DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280
Run by Matt at 18:08:26 on 2014-09-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.506 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\nvvsvc.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\Smc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Belkin Storage Manager\StorageManager.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files\Ruiware\WinPatrol\WinPatrolEx.exe
C:\Program Files\IObit\Advanced SystemCare 6\Suc10_Uninstal.exe
C:\Windows\system32\cleanmgr.exe
C:\Users\Matt\AppData\Local\Temp\2D2A1885-2B5A-49DE-9762-8DE1D7DAFF0B\dismhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://feed.snapdo.com/?publisher=Tuguu ... type=ds&q={searchTerms}&installDate=21/01/2014
uSearch Page = hxxp://feed.snapdo.com/?publisher=Tuguu ... type=ds&q={searchTerms}&installDate=21/01/2014
mStart Page = about:blank
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=Tuguu ... type=ds&q={searchTerms}&installDate=21/01/2014
BHO: Translate Genius: {037f6ebe-1b5b-438b-b4b2-9dc9f17f234d} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\ips\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
uRun: [Google Update] "c:\users\matt\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Belkin Storage Manager] "c:\program files\belkin storage manager\StorageManager.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{DF199DDA-B0EB-4487-9755-6FBB1D64BBB6} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{DF199DDA-B0EB-4487-9755-6FBB1D64BBB6}\353656E6963602055726C696360275962756C6563737 : DHCPNameServer = 10.100.0.1 202.37.101.1 202.37.101.2
TCP: Interfaces\{DF199DDA-B0EB-4487-9755-6FBB1D64BBB6}\3577565647771647562763 : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs= c:\progra~1\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\b97c34uf.default-1391741145504\
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\users\matt\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\SymDS.sys [2013-10-20 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\SymEFA.sys [2013-10-20 935512]
R1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\bashdefs\20140913.012\BHDrvx86.sys [2014-9-16 1101616]
R1 ccSettings_{974A0163-23BB-4C9D-A3C2-611667F7A450};Symantec Endpoint Protection 12.1.4013.4013.105 Settings Manager;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\ccSetx86.sys [2013-10-20 134744]
R1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.4013.4013.105\data\definitions\ipsdefs\20140915.011\IDSvix86.sys [2014-9-16 395992]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\Ironx86.sys [2013-10-20 175192]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c010fad\0fad.105\x86\symnets.sys [2013-10-20 341080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-9-12 111408]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-2-7 16024]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-5-18 89856]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-5-18 184192]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.4013.4013.105\bin\SyDvCtrl32.sys [2013-10-20 28576]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-21 52224]
.
=============== Created Last 30 ================
.
2014-09-22 00:38:50 -------- d-----w- c:\users\matt\appdata\roaming\WinPatrol
2014-09-22 00:37:46 -------- d-----w- c:\program files\Ruiware
2014-09-22 00:37:45 -------- d-----w- c:\programdata\InstallMate
2014-09-19 19:07:50 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ad5af447-5db8-49dd-aca0-1c71a968849c}\offreg.dll
2014-09-19 19:01:59 23864 ----a-w- c:\program files\mozilla firefox\updated\components\Scriptff.dll
2014-09-19 19:01:59 2106216 ----a-w- c:\program files\mozilla firefox\updated\D3DCompiler_43.dll
2014-09-19 19:01:59 114288 ----a-w- c:\program files\mozilla firefox\updated\crashreporter.exe
2014-09-19 19:01:56 74864 ----a-w- c:\program files\mozilla firefox\updated\breakpadinjector.dll
2014-09-19 19:01:56 47216 ----a-w- c:\program files\mozilla firefox\updated\browser\components\browsercomps.dll
2014-09-19 19:01:56 20080 ----a-w- c:\program files\mozilla firefox\updated\AccessibleMarshal.dll
2014-09-19 19:00:13 8806800 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ad5af447-5db8-49dd-aca0-1c71a968849c}\mpengine.dll
2014-09-13 18:33:02 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-12 23:20:45 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-12 23:20:45 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-12 23:19:17 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-12 23:19:07 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-12 23:18:49 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-12 23:18:48 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-06 21:24:17 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-09-06 21:24:16 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-09-06 20:42:12 -------- d-----w- c:\programdata\RoyallShopperApp
.
==================== Find3M ====================
.
2014-09-10 06:17:08 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-10 03:33:35 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 03:33:35 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-25 13:53:44 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-07-25 09:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-23 01:44:26 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-07-23 01:32:41 33264 ----a-w- c:\windows\system32\drivers\WGX.SYS
2014-07-23 01:32:40 420752 ----a-w- c:\windows\system32\SymVPN.dll
2014-07-23 01:32:39 136080 ----a-w- c:\windows\system32\FwsVpn.dll
2014-07-23 01:32:39 11152 ----a-w- c:\windows\system32\sysferThunk.dll
2014-07-23 01:32:38 361360 ----a-w- c:\windows\system32\sysfer.dll
2014-07-23 01:32:38 126440 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2014-07-16 02:46:02 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-14 01:42:02 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-06-30 22:14:53 8856 ----a-w- c:\windows\system32\icardres.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC74P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82C41000]<< >>UNKNOWN [0x893B4000]<< >>UNKNOWN [0x89400000]<< >>UNKNOWN [0x88CC9000]<< >>UNKNOWN [0x82C0A000]<< >>UNKNOWN [0x833B7000]<< >>UNKNOWN [0x88DD6000]<< >>UNKNOWN [0x8F0DB000]<< >>UNKNOWN [0x88D7B000]<< >>UNKNOWN [0x8923A000]<< >>UNKNOWN [0x88FD8000]<< >>UNKNOWN [0x88C00000]<< >>UNKNOWN [0x8F681000]<< >>UNKNOWN [0x8959A000]<< >>UNKNOWN [0x89355000]<< >>UNKNOWN [0x89382000]<< >>UNKNOWN [0x99414000]<< >>UNKNOWN [0x94F47000]<< >>UNKNOWN [0x94814000]<< >>UNKNOWN [0x88DDD000]<< >>UNKNOWN [0x88C28000]<< >>UNKNOWN [0x88D57000]<< >>UNKNOWN [0x89035000]<< >>UNKNOWN [0x832A0000]<< >>UNKNOWN [0x9294D000]<< >>UNKNOWN [0x9988C000]<< >>UNKNOWN [0x82D6190B]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\Harddisk0\DR0[0x85C52030]
\Driver\Disk[0x85C50620] -> IRP_MJ_CREATE -> 0x893B839F
3 [0x893B859E] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> [0x857D0270]
\Driver\ACPI[0x84E59B48] -> IRP_MJ_CREATE -> 0x88CD24CC
5 [0x88CD23D4] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\Ide\IdeDeviceP0T0L0-0[0x857D7030]
\Driver\atapi[0x857CE418] -> IRP_MJ_CREATE -> 0x833D18CE
7 [0x82E37AE7] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\HarddiskVolume2[0x85C54DE0]
\Driver\volmgr[0x857C4F38] -> IRP_MJ_CREATE -> 0x88D7C49A
9 [0x82E87511] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\MountPointManager[0x857CED90]
\Driver\mountmgr[0x857CD858] -> IRP_MJ_CREATE -> 0x88C07E84
11 [0x82E73C90] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\MountPointManager[0x857CED90]
\Driver\mountmgr[0x857CD858] -> IRP_MJ_CREATE -> 0x88C07E84
13 [0x82E37B8C] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> \Device\MountPointManager[0x857CED90]
\Driver\mountmgr[0x857CD858] -> IRP_MJ_CREATE -> 0x88C07E84
15 [0x82E87511] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> [0x85C58020]
\Driver\volsnap[0x85C1D7B0] -> IRP_MJ_CREATE -> 0x895CC038
17 [0x895CC056] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> [0x85C55B08]
\Driver\rdyboost[0x85C1ABF0] -> IRP_MJ_CREATE -> 0x8935C0A6
19 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA] -> [0x85C56BE8]
\Driver\fvevol[0x85C1AE00] -> IRP_MJ_CREATE -> 0x89383836
21 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
23 [0x82E73C90] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
25 [0x8959D92E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
27 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
29 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
31 [0x88C09036] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
33 [0x895CA211] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
35 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
37 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
39 [0x88C09036] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
41 [0x895CA211] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
43 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
45 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
47 [0x82E72BF1] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
49 [0x895A4D4B] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
51 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
53 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
55 [0x82E37C28] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
57 [0x895ABC85] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
59 [0x89361774] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
61 [0x8938346F] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
63 [0x88D7C9A8] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
65 [0x88D58111] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
67 [0x893B859E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
69 [0x88CD23D4] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
71 [0x893B859E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
73 [0x88CD23D4] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
75 [0x82E73C90] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
77 [0x8959D92E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
79 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
81 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
83 [0x88C09036] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
85 [0x895CA211] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
87 [0x8935C089] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
89 [0x8938384E] -> ntkrnlpa!IofCallDriver[0x82C77BBA]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:11:24.45 ===============
Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/20/2011 7:29:07 PM
System Uptime: 9/14/2014 8:50:58 PM (166 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | Microprocessor | 2167/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 14.376 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: USB\VID_046D&PID_08C6&MI_00\6&2736F340&0&0000
Manufacturer:
Name:
PNP Device ID: USB\VID_046D&PID_08C6&MI_00\6&2736F340&0&0000
Service:
.
==== System Restore Points ===================
.
RP330: 9/19/2014 11:58:21 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader 9.5.4
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belkin Storage Manager
Bonjour
Camtasia Studio 7
CaptureWizPro 4.40
Conexant HDA D110 MDC V.92 Modem
FLV Player
Free Mp3 Wma Converter V 2.2
Google Chrome
HyperCam 2
iExplorer 3.2.5.0
IObit Malware Fighter
iTunes
Logitech QuickCam
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MyFreeCodec
NVIDIA Drivers
Optimizer Pro v3.2
PDF reDirect (remove only)
QuickTime
RICOH Media Driver ver.2.07.01.04
Samsung Kies3
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (3.0.0.6005)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Spybot - Search & Destroy
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Torch
Translate Genius
TrueCrypt
Unlocker 1.9.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.6
WinPatrol
WinRAR 4.01 (32-bit)
.
==== End Of File ===========================