1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x044B6000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x044D8000 \SystemRoot\system32\drivers\portcls.sys
    0x04515000 \SystemRoot\system32\drivers\drmk.sys
    0x04537000 \SystemRoot\system32\drivers\ksthunk.sys
    0x072BF000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x07502000 \SystemRoot\System32\Drivers\bpusb.sys
    0x0751C000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0752A000 \SystemRoot\system32\DRIVERS\bpmp.sys
    0x02C50000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x0755C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00040000 \SystemRoot\System32\win32k.sys
    0x0756F000 \SystemRoot\System32\drivers\Dxapi.sys
    0x0757B000 \SystemRoot\system32\DRIVERS\SNTUSB64.SYS
    0x07588000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0283D000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x02800000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x02811000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x0281A000 \SystemRoot\system32\drivers\AmUStor.SYS
    0x02829000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x075A5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x075C0000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x075CE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x029F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x075E7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x07200000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x00400000 \SystemRoot\System32\TSDDD.dll
    0x00670000 \SystemRoot\System32\cdd.dll
    0x0720D000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x07243000 \SystemRoot\system32\drivers\luafv.sys
    0x07266000 \SystemRoot\system32\drivers\WudfPf.sys
    0x07287000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0453D000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0729C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x04590000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x072AF000 \SystemRoot\system32\DRIVERS\TurboB.sys
    0x075F5000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x072B6000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    0x070CF000 \SystemRoot\system32\drivers\HTTP.sys
    0x07197000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x071B5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x071CD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x07000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0704E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07071000 \SystemRoot\System32\Drivers\Sentinel64.sys
    0x07096000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0x07CA5000 \SystemRoot\system32\drivers\peauth.sys
    0x07D4B000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x07D56000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07D83000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07D95000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0x07C00000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x080FA000 \SystemRoot\System32\DRIVERS\srv.sys
    0x08190000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x773D0000 \Windows\System32\ntdll.dll
    0x47EB0000 \Windows\System32\smss.exe
    0xFF6F0000 \Windows\System32\apisetschema.dll

    Processes (total 94):
    0 System Idle Process
    4 System
    360 C:\Windows\System32\smss.exe
    428 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    720 csrss.exe
    844 C:\Windows\System32\wininit.exe
    868 csrss.exe
    904 C:\Windows\System32\services.exe
    920 C:\Windows\System32\lsass.exe
    928 C:\Windows\System32\lsm.exe
    136 C:\Windows\System32\winlogon.exe
    408 C:\Windows\System32\svchost.exe
    672 C:\Windows\System32\svchost.exe
    480 C:\Windows\System32\atiesrxx.exe
    1072 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\svchost.exe
    1324 C:\Windows\System32\atieclxx.exe
    1448 C:\Windows\System32\svchost.exe
    1648 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    1712 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    1788 C:\Windows\System32\spoolsv.exe
    1820 C:\Windows\System32\svchost.exe
    1912 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    1952 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    2016 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1376 C:\Windows\System32\svchost.exe
    1484 C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    2068 C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    2100 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    2916 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    2940 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    2952 C:\Windows\System32\conhost.exe
    2968 WUDFHost.exe
    3396 C:\Windows\System32\taskhost.exe
    3572 C:\Windows\System32\taskeng.exe
    3648 C:\Program Files\P4G\BatteryLife.exe
    3660 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    3676 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    3692 C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    3756 C:\Windows\SysWOW64\ACEngSvr.exe
    3764 WmiPrvSE.exe
    3924 C:\Windows\System32\dwm.exe
    3952 C:\Windows\explorer.exe
    3948 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    3172 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1572 C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    1536 C:\Windows\System32\rundll32.exe
    3248 C:\Program Files\Windows Sidebar\sidebar.exe
    1524 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    1528 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3252 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    3324 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    3504 C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
    3832 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    3884 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    3944 C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
    4004 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    4184 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    4216 C:\Windows\System32\conhost.exe
    4316 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    4380 WmiPrvSE.exe
    4552 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    4608 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    4640 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4716 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4832 C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    5020 C:\Windows\System32\SearchIndexer.exe
    4396 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3524 C:\Windows\System32\svchost.exe
    5060 C:\Windows\System32\svchost.exe
    5376 C:\Windows\System32\wuauclt.exe
    4936 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    4748 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    5168 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    4376 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    4516 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    280 C:\Windows\System32\svchost.exe
    1800 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2660 C:\Windows\explorer.exe
    2008 C:\Windows\explorer.exe
    4420 C:\Windows\explorer.exe
    6136 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2760 C:\Users\sfs\AppData\Roaming\Mikogo\Mikogo-Host.exe
    5392 C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    5260 C:\Windows\explorer.exe
    6816 C:\Windows\explorer.exe
    6592 C:\Windows\explorer.exe
    196 C:\Windows\System32\audiodg.exe
    6232 dllhost.exe
    5544 dllhost.exe
    5728 C:\Users\sfs\Desktop\STUFF\TOOLS\MBRCheck.exe
    5820 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`e22cec00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: ST9640320AS, Rev: 0002SDM1
    PhysicalDrive2 Model Number: WDC WD2500JS-00NCB1, Rev:

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    232 GB \\.\PhysicalDrive2 RE: Unknown MBR code
    SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
    Enter filename to dump to: mbrdumpDumped successfully!

    Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...
    Enter filename to dump to: phymbrdumpError: Drive not fixed!

    Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
    Enter filename to dump to: phyodumpDumped successfully!

    Enter the physical disk number to dump (0-99, -1 to exit): 1Dumping \\.\PhysicalDisk1...
    Enter filename to dump to:


    The GMER log is empty, and reports "no system changes detected "


    thanks for looking
     
    slipperystuff,
    #5
  7. 2011/03/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your MBR looks just fine.
    This is your bootable drive:
    \\.\C: --> \\.\PhysicalDrive0
    and
    \\.\PhysicalDrive0 Windows 7 MBR code detected

    Are you having any issues with your computer?
     
    broni,
    #6
  8. 2011/03/16
    slipperystuff

    slipperystuff Well-Known Member Thread Starter

    Joined:
    2005/03/08
    Messages:
    33
    Likes Received:
    0
    the computer seems to run fine

    the browser on the other hand doesnt seem to want to go where i point it........end up with a search result even though i enter a valid URL.

    I have a bunch of "unknown owners" in the registry according to hijack this, which i am not able to remove using hijack this.
     
    slipperystuff,
    #7
  9. 2011/03/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, explain.

    We'll do more checking.
    Which browser is affected?

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #8
  10. 2011/03/18
    slipperystuff

    slipperystuff Well-Known Member Thread Starter

    Joined:
    2005/03/08
    Messages:
    33
    Likes Received:
    0
    following are the unknown errors that hijack this will not delete:

    i will run combofix as you directed and post result




    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    slipperystuff,
    #9
  11. 2011/03/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    HJT is not compatible with 64-bit Windows and that's one of the reasons, we don't use it around here anymore.
    Incompatibility is causing the above readings.
     
    broni,
    #10
  12. 2011/03/20
    slipperystuff

    slipperystuff Well-Known Member Thread Starter

    Joined:
    2005/03/08
    Messages:
    33
    Likes Received:
    0
    if thats the case i think i will leave well enouph alone......
     
    slipperystuff,
    #11
  13. 2011/03/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're still getting redirected, right?
     
    broni,
    #12
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...