Inactive Threat found MBR sector of the 1. physical disk.

garfield · 2010/12/28

[Inactive] Threat found MBR sector of the 1. physical disk.

Please help I have Eset Smart Security 4 with the following threat found.
Object:
MBR sector of the 1 physical disk
Threat :
Win32/Olmarik.AJLtrojan
Comment:
Error while cleaning
I try running combix I attached the log here is also show a different threat found Backdoor TDL4 I am running windows vista Home any help would be greatful. I also ran Tdskiller also find virus in boot sector and will not cure it. I also ran hitpro same results.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST9500325AS rev.0001SDM1 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 9 !

ComboFix 10-12-23.05 - Gartoy 12/28/2010 11:14:00.2.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3004.1828 [GMT -5:00]
Running from: c:\users\Gartoy\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!userinit.exe

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 )))))))))))))))))))))))))))))))
.

2010-12-28 16:42 . 2010-12-28 16:42 -------- d-----w- c:\users\tester.Happy.000\AppData\Local\temp
2010-12-28 16:42 . 2010-12-28 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-28 06:36 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD4069AF-2F69-4D90-BA31-DFB56FE363CC}\mpengine.dll
2010-12-28 03:35 . 2010-12-28 04:46 -------- d-----w- c:\program files\Exterminate It!
2010-12-28 00:53 . 2010-12-28 15:01 -------- d-----w- c:\users\Gartoy\DoctorWeb
2010-12-28 00:20 . 2010-12-28 00:43 -------- d-----w- c:\users\Gartoy\AppData\Local\NPE
2010-12-27 21:57 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-12-27 21:57 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-12-27 21:57 . 2010-11-17 15:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-27 21:57 . 2010-11-17 15:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-27 21:57 . 2010-11-25 15:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-27 21:57 . 2010-11-25 15:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-27 21:57 . 2010-11-25 15:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-27 21:57 . 2010-12-28 16:47 -------- d-----w- c:\program files\PC Tools Security
2010-12-27 21:57 . 2010-12-27 22:02 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-27 21:57 . 2010-12-27 21:57 -------- d-----w- c:\users\Gartoy\AppData\Roaming\PC Tools
2010-12-27 21:43 . 2010-12-27 22:45 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-27 21:41 . 2010-12-27 21:57 -------- d-----w- c:\programdata\PC Tools
2010-12-27 18:51 . 2010-12-27 19:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-27 18:51 . 2010-12-27 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 18:32 . 2010-12-27 18:32 -------- d-----w- c:\program files\CCleaner
2010-12-27 00:06 . 2010-12-27 00:06 -------- d-----w- c:\users\Gartoy\AppData\Local\Adobe
2010-12-24 23:35 . 2010-12-24 23:35 -------- d-----w- c:\users\Gartoy\AppData\Local\Apple
2010-12-24 13:30 . 2009-04-11 06:32 19944 ----a-w- C:\atapi.sys
2010-12-24 03:21 . 2010-12-24 03:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-24 03:20 . 2010-12-24 03:33 -------- d-----w- c:\programdata\Hitman Pro
2010-12-24 01:59 . 2010-12-28 16:49 -------- d-----w- c:\users\Gartoy\AppData\Local\temp
2010-12-22 20:23 . 2010-12-22 20:23 -------- d-----w- C:\$AVG
2010-12-22 17:55 . 2010-12-22 17:55 388096 ----a-r- c:\users\Gartoy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-22 01:27 . 2010-12-22 01:34 -------- d-----w- c:\users\Gartoy\AppData\Roaming\vlc
2010-12-22 01:25 . 2010-12-22 01:25 -------- d-----w- c:\program files\VideoLAN
2010-12-16 01:07 . 2010-12-16 01:07 -------- d-----w- c:\users\Gartoy\AppData\Roaming\dvdcss
2010-12-16 00:48 . 2010-12-16 00:48 -------- d-----w- c:\program files\Freemake
2010-12-16 00:27 . 2009-09-27 14:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-12-16 00:27 . 2004-02-22 15:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-12-16 00:27 . 2010-12-16 00:27 -------- d-----w- c:\program files\AviSynth 2.5
2010-12-16 00:27 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-16 00:27 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-12-16 00:20 . 2010-12-16 00:20 -------- d-----w- c:\program files\eRightSoft
2010-12-15 16:02 . 2010-12-15 16:02 -------- d-----w- c:\users\Gartoy\AppData\Roaming\webex
2010-12-15 16:00 . 2010-12-15 18:03 -------- d-----w- c:\programdata\WebEx
2010-12-15 03:28 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 03:28 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 03:28 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 03:28 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 03:28 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 02:51 . 2010-12-15 02:51 -------- d-----w- c:\program files\DVDx
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-08 20:03 . 2010-12-08 20:03 -------- d-----w- c:\programdata\gogii
2010-12-08 20:01 . 2010-12-08 20:02 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-07 15:36 . 2008-02-28 07:51 372736 ----a-w- c:\windows\system32\aestecap.dll
2010-12-07 15:36 . 2007-03-05 05:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-12-07 15:36 . 2008-02-28 07:51 133632 ----a-w- c:\windows\system32\aestacap.dll
2010-12-07 15:36 . 2008-04-17 00:50 2469888 ----a-w- c:\windows\system32\stlang.dll
2010-12-07 15:36 . 2008-02-28 07:51 73728 ----a-w- c:\windows\system32\AESTCom.dll
2010-12-07 15:36 . 2008-04-17 00:49 512000 ----a-w- c:\windows\system32\idtmini1.exe
2010-12-07 15:36 . 2008-04-17 00:49 5550145 ----a-w- c:\windows\system32\idtcpl.cpl
2010-12-06 16:21 . 2010-12-06 16:21 -------- d-----w- c:\users\Gartoy\AppData\Local\HCSShell
2010-12-06 01:26 . 2010-12-06 01:26 -------- d-----w- c:\users\Gartoy\AppData\Local\Avanquest North America
2010-12-06 01:26 . 2010-12-06 01:26 -------- d-----w- c:\users\Gartoy\AppData\Local\Creative Home
2010-12-05 17:00 . 2010-12-05 17:00 -------- d-----w- c:\program files\New Folder
2010-12-05 16:58 . 2010-12-05 16:53 388608 ----a-w- C:\HijackThis1.exe
2010-12-01 15:55 . 2010-12-01 15:55 -------- d-----w- c:\users\Gartoy\AppData\Roaming\GameMill Entertainment
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-28 17:57 . 2010-11-28 17:57 -------- d-----w- c:\users\Gartoy\AppData\Roaming\PlayPond
2010-11-28 17:57 . 2010-11-28 17:57 -------- d-----w- c:\programdata\Trymedia
2010-11-28 17:56 . 2010-11-28 17:56 -------- d-----w- c:\program files\Mystery Legends Phantom of the Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-01-15 22:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-01-15 22:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 19:53 . 2010-11-02 19:53 12 ----a-w- c:\windows\Fonts\wfonts.key
2010-10-19 15:41 . 2009-10-04 06:25 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-05-02 23:00 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-20 23:00 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-15 23:00 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{196252dc-bf6d-4aa2-bb39-038d9495b561} "= "c:\program files\Winster\tbWin0.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{196252dc-bf6d-4aa2-bb39-038d9495b561}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{196252dc-bf6d-4aa2-bb39-038d9495b561}]
2009-11-09 23:38 2331672 ----a-w- c:\program files\Winster\tbWin0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{196252dc-bf6d-4aa2-bb39-038d9495b561} "= "c:\program files\Winster\tbWin0.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{196252dc-bf6d-4aa2-bb39-038d9495b561}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{196252DC-BF6D-4AA2-BB39-038D9495B561} "= "c:\program files\Winster\tbWin0.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{196252dc-bf6d-4aa2-bb39-038d9495b561}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DpAgent "= "c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"egui "= "c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2219184]
"ISTray "= "c:\program files\PC Tools Security\pctsGui.exe" [2010-12-01 1589208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder 2010.lnk]
backup=c:\windows\pss\Event Planner Reminder 2010.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\MP3 Rocket (Minimized).lnk
backup=c:\windows\pss\MP3 Rocket (Minimized).lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN121T Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\NETGEAR WN121T Smart Wizard\NETGEAR WN121T Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN121T Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Gartoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Birthday reminder check.lnk]
backup=c:\windows\pss\Birthday reminder check.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Gartoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-03 04:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-09-14 06:55 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-09-14 07:02 905056 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 09:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2010-03-10 22:10 883272 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-10-13 18:17 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2009-10-13 06:37 41864 ----a-w- c:\program files\Camfrog\Camfrog Video Chat1\CamfrogNET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-08-15 13:39 50592 ----a-w- c:\users\Gartoy\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-31 00:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2010-04-14 16:58 524944 ----a-w- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-10-30 15:32 175128 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-10-30 15:32 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-07-12 17:43 226904 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 23:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-03 17:32 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 19:06 485208 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA001Cfg.exe]
2008-04-15 05:01 32768 ----a-w- c:\windows\OA001Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-10-30 15:32 166936 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RNmail]
2004-10-23 00:26 540734 ----a-w- c:\program files\RNmail\rn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-04-14 20:12 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-19 04:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-09-14 06:52 2595480 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-12-04 02:15 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2010-03-10 121416]
R3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-04-14 255536]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2010-03-10 125512]
R3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\ccHPx86.sys [2009-04-14 362544]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\Common Files\Symantec Shared(505)\EENGINE(22)(506)\EraserUtilDrv10910.sys [2009-04-03 101936]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-08-23 37120]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WN111.sys [2007-10-29 310016]
R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrveap32.sys [2007-09-11 15360]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-14 570880]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RGService;RGService;c:\program files\RadioGet\RGService.exe [2009-10-30 335872]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-05-25 31848]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\NIS\1002000.007\SYMNDISV.SYS [2009-04-14 40496]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 135664]
R4 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 9216]
R4 KMService;KMService;c:\windows\system32\srvany.exe [2010-06-24 8192]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS [2009-03-12 310320]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys [2009-01-29 292912]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\aestsrv.exe [2008-02-28 73728]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-17 1807608]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-04 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-17 659328]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-07 273448]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2007-03-22 20992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-05-25 31848]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad
*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 12:46]

2010-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 12:46]

2010-12-22 c:\windows\Tasks\HPCeeScheduleForGartoy.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]

2010-12-28 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-08-03 16:21]

2010-12-28 c:\windows\Tasks\User_Feed_Synchronization-{FA78D96C-D9A5-490F-9A32-637A23CE23F7}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: bmnet.dll
Trusted Zone: intuit.com\ttlc
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-28 11:48
Windows 6.0.6002 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \ "Norton Internet Security\" /m \ "c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\bmnet.dll

- - - - - - - > 'Explorer.exe'(660)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\FunDisc.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\taskschd.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Ralink\Common\RalinkRegistryWriter.exe
c:\program files\PC Tools Security\pctsSvc.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-12-28 12:02:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-28 17:02

Pre-Run: 235,057,065,984 bytes free
Post-Run: 234,920,050,688 bytes free

- - End Of File - - 95ABE6B130CD81472FA66DC209BC4C7F

Admin. · 2010/12/28

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

garfield · 2010/12/28

Bootsector virus with log attached

Please help with threats found on computer all logs are attached. part 1 of 2
Thanks

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5409
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999
12/28/2010 6:22:40 PM
mbam-log-2010-12-28 (18-22-40).txt
Scan type: Quick scan
Objects scanned: 202033
Time elapsed: 10 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-28 18:06:58
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 ST9500325AS rev.0001SDM1
Running: hgsdlbil.exe; Driver: C:\Users\Gartoy\AppData\Local\Temp\fxldipoc.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR1 sector 09: copy of MBR

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1737
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 235):
0x82811000 \SystemRoot\system32\ntkrnlpa.exe
0x82BCA000 \SystemRoot\system32\hal.dll
0x80605000 \SystemRoot\system32\kdcom.dll
0x8060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067C000 \SystemRoot\system32\PSHED.dll
0x8068D000 \SystemRoot\system32\BOOTVID.dll
0x80695000 \SystemRoot\system32\CLFS.SYS
0x806D6000 \SystemRoot\system32\CI.dll
0x82E0E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E8A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E97000 \SystemRoot\system32\drivers\acpi.sys
0x82EDD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82EE6000 \SystemRoot\system32\drivers\fltmgr.sys
0x82F18000 \SystemRoot\system32\drivers\msisadrv.sys
0x82F20000 \SystemRoot\system32\drivers\pci.sys
0x82F47000 \SystemRoot\system32\drivers\isapnp.sys
0x82F56000 \SystemRoot\system32\drivers\mpio.sys
0x82F72000 \SystemRoot\System32\drivers\partmgr.sys
0x82F81000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82F84000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82F8E000 \SystemRoot\system32\drivers\volmgr.sys
0x82F9D000 \SystemRoot\System32\drivers\volmgrx.sys
0x82FE7000 \SystemRoot\system32\drivers\intelide.sys
0x82FEE000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82E00000 \SystemRoot\system32\drivers\aliide.sys
0x82E07000 \SystemRoot\system32\drivers\amdide.sys
0x807B6000 \SystemRoot\system32\drivers\cmdide.sys
0x807BE000 \SystemRoot\System32\drivers\mountmgr.sys
0x807CE000 \SystemRoot\system32\drivers\msdsm.sys
0x83C0A000 \SystemRoot\system32\drivers\nvraid.sys
0x83C25000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x83C46000 \SystemRoot\system32\drivers\pciide.sys
0x83C4D000 \SystemRoot\system32\drivers\viaide.sys
0x83C55000 \SystemRoot\system32\drivers\iastorv.sys
0x83CF6000 \SystemRoot\system32\drivers\atapi.sys
0x83CFE000 \SystemRoot\system32\drivers\ataport.SYS
0x83D1C000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x83D36000 \SystemRoot\system32\drivers\storport.sys
0x83D77000 \SystemRoot\system32\drivers\msahci.sys
0x83D81000 \SystemRoot\system32\drivers\hpcisss.sys
0x83D8C000 \SystemRoot\system32\drivers\adp94xx.sys
0x83E0F000 \SystemRoot\system32\drivers\adpahci.sys
0x83E5B000 \SystemRoot\system32\drivers\adpu160m.sys
0x83E76000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x83E9C000 \SystemRoot\system32\drivers\adpu320.sys
0x83EC2000 \SystemRoot\system32\drivers\djsvs.sys
0x83ED6000 \SystemRoot\system32\drivers\arc.sys
0x83EEC000 \SystemRoot\system32\drivers\arcsas.sys
0x83F02000 \SystemRoot\system32\drivers\elxstor.sys
0x83F96000 \SystemRoot\system32\drivers\i2omp.sys
0x83FA0000 \SystemRoot\system32\drivers\iirsp.sys
0x83FB0000 \SystemRoot\system32\drivers\iteatapi.sys
0x83FBC000 \SystemRoot\system32\drivers\iteraid.sys
0x83FC8000 \SystemRoot\system32\drivers\lsi_fc.sys
0x83FE2000 \SystemRoot\system32\drivers\lsi_sas.sys
0x83E00000 \SystemRoot\system32\drivers\megasas.sys
0x8B408000 \SystemRoot\system32\drivers\megasr.sys
0x8B4BF000 \SystemRoot\system32\drivers\mraid35x.sys
0x8B4CA000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B4D8000 \SystemRoot\system32\drivers\nvstor.sys
0x8B606000 \SystemRoot\system32\drivers\ql2300.sys
0x8B73E000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B793000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B7A0000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B7B5000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B7C1000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B7CC000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B4E5000 \SystemRoot\system32\drivers\uliahci.sys
0x8B7D7000 \SystemRoot\system32\drivers\ulsata.sys
0x8B521000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B54D000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B56E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B57E000 \SystemRoot\system32\drivers\PCTCore.sys
0x8B808000 \SystemRoot\system32\drivers\NIS\1005000.087\SYMEFA.SYS
0x8B857000 \SystemRoot\system32\drivers\pctDS.sys
0x8B8AE000 \SystemRoot\system32\drivers\pctEFA.sys
0x8B953000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B958000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA03000 \SystemRoot\system32\drivers\ndis.sys
0x8BB0E000 \SystemRoot\system32\drivers\msrpc.sys
0x8BB39000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC0E000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BD13000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BE0F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF1F000 \SystemRoot\system32\drivers\wd.sys
0x8BF27000 \SystemRoot\system32\drivers\volsnap.sys
0x8BF60000 \SystemRoot\system32\DRIVERS\tdrpman.sys
0x8BFB9000 \SystemRoot\System32\Drivers\spldr.sys
0x8BFC1000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8BFDF000 \SystemRoot\system32\drivers\sbp2port.sys
0x8BE00000 \SystemRoot\System32\Drivers\mup.sys
0x8BD7E000 \SystemRoot\System32\drivers\ecache.sys
0x8BDA5000 \SystemRoot\system32\drivers\disk.sys
0x8BFF4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BFFD000 \SystemRoot\system32\drivers\BMLoad.sys
0x8BDD8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BDE3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x91605000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x91C7D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91D1E000 \SystemRoot\System32\drivers\watchdog.sys
0x91D2A000 \SystemRoot\System32\drivers\swmsflt.sys
0x91D2F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91D3A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91D78000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92C0C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92C99000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x91D87000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x92DC3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x92DD3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x92DE1000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x91DCB000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x91DDC000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8BB74000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x9340D000 \SystemRoot\system32\DRIVERS\itecir.sys
0x93466000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x93479000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x9347E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93489000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x934B9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x934BB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x934C6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x934DE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x934E4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x934F3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x934FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x93500000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0x93513000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x93542000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9354D000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x93553000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x93560000 \SystemRoot\system32\DRIVERS\ks.sys
0x9358A000 \SystemRoot\System32\Drivers\RootMdm.sys
0x93592000 \SystemRoot\system32\drivers\modem.sys
0x9359F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x935B6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x935C1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x935E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BDEC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BBC6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x935F3000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x91DF0000 \SystemRoot\system32\DRIVERS\termdd.sys
0x93400000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
0x9340B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\circlass.sys
0x92C00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BBDB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B9C9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BBE8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94608000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x94669000 \SystemRoot\system32\DRIVERS\portcls.sys
0x94696000 \SystemRoot\system32\DRIVERS\drmk.sys
0x946BB000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x946DE000 \SystemRoot\system32\DRIVERS\hidir.sys
0x946E9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x946F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x94700000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x94709000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x94711000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9471A000 \SystemRoot\System32\Drivers\Null.SYS
0x94721000 \SystemRoot\System32\Drivers\Beep.SYS
0x94728000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x94747000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x947E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8B5BB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x947F0000 \SystemRoot\System32\drivers\vga.sys
0x8B5D2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x94600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9500C000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x95051000 \SystemRoot\system32\drivers\rdpencdd.sys
0x95059000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x9507A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x95085000 \SystemRoot\System32\Drivers\Npfs.SYS
0x95093000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9509C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x950B2000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
0x950B7000 \SystemRoot\system32\DRIVERS\smb.sys
0x950CB000 \SystemRoot\system32\drivers\afd.sys
0x95113000 \SystemRoot\System32\DRIVERS\netbt.sys
0x95145000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x9514E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x95164000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x9516D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9517B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9518E000 \??\C:\Windows\system32\drivers\NIS\1005000.087\SRTSPX.SYS
0x95198000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x951D4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x95609000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
0x95655000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x9567A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x956D8000 \SystemRoot\System32\Drivers\dfsc.sys
0x956EF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x95705000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95712000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9571D000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9F610000 \SystemRoot\System32\win32k.sys
0x95727000 \SystemRoot\System32\drivers\Dxapi.sys
0x95731000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9F830000 \SystemRoot\System32\TSDDD.dll
0x9F850000 \SystemRoot\System32\cdd.dll
0x9F860000 \SystemRoot\System32\ATMFD.DLL
0x95740000 \SystemRoot\system32\drivers\luafv.sys
0xB1C00000 \SystemRoot\system32\DRIVERS\eamonm.sys
0xB1CA6000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xB1CB0000 \SystemRoot\system32\DRIVERS\epfw.sys
0xB1CD2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xB1CE2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xB1D0C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB1D16000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB1D29000 \SystemRoot\system32\drivers\HTTP.sys
0xB4A02000 \SystemRoot\system32\drivers\spsys.sys
0xB4AB2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB4ACF000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB4AE8000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB4AFD000 \SystemRoot\system32\drivers\mrxdav.sys
0xB4B1E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB4B3D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB4B76000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB4B8E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB1D96000 \SystemRoot\System32\DRIVERS\srv.sys
0xB4BB6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB4BD7000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0xB4BE5000 \SystemRoot\System32\Drivers\btcusb.sys
0xB4BED000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBAE02000 \SystemRoot\system32\drivers\peauth.sys
0xBAEE0000 \SystemRoot\System32\Drivers\fastfat.SYS
0xBAF08000 \SystemRoot\System32\Drivers\secdrv.SYS
0xBAF12000 \SystemRoot\System32\drivers\tcpipreg.sys
0xBAF1E000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xBAF26000 \??\C:\Program Files\PC Tools Security\PCTSDInj32.sys
0xBAF2F000 \SystemRoot\system32\drivers\BCM42RLY.sys
0xBAF37000 \SystemRoot\system32\drivers\klmd.sys
0xBAF49000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xBAF4D000 \SystemRoot\system32\DRIVERS\serscan.sys
0x774B0000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
828 C:\Windows\System32\smss.exe
908 csrss.exe
952 csrss.exe
960 C:\Windows\System32\wininit.exe
1000 C:\Windows\System32\services.exe
1024 C:\Windows\System32\winlogon.exe
1048 C:\Windows\System32\lsass.exe
1056 C:\Windows\System32\lsm.exe
1204 C:\Windows\System32\svchost.exe
1248 C:\Program Files\Fingerprint Sensor\AtService.exe
1288 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\svchost.exe
1500 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\stacsv.exe
1684 C:\Windows\System32\audiodg.exe
1760 C:\Windows\System32\svchost.exe
1776 C:\Windows\System32\SLsvc.exe
1860 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\svchost.exe
680 C:\Windows\System32\WLTRYSVC.EXE
692 C:\Windows\System32\BCMWLTRY.EXE
712 C:\Windows\System32\wlanext.exe
992 C:\Windows\System32\spoolsv.exe
1260 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1840 C:\Windows\System32\svchost.exe
2244 C:\Windows\System32\taskeng.exe
2528 C:\Windows\System32\taskeng.exe
2588 C:\Windows\System32\dwm.exe
2648 C:\Windows\System32\taskeng.exe
2664 C:\Windows\explorer.exe
2820 C:\Program Files\Google\Update\GoogleUpdate.exe
2852 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
2904 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\AEstSrv.exe
2932 C:\Windows\System32\alg.exe
3000 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
3232 C:\Program Files\Bonjour\mDNSResponder.exe
3276 C:\Windows\System32\svchost.exe
3308 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
3380 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
3396 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
3532 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3540 C:\Program Files\ESET\ESET Smart Security\egui.exe
3604 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3648 C:\Windows\System32\igfxsrvc.exe
3692 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3720 C:\Program Files\Common Files\Motive\McciCMService.exe
3748 C:\Windows\System32\svchost.exe
3800 C:\Windows\System32\svchost.exe
3832 C:\Windows\System32\svchost.exe
3852 C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
3900 C:\Windows\System32\svchost.exe
4060 C:\Program Files\PC Tools Security\pctsAuxs.exe
4092 C:\Program Files\PC Tools Security\pctsSvc.exe
2968 C:\Windows\System32\svchost.exe
2272 C:\Program Files\PC Tools Security\pctsGui.exe
3196 C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
596 C:\Windows\System32\svchost.exe
2708 C:\Windows\System32\SearchIndexer.exe
3844 C:\Windows\System32\drivers\XAudio.exe
3216 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3520 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3416 C:\Program Files\Internet Explorer\iexplore.exe
4132 C:\Program Files\Internet Explorer\iexplore.exe
4580 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
4884 C:\Windows\System32\SearchProtocolHost.exe
6016 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
6120 C:\Windows\System32\svchost.exe
6080 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1340 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4800 C:\Program Files\Internet Explorer\iexplore.exe
5484 C:\Windows\System32\SearchFilterHost.exe
3024 WmiPrvSE.exe
5480 C:\Program Files\Internet Explorer\iexplore.exe
6052 C:\Users\Gartoy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000070`30b2ac00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive1 Model Number: ST9500325AS, Rev: 0001SDM1
PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: CCF356FEC6D9BBB29EF3EF1E4270A2B799955EA4
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

part 2 next thread

garfield · 2010/12/28

Bootsector virus with log attached 2 0f 2

part 2 of 1

DDS (Ver_10-12-12.01) - NTFSx86
Run by Gartoy at 16:43:53.15 on Tue 12/28/2010
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3004.1355 [GMT -5:00]

SP: Spybot - Search and Destroy *Enabled/Updated* {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

============== Running Processes ===============

C:\WINDOWS\system32\wininit.exe
C:\WINDOWS\system32\lsm.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k secsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k GPSvcGroup
C:\WINDOWS\system32\SLsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\WLANExt.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\aestsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe -k regsvc
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\Dwm.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Users\Gartoy\Desktop\lr0zynwv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Users\Gartoy\Desktop\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\program files\hewlett-packard\hp quick launch buttons\Blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\program files\hewlett-packard\hp quick launch buttons\Blank.htm
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: Winster Toolbar: {196252dc-bf6d-4aa2-bb39-038d9495b561} - c:\program files\winster\tbWin0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Winster Toolbar: {196252dc-bf6d-4aa2-bb39-038d9495b561} - c:\program files\winster\tbWin0.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winster Toolbar: {196252dc-bf6d-4aa2-bb39-038d9495b561} - c:\program files\winster\tbWin0.dll
BHO: DigitalPersona Fingerprint Software Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\digitalpersona\bin\DpOtsPluginIe8.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: &RN_Object: {e6b48bc7-4ea9-4643-a4b3-bb7c4f69287a} - c:\program files\rnmail\RN_IE_Add_On.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Winster Toolbar: {196252dc-bf6d-4aa2-bb39-038d9495b561} - c:\program files\winster\tbWin0.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\flashs~1\save.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~1\flashs~1\save.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206
IE: {217CCFE3-21DE-4559-B11A-BC8840EB15DD} - {E6B48BC7-4EA9-4643-A4B3-BB7C4F69287A} - c:\program files\rnmail\RN_IE_Add_On.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: bmnet.dll
Trusted Zone: intuit.com\ttlc
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://wildpackets.webex.com/client/T27L10NSP11EP5/event/ieatgpc1.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-27 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-12-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-12-27 656320]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1005000.087\SymEFA.sys [2009-4-16 310320]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\binhub\IDSvix86.sys [2009-1-29 292912]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_1a0d9ac6\AEstSrv.exe [2008-2-28 73728]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-8-16 1807608]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-11-4 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-7-29 41336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-1-15 363344]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2009-3-10 75040]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-27 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-12-27 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-12-27 1150936]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-8-17 659328]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-3-8 62496]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-7 273448]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2007-3-22 20992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-1-15 20952]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-5-25 31848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-3-10 121416]
S3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2009-4-14 255536]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-23 29736]
S3 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2010-3-10 125512]
S3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2009-4-14 362544]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
S3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\common files\symantec shared(505)\eengine(22)(506)\EraserUtilDrv10910.sys [2009-4-3 101936]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2010-4-12 37120]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\WN111.sys [2007-10-28 310016]
S3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\drivers\mrveap32.sys [2007-9-11 15360]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-3-10 570880]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-3-12 256000]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RGService;RGService;c:\program files\radioget\RGService.exe [2010-7-18 335872]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-5-25 31848]
S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nis\1002000.007\symndisv.sys [2009-4-14 40496]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-23 135664]
S4 iReboot;iReboot Background Service;c:\program files\neosmart technologies\ireboot\iRebootd.exe [2008-4-27 9216]
S4 KMService;KMService;c:\windows\system32\srvany.exe [2010-6-24 8192]
S4 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.5.0.135\ccSvcHst.exe [2009-4-15 115560]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-6 24652]

=============== Created Last 30 ================

2010-12-28 17:02:55 -------- d-----w- c:\users\gartoy\appdata\local\temp
2010-12-28 16:47:52 -------- d-----w- C:\$RECYCLE.BIN
2010-12-28 16:01:22 98816 ----a-w- c:\windows\sed.exe
2010-12-28 16:01:22 89088 ----a-w- c:\windows\MBR.exe
2010-12-28 16:01:22 256512 ----a-w- c:\windows\PEV.exe
2010-12-28 16:01:22 161792 ----a-w- c:\windows\SWREG.exe
2010-12-28 06:36:47 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ad4069af-2f69-4d90-ba31-dfb56fe363cc}\mpengine.dll
2010-12-28 03:35:20 -------- d-----w- c:\program files\Exterminate It!
2010-12-28 00:53:07 -------- d-----w- c:\users\gartoy\DoctorWeb
2010-12-28 00:20:48 -------- d-----w- c:\users\gartoy\appdata\local\NPE
2010-12-27 21:57:34 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-12-27 21:57:34 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-12-27 21:57:33 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-27 21:57:33 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-27 21:57:29 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-27 21:57:29 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-27 21:57:20 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-27 21:57:04 -------- d-----w- c:\users\gartoy\appdata\roaming\PC Tools
2010-12-27 21:57:04 -------- d-----w- c:\program files\PC Tools Security
2010-12-27 21:57:04 -------- d-----w- c:\program files\common files\PC Tools
2010-12-27 21:43:00 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-27 21:41:06 -------- d-----w- c:\progra~2\PC Tools
2010-12-27 18:51:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 18:51:07 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-27 18:32:02 -------- d-----w- c:\program files\CCleaner
2010-12-27 00:06:27 -------- d-----w- c:\users\gartoy\appdata\local\Adobe
2010-12-26 23:52:30 -------- d-----w- c:\users\gartoy\appdata\roaming\ESET
2010-12-24 23:35:13 -------- d-----w- c:\users\gartoy\appdata\local\Apple
2010-12-24 13:30:46 19944 ----a-w- C:\atapi.sys
2010-12-24 03:21:23 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-24 03:20:37 -------- d-----w- c:\progra~2\Hitman Pro
2010-12-22 20:23:59 -------- d-----w- C:\$AVG
2010-12-22 17:55:22 388096 ----a-r- c:\users\gartoy\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-22 01:25:55 -------- d-----w- c:\program files\VideoLAN
2010-12-16 00:48:36 -------- d-----w- c:\program files\Freemake
2010-12-16 00:27:24 719872 ----a-w- c:\windows\system32\devil.dll
2010-12-16 00:27:24 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-12-16 00:27:23 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-16 00:27:23 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-12-16 00:27:23 -------- d-----w- c:\program files\AviSynth 2.5
2010-12-16 00:20:42 -------- d-----w- c:\program files\eRightSoft
2010-12-15 16:02:47 -------- d-----w- c:\users\gartoy\appdata\roaming\webex
2010-12-15 16:00:43 -------- d-----w- c:\progra~2\WebEx
2010-12-15 03:28:13 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 03:28:12 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2010-12-15 03:28:12 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2010-12-15 03:28:10 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 03:28:06 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-15 02:51:18 -------- d-----w- c:\program files\DVDx
2010-12-13 20:54:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-13 20:54:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-13 20:54:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-13 20:54:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-13 20:54:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-13 20:54:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-13 20:54:39 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-08 20:03:40 -------- d-----w- c:\progra~2\gogii
2010-12-08 20:01:58 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-07 15:36:18 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-12-07 15:36:18 372736 ----a-w- c:\windows\system32\aestecap.dll
2010-12-07 15:36:17 133632 ----a-w- c:\windows\system32\aestacap.dll
2010-12-07 15:36:15 73728 ----a-w- c:\windows\system32\AESTCom.dll
2010-12-07 15:36:15 2469888 ----a-w- c:\windows\system32\stlang.dll
2010-12-07 15:36:14 512000 ----a-w- c:\windows\system32\idtmini1.exe
2010-12-07 15:36:11 5550145 ----a-w- c:\windows\system32\idtcpl.cpl
2010-12-06 16:21:14 -------- d-----w- c:\users\gartoy\appdata\local\HCSShell
2010-12-06 01:26:55 -------- d-----w- c:\users\gartoy\appdata\local\Avanquest North America
2010-12-06 01:26:05 -------- d-----w- c:\users\gartoy\appdata\local\Creative Home
2010-12-05 17:00:55 -------- d-----w- c:\program files\New Folder
2010-12-05 16:58:27 388608 ----a-w- C:\HijackThis1.exe
2010-12-01 15:55:16 -------- d-----w- c:\users\gartoy\appdata\roaming\GameMill Entertainment
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-05-02 23:00:00 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-20 23:00:00 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-15 23:00:00 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 16:46:11.01 ===============

Admin. · 2010/12/28

Please don't open a new thread for your logs.

Wait for your post to be approved, then use the reply function to add logs.

Merged your two logs

broni · 2010/12/28

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Attach.txt part of DDS is missing.
Please, post it.

Then...

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

garfield · 2010/12/28

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/3/2009 4:47:07 PM
System Uptime: 12/28/2010 2:21:00 PM (2 hours ago)

Motherboard: Dell Inc. | | 0P792H
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | U2E1 | 2166/8194mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 400 GiB total, 218.718 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 7.842 GiB free.
E: is FIXED (NTFS) - 288 GiB total, 255.129 GiB free.
F: is FIXED (NTFS) - 10 GiB total, 3.442 GiB free.
G: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 7300 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 7300 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CM1017
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CM1017
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro L7600
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 7300 series
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Officejet 7300 series
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp color LaserJet 4600
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 4600
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 6980 series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: HP
Name: Deskjet 6980 series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:

Class GUID: {4d36e979-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro L7600
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro L7600
PNP Device ID: ROOT\PRINTER\0000
Service:

==== System Restore Points ===================

==== Installed Programs ======================

2010 Hallmark Registration Bonus Pack
32 Bit HP BiDi Channel Components Installer
32 Bit HP CIO Components Installer
Absolute Futurity Rapid-Emailer Ver 2.0.22
Acrobat.com
Acronis*True*Image*Home
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
ActiveTracker 3.2 Email tracker plugin
Adobe Flash Player 10 ActiveX
Adobe ImageStyler 1.0
Adobe Reader 9
Adobe Shockwave Player
Advanced Emailer
Advanced Uninstaller PRO - Version 10
AIM 6
AiroWizard 1.0 Beta
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Art of Murder The Secret Files 1.00
Ask Toolbar
AT&T Communication Manager
AT&T Yahoo! Messenger
Atheros Driver Installation Program
ATT-PRT22
ATT-RC Self Support Tool
AuthenTec Fingerprint Software
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Awakening - The Dreamless Castle .
Belarc Advisor 8.1
Big Fish Games: Game Manager
Birthday Reminder v1.40
Bonjour
BPD_Scan
Broadcom Gigabit NetLink Controller
Build a lot 3 Passport to Europe
Build A Lot 4-Power source .
Build a Lot 5 Elizabethan Era
Business Card Maker 4.0
Camfrog Video Chat 5.5
CCleaner
CDA to MP3 Converter v2.8 build 839
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CoffeeCup Image Mapper
Columbus Ghost Of The Mystery Stone
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Contents
Corel Paint Shop Pro Photo X2
Corel PaintShop Photo Pro X3
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink YouCam
Dark Tales - Edgar Allan Poes Murders in the Rue Morgue Collectors Edition 1.00
Dell Driver Download Manager
Dell Driver Download Manager - 1
Dell Resource CD
Dell Wireless WLAN Card Utility
DeviceIO
DHTML Editing Component
DigitalPersona Personal 4.01
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Dorgem 2.1.0
Dragon NaturallySpeaking 10
Drawn The Painted Tower 1.00
Driver Installer
DVDx 2
Dynomite 2.01
EA Download Manager
Easy WiFi Radar 1.0.5
EasyBCD 1.7.2
Echoes of the Past Royal House of Stone 1.00
eMusic Download Manager 4.1.3.1
Escape Rosecliff Island 1.00
ESET Online Scanner v3
ESET Smart Security
ESU for Microsoft Vista
Exterminate It!
Fabulous Finds
Fear for Sale The Mystery of McInroy Manor CE 1.00
Fear for Sale: The Mystery of McInroy Manor Collector's Edition
Fiction Fixers Adventures in Wonderland Premium Edition 1.10
Fiction Fixers The Curse of OZ 1.00
File Uploader
Flash Saver
Free M4a to MP3 Converter 6.1
Free NaturalReader
Free WMA to MP3 Converter 1.16
Freemake Video Converter version 1.3.0
Gardenscapes .
Garmin City Navigator North America NT 2010.10 Update
Garmin USB Drivers
Garmin WebUpdater
gBurner
Google Toolbar for Internet Explorer
Google Update Helper
Green MoonJust For Fun Games
Hallmark Card Studio 2007 Deluxe
Hallmark Card Studio 2010 Deluxe
Hallmark Card Studio 2011 Deluxe
Haunted Halls Green Hills Sanitarium Collectors Edition 1.00
Haunted Hotel 3 Lonely Dream 1.00
HDAUDIO Soft Data Fax Modem with SmartCP
Hidden Identity
Hidden Identity 1.00
Hidden Mysteries Salem Secrets 1.00
HiJackThis
HijackThis 2.0.2
Hot_MP3 Toolbar
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Officejet Pro All-In-One Series
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
ICA
Image Mapper
ImageStyler
Indeo® Software
Instant Housecall - Specialist Sign-in
Integrated Webcam Driver (1.06.03.0309)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
IPM_PSP_Pro
iReboot 1.1.0
iSEEK AnswerWorks English Runtime
ITECIR
iTunes
J2SE Runtime Environment 5.0 Update 1
James Pattersons Womens Murder Club - Little Black Lies .
Jasc Paint Shop Pro 9
Java(TM) 6 Update 16
Java(TM) 6 Update 7
Journalistic Investigations Stolen Inheritance + SG
Juno Preloader
LabelPrint
LightScribe System Software 1.14.17.1
magicJack
Malwarebytes' Anti-Malware
ManyCam 2.1 (remove only)
Map Designer Pro
Mapedit
Mary Kay Andrews - The Fixer Upper
MaxBulk Mailer 5.6.4
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Suite 2006
Microsoft Digital Image Suite 2006 Editor
Microsoft Digital Image Suite 2006 Library
Microsoft Image Composite Editor
Microsoft Live Search Toolbar
Microsoft Office 2000 Premium
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Photo Premium 10
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft WSE 3.0 Runtime
Million Dollar Quest
Mishap An Accidental Haunting 1.00
MLE
MobileMe Control Panel
Mortimer Beckett And The Time Paradox FINAL 1.00
Motorola Driver Installation
MP3 Rocket
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
Mystery Age 2- The Dark Priests
Mystery Legends Phantom of the Opera
Mystery Valley 1.00
NetDeviceManager
NETGEAR WN121T wireless USB 2.0 adapter
NetWaiting
Nick Chase - A Detective Story
Nick Chase and the Deadly Diamond 1.00
Nikon Message Center
Nikon Transfer
Nokia Connectivity Adapter Cable DKU-5
PageBreeze Free HTML Editor
PageBreeze Professional
PaltalkScene
PC Image Editor
PixiePack Codec Pack
Pos HTML Image Mapper
Power Mic for Yahoo Messenger 2.1
Power2Go
PowerDirector
Press Your Luck 2010 1.0.2
Pretty In Pink 1.00
PSPH10Pro
PSPPContent
PSPPRO_DCRAW
PureHD
QuickTime
RadioGet 1.3.9
Radiotracker
Ralink Wireless LAN
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
RegDoctor 1.74
Registry Healer 4.2.0 uninstall
Registry Healer 4.5.0 uninstall
Registry Winner 5.5
Rhapsody
Rhapsody Player Engine
Rhianna Ford - The Da Vinci Letter
RICOH Media Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
RN_Object
Roulette Sniper Version 2.0
Royal Envoy Collector's Edition
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB979332)
Setup
Share
SmartDraw 2010
Software Informer 1.0 BETA
SPORE Creature Creator Trial Edition
Spybot - Search & Destroy
Spyware Doctor 8.0
SUPER © Version 2010.bld.42 (Nov 7, 2010)
Super MP3 Download
Synaptics Pointing Device Driver
The Dark Hills of Cherai 1.00
The Sims™ 3
TileGem
Time Mysteries: Inheritance
TopMail
TotalHTMLConverter
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmiiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Twisted - A Haunted Carol
Twisted Lands Shadow Town Collectors Edition 1.00
Uniblue DriverScanner 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
VIO
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 1.1.5
Web Communicator
WebEx
WebSoftware HotHTML 2001 Professional Edition
Where's Waldo The Fantastic Journey 1.0.10
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2009 8.5.0.251)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Winster Toolbar
WinZip 12.1
Wolfenstein 3D
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yawcam 0.3.3

==== End Of File ===========================

2010/12/28 21:16:51.0498 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/28 21:16:51.0498 ================================================================================
2010/12/28 21:16:51.0498 SystemInfo:
2010/12/28 21:16:51.0498
2010/12/28 21:16:51.0499 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/28 21:16:51.0499 Product type: Workstation
2010/12/28 21:16:51.0499 ComputerName: HAPPY
2010/12/28 21:16:51.0499 UserName: Gartoy
2010/12/28 21:16:51.0499 Windows directory: C:\WINDOWS
2010/12/28 21:16:51.0499 System windows directory: C:\WINDOWS
2010/12/28 21:16:51.0499 Processor architecture: Intel x86
2010/12/28 21:16:51.0499 Number of processors: 2
2010/12/28 21:16:51.0499 Page size: 0x1000
2010/12/28 21:16:51.0499 Boot type: Normal boot
2010/12/28 21:16:51.0499 ================================================================================
2010/12/28 21:16:52.0676 Initialize success
2010/12/28 21:16:56.0146 ================================================================================
2010/12/28 21:16:56.0147 Scan started
2010/12/28 21:16:56.0147 Mode: Manual;
2010/12/28 21:16:56.0147 ================================================================================
2010/12/28 21:16:58.0066 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\WINDOWS\system32\drivers\acpi.sys
2010/12/28 21:16:59.0434 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\WINDOWS\system32\drivers\adp94xx.sys
2010/12/28 21:17:00.0516 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\WINDOWS\system32\drivers\adpahci.sys
2010/12/28 21:17:01.0605 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\WINDOWS\system32\drivers\adpu160m.sys
2010/12/28 21:17:02.0690 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\WINDOWS\system32\drivers\adpu320.sys
2010/12/28 21:17:03.0974 AFD (a201207363aa900abf1a388468688570) C:\WINDOWS\system32\drivers\afd.sys
2010/12/28 21:17:05.0345 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\WINDOWS\system32\drivers\agp440.sys
2010/12/28 21:17:06.0366 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\WINDOWS\system32\drivers\djsvs.sys
2010/12/28 21:17:07.0428 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\WINDOWS\system32\drivers\aliide.sys
2010/12/28 21:17:08.0591 amdagp (c47344bc706e5f0b9dce369516661578) C:\WINDOWS\system32\drivers\amdagp.sys
2010/12/28 21:17:09.0546 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\WINDOWS\system32\drivers\amdide.sys
2010/12/28 21:17:10.0834 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\WINDOWS\system32\drivers\amdk7.sys
2010/12/28 21:17:11.0980 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\WINDOWS\system32\drivers\amdk8.sys
2010/12/28 21:17:13.0000 AR5416 (a5ad500129724b412464e9aa3a8caa73) C:\WINDOWS\system32\DRIVERS\ar5416.sys
2010/12/28 21:17:14.0003 arc (5d2888182fb46632511acee92fdad522) C:\WINDOWS\system32\drivers\arc.sys
2010/12/28 21:17:15.0052 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\WINDOWS\system32\drivers\arcsas.sys
2010/12/28 21:17:16.0257 AsyncMac (53b202abee6455406254444303e87be1) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/28 21:17:17.0663 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\WINDOWS\system32\drivers\atapi.sys
2010/12/28 21:17:18.0758 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\WINDOWS\system32\DRIVERS\athr.sys
2010/12/28 21:17:19.0846 ATSwpWDF (53ff3096d5d9ae2a75c16703a9819965) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
2010/12/28 21:17:20.0842 BCM42RLY (55070d71bbb424a56d5125c61fcc2897) C:\WINDOWS\system32\drivers\BCM42RLY.sys
2010/12/28 21:17:21.0946 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\WINDOWS\system32\DRIVERS\bcmwl6.sys
2010/12/28 21:17:23.0099 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/28 21:17:24.0211 BHDrvx86 (d2be194ca1245e170db15123e5155a2c) C:\Windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys
2010/12/28 21:17:25.0278 blbdrive (d4df28447741fd3d953526e33a617397) C:\WINDOWS\system32\drivers\blbdrive.sys
2010/12/28 21:17:26.0349 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\WINDOWS\system32\drivers\BMLoad.sys
2010/12/28 21:17:27.0758 bowser (74b442b2be1260b7588c136177ceac66) C:\WINDOWS\system32\DRIVERS\bowser.sys
2010/12/28 21:17:29.0119 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\WINDOWS\system32\drivers\brfiltlo.sys
2010/12/28 21:17:30.0010 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\WINDOWS\system32\drivers\brfiltup.sys
2010/12/28 21:17:31.0378 Brserid (b304e75cff293029eddf094246747113) C:\WINDOWS\system32\drivers\brserid.sys
2010/12/28 21:17:32.0278 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\WINDOWS\system32\drivers\brserwdm.sys
2010/12/28 21:17:33.0610 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\WINDOWS\system32\drivers\brusbmdm.sys
2010/12/28 21:17:35.0051 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\WINDOWS\system32\drivers\brusbser.sys
2010/12/28 21:17:36.0285 Btcsrusb (942c602296119d758547808221c85a2c) C:\WINDOWS\system32\Drivers\btcusb.sys
2010/12/28 21:17:37.0388 BthEnum (6d39c954799b63ba866910234cf7d726) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/12/28 21:17:38.0684 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\WINDOWS\system32\drivers\bthmodem.sys
2010/12/28 21:17:40.0220 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/12/28 21:17:41.0336 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/12/28 21:17:42.0358 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/12/28 21:17:43.0286 btwaudio (489727ea3dceba3bac3215f94bfbcaa1) C:\WINDOWS\system32\drivers\btwaudio.sys
2010/12/28 21:17:44.0307 btwavdt (dead0e02e2efdb03209c9237e93a619c) C:\WINDOWS\system32\drivers\btwavdt.sys
2010/12/28 21:17:45.0704 btwl2cap (b9920fb30bcaff10c111654909b275c9) C:\WINDOWS\system32\DRIVERS\btwl2cap.sys
2010/12/28 21:17:46.0678 btwrchid (280e088046dcac249bb08505e296db86) C:\WINDOWS\system32\DRIVERS\btwrchid.sys
2010/12/28 21:17:47.0893 ccHP (b9e38fb0c520bf13cfa78d2828023988) C:\Windows\system32\drivers\NIS\1002000.007\ccHPx86.sys
2010/12/28 21:17:48.0950 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\WINDOWS\system32\DRIVERS\cdfs.sys
2010/12/28 21:17:50.0314 cdrom (6b4bffb9becd728097024276430db314) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/28 21:17:51.0785 circlass (e5d4133f37219dbcfe102bc61072589d) C:\WINDOWS\system32\DRIVERS\circlass.sys
2010/12/28 21:17:52.0892 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\WINDOWS\system32\CLFS.sys
2010/12/28 21:17:53.0915 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/28 21:17:54.0965 cmdide (d36372a6ea6805efbe8884d10772313f) C:\WINDOWS\system32\drivers\cmdide.sys
2010/12/28 21:17:55.0983 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\WINDOWS\system32\drivers\CHDRT32.sys
2010/12/28 21:17:57.0321 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/28 21:17:58.0382 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\WINDOWS\system32\drivers\crcdisk.sys
2010/12/28 21:17:59.0386 Crusoe (1f07becdca750766a96cda811ba86410) C:\WINDOWS\system32\drivers\crusoe.sys
2010/12/28 21:18:00.0905 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\WINDOWS\system32\Drivers\dfsc.sys
2010/12/28 21:18:01.0953 disk (5d4aefc3386920236a548271f8f1af6a) C:\WINDOWS\system32\drivers\disk.sys
2010/12/28 21:18:03.0607 drmkaud (97fef831ab90bee128c9af390e243f80) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/28 21:18:04.0598 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\WINDOWS\System32\drivers\dxgkrnl.sys
2010/12/28 21:18:05.0679 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
2010/12/28 21:18:06.0906 eamonm (bf14fbabd52e9522456d3a2f6e7e76e4) C:\WINDOWS\system32\DRIVERS\eamonm.sys
2010/12/28 21:18:07.0918 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\WINDOWS\system32\drivers\ecache.sys
2010/12/28 21:18:08.0795 eeCtrl (70aeac5d481b2904b40f2173e280b1b5) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/28 21:18:10.0207 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/12/28 21:18:11.0855 elxstor (23b62471681a124889978f6295b3f4c6) C:\WINDOWS\system32\drivers\elxstor.sys
2010/12/28 21:18:12.0900 epfw (15bfe00f030ea20955117bb0677e9668) C:\WINDOWS\system32\DRIVERS\epfw.sys
2010/12/28 21:18:13.0848 Epfwndis (52310e0e603d7da79ecca7d764937a91) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2010/12/28 21:18:15.0271 epfwwfp (235250a79cf1e16a5a42407cfe3f6a4c) C:\WINDOWS\system32\DRIVERS\epfwwfp.sys
2010/12/28 21:18:16.0139 EraserUtilDrv10910 (00bd6fc4a873d3341dcf9aef2d3c841e) C:\Program Files\Common Files\Symantec Shared(505)\EENGINE(22)(506)\EraserUtilDrv10910.sys
2010/12/28 21:18:17.0202 ErrDev (3db974f3935483555d7148663f726c61) C:\WINDOWS\system32\drivers\errdev.sys
2010/12/28 21:18:18.0473 exfat (22b408651f9123527bcee54b4f6c5cae) C:\WINDOWS\system32\drivers\exfat.sys
2010/12/28 21:18:19.0605 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\WINDOWS\system32\drivers\fastfat.sys
2010/12/28 21:18:20.0729 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/28 21:18:22.0067 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\WINDOWS\system32\drivers\fileinfo.sys
2010/12/28 21:18:23.0120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\WINDOWS\system32\drivers\filetrace.sys
2010/12/28 21:18:24.0169 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/28 21:18:25.0195 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/28 21:18:26.0241 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/28 21:18:27.0563 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\WINDOWS\system32\drivers\gagp30kx.sys
2010/12/28 21:18:28.0764 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/28 21:18:29.0866 GTPTSER (b7d480186f433a08ad31f19a4afea888) C:\WINDOWS\system32\DRIVERS\gtptser.sys
2010/12/28 21:18:30.0889 GTUQBUS (ad4c38fe124cbd62ba9ccb1e4dfe7b3c) C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
2010/12/28 21:18:31.0946 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/12/28 21:18:33.0441 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/28 21:18:34.0597 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\WINDOWS\system32\drivers\hidbth.sys
2010/12/28 21:18:35.0771 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\WINDOWS\system32\DRIVERS\hidir.sys
2010/12/28 21:18:36.0776 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/28 21:18:37.0678 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\WINDOWS\system32\drivers\hpcisss.sys
2010/12/28 21:18:38.0941 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
2010/12/28 21:18:40.0375 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2010/12/28 21:18:41.0973 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2010/12/28 21:18:43.0145 HTTP (f870aa3e254628ebeafe754108d664de) C:\WINDOWS\system32\drivers\HTTP.sys
2010/12/28 21:18:44.0788 i2omp (c6b032d69650985468160fc9937cf5b4) C:\WINDOWS\system32\drivers\i2omp.sys
2010/12/28 21:18:46.0148 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/28 21:18:47.0118 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\WINDOWS\system32\drivers\iastorv.sys
2010/12/28 21:18:47.0709 IDSVix86 (1b7363491bbbc1dca7c7e48b30a5658b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2010/12/28 21:18:49.0572 igfx (1396d38514c3c4b930f5d24e6c8521e6) C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
2010/12/28 21:18:51.0098 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\WINDOWS\system32\drivers\iirsp.sys
2010/12/28 21:18:52.0410 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2010/12/28 21:18:53.0598 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\WINDOWS\system32\drivers\intelide.sys
2010/12/28 21:18:54.0509 intelppm (224191001e78c89dfa78924c3ea595ff) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/28 21:18:56.0110 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/28 21:18:57.0377 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\WINDOWS\system32\drivers\ipmidrv.sys
2010/12/28 21:18:58.0618 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/28 21:18:59.0572 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\WINDOWS\system32\drivers\irenum.sys
2010/12/28 21:19:00.0467 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\WINDOWS\system32\drivers\isapnp.sys
2010/12/28 21:19:01.0353 iScsiPrt (232fa340531d940aac623b121a595034) C:\WINDOWS\system32\DRIVERS\msiscsi.sys
2010/12/28 21:19:02.0469 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\WINDOWS\system32\drivers\iteatapi.sys
2010/12/28 21:19:03.0367 itecir (20425664e2e196d339ca877e0387c023) C:\WINDOWS\system32\DRIVERS\itecir.sys
2010/12/28 21:19:04.0387 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\WINDOWS\system32\drivers\iteraid.sys
2010/12/28 21:19:05.0996 k57nd60x (faafa13932361d0a5a7ba5690ca4e377) C:\WINDOWS\system32\DRIVERS\k57nd60x.sys
2010/12/28 21:19:07.0428 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/28 21:19:08.0682 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/28 21:19:09.0795 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\WINDOWS\system32\Drivers\ksecdd.sys
2010/12/28 21:19:10.0923 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\WINDOWS\system32\DRIVERS\lltdio.sys
2010/12/28 21:19:12.0312 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\WINDOWS\system32\drivers\lsi_fc.sys
2010/12/28 21:19:13.0432 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\WINDOWS\system32\drivers\lsi_sas.sys
2010/12/28 21:19:14.0809 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\WINDOWS\system32\drivers\lsi_scsi.sys
2010/12/28 21:19:15.0879 luafv (8f5c7426567798e62a3b3614965d62cc) C:\WINDOWS\system32\drivers\luafv.sys
2010/12/28 21:19:16.0944 ManyCam (d568ecfc11c451dc75c1e3301c78945a) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
2010/12/28 21:19:17.0973 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys
2010/12/28 21:19:19.0225 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/28 21:19:20.0661 megasas (0001ce609d66632fa17b84705f658879) C:\WINDOWS\system32\drivers\megasas.sys
2010/12/28 21:19:21.0828 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\WINDOWS\system32\drivers\megasr.sys
2010/12/28 21:19:22.0915 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\WINDOWS\system32\drivers\modem.sys
2010/12/28 21:19:23.0979 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\WINDOWS\system32\DRIVERS\monitor.sys
2010/12/28 21:19:24.0995 mouclass (5bf6a1326a335c5298477754a506d263) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/28 21:19:26.0313 mouhid (93b8d4869e12cfbe663915502900876f) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/28 21:19:27.0431 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\WINDOWS\system32\drivers\mountmgr.sys
2010/12/28 21:19:28.0441 mpio (511d011289755dd9f9a7579fb0b064e6) C:\WINDOWS\system32\drivers\mpio.sys
2010/12/28 21:19:29.0537 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\WINDOWS\system32\drivers\mpsdrv.sys
2010/12/28 21:19:31.0200 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\WINDOWS\system32\drivers\mraid35x.sys
2010/12/28 21:19:31.0925 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/12/28 21:19:35.0502 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/12/28 21:19:36.0616 MRV6X32U (27454c7ce157ae14fe82070eee2504d5) C:\WINDOWS\system32\DRIVERS\WN111.sys
2010/12/28 21:19:37.0820 Mrvleap (f87d977649d2d067697a3c331794785d) C:\WINDOWS\system32\DRIVERS\mrveap32.sys
2010/12/28 21:19:38.0969 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\WINDOWS\system32\drivers\mrxdav.sys
2010/12/28 21:19:40.0029 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/28 21:19:40.0901 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
2010/12/28 21:19:41.0805 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
2010/12/28 21:19:42.0513 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\WINDOWS\system32\drivers\msahci.sys
2010/12/28 21:19:42.0560 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\WINDOWS\system32\drivers\msdsm.sys
2010/12/28 21:19:42.0589 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/28 21:19:42.0678 msisadrv (0f400e306f385c56317357d6dea56f62) C:\WINDOWS\system32\drivers\msisadrv.sys
2010/12/28 21:19:42.0760 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/28 21:19:42.0842 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/28 21:19:42.0887 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/28 21:19:42.0927 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\WINDOWS\system32\drivers\MsRPC.sys
2010/12/28 21:19:42.0960 mssmbios (e384487cb84be41d09711c30ca79646c) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/28 21:19:42.0986 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/28 21:19:43.0021 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\WINDOWS\system32\Drivers\mup.sys
2010/12/28 21:19:43.0077 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\WINDOWS\system32\DRIVERS\nwifi.sys
2010/12/28 21:19:43.0335 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\WINDOWS\system32\drivers\ndis.sys
2010/12/28 21:19:43.0429 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/28 21:19:43.0594 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/28 21:19:44.0011 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/28 21:19:44.0057 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/28 21:19:44.0164 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/28 21:19:44.0219 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/28 21:19:44.0278 netr28u (0da6b9a40eef9f3eede12bc634facab7) C:\WINDOWS\system32\DRIVERS\netr28u.sys
2010/12/28 21:19:44.0403 netr73 (757f999aa72b55780ee810d4cd1bdd47) C:\WINDOWS\system32\DRIVERS\WUSB54GCx86.sys
2010/12/28 21:19:44.0710 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\WINDOWS\system32\DRIVERS\NETw3v32.sys
2010/12/28 21:19:45.0992 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\WINDOWS\system32\drivers\nfrd960.sys
2010/12/28 21:19:47.0050 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/28 21:19:47.0973 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\WINDOWS\system32\drivers\nsiproxy.sys
2010/12/28 21:19:49.0134 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/28 21:19:50.0196 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\WINDOWS\system32\drivers\ntrigdigi.sys
2010/12/28 21:19:51.0378 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/12/28 21:19:52.0322 Null (c5dbbcda07d780bda9b685df333bb41e) C:\WINDOWS\system32\drivers\Null.sys
2010/12/28 21:19:53.0625 nvraid (2edf9e7751554b42cbb60116de727101) C:\WINDOWS\system32\drivers\nvraid.sys
2010/12/28 21:19:54.0751 nvstor (abed0c09758d1d97db0042dbb2688177) C:\WINDOWS\system32\drivers\nvstor.sys
2010/12/28 21:19:55.0503 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\WINDOWS\system32\drivers\nv_agp.sys
2010/12/28 21:19:55.0769 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA001Ufd.sys
2010/12/28 21:19:55.0799 OA001Vid (4075063d25af9da64101769854b83787) C:\WINDOWS\system32\DRIVERS\OA001Vid.sys
2010/12/28 21:19:55.0910 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/28 21:19:57.0028 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\WINDOWS\system32\drivers\parport.sys
2010/12/28 21:19:58.0044 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\WINDOWS\system32\drivers\partmgr.sys
2010/12/28 21:19:59.0118 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\WINDOWS\system32\drivers\parvdm.sys
2010/12/28 21:20:00.0089 pci (941dc1d19e7e8620f40bbc206981efdb) C:\WINDOWS\system32\drivers\pci.sys
2010/12/28 21:20:01.0155 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\WINDOWS\system32\drivers\pciide.sys
2010/12/28 21:20:02.0072 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\WINDOWS\system32\drivers\pcmcia.sys
2010/12/28 21:20:02.0967 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/12/28 21:20:04.0365 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys
2010/12/28 21:20:05.0671 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\WINDOWS\system32\drivers\pctEFA.sys
2010/12/28 21:20:06.0921 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
2010/12/28 21:20:08.0062 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\WINDOWS\system32\drivers\peauth.sys
2010/12/28 21:20:09.0072 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/28 21:20:09.0958 PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
2010/12/28 21:20:10.0905 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\WINDOWS\system32\drivers\processr.sys
2010/12/28 21:20:11.0856 PSched (99514faa8df93d34b5589187db3aa0ba) C:\WINDOWS\system32\DRIVERS\pacer.sys
2010/12/28 21:20:13.0135 PxHelp20 (b5dfb86a6caeae9b2bf3dedb43be6393) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/28 21:20:14.0284 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\WINDOWS\system32\drivers\ql2300.sys
2010/12/28 21:20:15.0312 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\WINDOWS\system32\drivers\ql40xx.sys
2010/12/28 21:20:16.0226 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\WINDOWS\system32\drivers\qwavedrv.sys
2010/12/28 21:20:17.0339 RasAcd (147d7f9c556d259924351feb0de606c3) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/28 21:20:18.0368 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/28 21:20:19.0234 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/28 21:20:20.0173 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\WINDOWS\system32\DRIVERS\rassstp.sys
2010/12/28 21:20:21.0130 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/28 21:20:22.0044 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/28 21:20:22.0988 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\WINDOWS\system32\drivers\rdpdr.sys
2010/12/28 21:20:23.0860 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\WINDOWS\system32\drivers\rdpencdd.sys
2010/12/28 21:20:24.0925 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/28 21:20:26.0126 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/12/28 21:20:27.0126 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/12/28 21:20:28.0105 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/12/28 21:20:29.0180 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/28 21:20:30.0432 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/12/28 21:20:31.0409 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/28 21:20:32.0434 RRNetCap (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2010/12/28 21:20:32.0442 RRNetCapMP (43110c2a2c5ed32ead96c440718e4452) C:\WINDOWS\system32\DRIVERS\rrnetcap.sys
2010/12/28 21:20:33.0533 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2010/12/28 21:20:34.0770 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\WINDOWS\system32\DRIVERS\Rtlh86.sys
2010/12/28 21:20:35.0788 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\WINDOWS\system32\drivers\RTSTOR.SYS
2010/12/28 21:20:37.0121 sbp2port (3ce8f073a557e172b330109436984e30) C:\WINDOWS\system32\drivers\sbp2port.sys
2010/12/28 21:20:38.0151 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/28 21:20:39.0363 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\drivers\secdrv.sys
2010/12/28 21:20:40.0598 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\WINDOWS\system32\drivers\serenum.sys
2010/12/28 21:20:41.0800 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\WINDOWS\system32\drivers\serial.sys
2010/12/28 21:20:43.0459 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\WINDOWS\system32\drivers\sermouse.sys
2010/12/28 21:20:44.0494 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/12/28 21:20:45.0804 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\WINDOWS\system32\drivers\sffp_mmc.sys
2010/12/28 21:20:46.0914 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/12/28 21:20:47.0865 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/12/28 21:20:48.0974 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\WINDOWS\system32\drivers\sisagp.sys
2010/12/28 21:20:49.0875 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\WINDOWS\system32\drivers\sisraid2.sys
2010/12/28 21:20:50.0766 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\WINDOWS\system32\drivers\sisraid4.sys
2010/12/28 21:20:51.0663 Smb (7b75299a4d201d6a6533603d6914ab04) C:\WINDOWS\system32\DRIVERS\smb.sys
2010/12/28 21:20:52.0871 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/12/28 21:20:53.0822 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\WINDOWS\system32\drivers\spldr.sys
2010/12/28 21:20:55.0101 SRTSP (e5bb09f5848f98a1b239eeb1f7583b3b) C:\Windows\system32\drivers\NIS\1002000.007\SRTSP.SYS
2010/12/28 21:20:56.0388 SRTSPX (262072d44a269e6d590291f8321f00b1) C:\Windows\system32\drivers\NIS\1005000.087\SRTSPX.SYS
2010/12/28 21:20:57.0335 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/28 21:20:58.0498 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\WINDOWS\system32\DRIVERS\srv2.sys
2010/12/28 21:20:59.0618 srvnet (faa0d553a49e85008c6bb3781987c574) C:\WINDOWS\system32\DRIVERS\srvnet.sys
2010/12/28 21:21:00.0927 STHDA (2449940565c8590961b4b1e9402ea43e) C:\WINDOWS\system32\DRIVERS\stwrt.sys
2010/12/28 21:21:02.0023 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/28 21:21:03.0168 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/28 21:21:04.0787 swmsflt (a184a1bab187809b144ba32509b9e731) C:\WINDOWS\System32\drivers\swmsflt.sys
2010/12/28 21:21:05.0611 Symc8xx (192aa3ac01df071b541094f251deed10) C:\WINDOWS\system32\drivers\symc8xx.sys
2010/12/28 21:21:06.0588 SYMDNS (3fe7392b58f3a168c07e0191ddf4328b) C:\Windows\system32\drivers\NIS\1002000.007\SYMDNS.SYS
2010/12/28 21:21:07.0666 SymEFA (d0403502b507878aa57a79e45b7dfe40) C:\WINDOWS\system32\drivers\NIS\1005000.087\SYMEFA.SYS
2010/12/28 21:21:08.0729 SymEvent (46ae80304322442cf5d971e63f138551) C:\Windows\system32\Drivers\SYMEVENT.SYS
2010/12/28 21:21:09.0844 SYMFW (f4ca524f1d90cbc3f297f0568960b4c2) C:\Windows\system32\drivers\NIS\1002000.007\SYMFW.SYS
2010/12/28 21:21:10.0938 SymIM (729c99eec43eee3f71bbc06a4b7abda0) C:\WINDOWS\system32\DRIVERS\SymIMv.sys
2010/12/28 21:21:11.0994 SYMNDISV (afe5c44d07fd2ddb8292df538179dba1) C:\Windows\system32\drivers\NIS\1002000.007\SYMNDISV.SYS
2010/12/28 21:21:13.0020 SYMREDRV (d9c4aefc8037b2b9cf7d90a6ed69dd5d) C:\Windows\system32\drivers\NIS\1002000.007\SYMREDRV.SYS
2010/12/28 21:21:14.0053 SYMTDI (0c932c269367bed59b6b4f57d04c0e17) C:\Windows\system32\drivers\NIS\1002000.007\SYMTDI.SYS
2010/12/28 21:21:15.0442 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\WINDOWS\system32\drivers\sym_hi.sys
2010/12/28 21:21:16.0918 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\WINDOWS\system32\drivers\sym_u3.sys
2010/12/28 21:21:17.0931 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/12/28 21:21:19.0028 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\WINDOWS\system32\drivers\tcpip.sys
2010/12/28 21:21:20.0039 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/28 21:21:21.0175 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\WINDOWS\system32\drivers\tcpipBM.sys
2010/12/28 21:21:22.0259 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\WINDOWS\system32\drivers\tcpipreg.sys
2010/12/28 21:21:23.0328 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\WINDOWS\system32\drivers\tdpipe.sys
2010/12/28 21:21:24.0700 tdrpman (603d59923828c6c213b84b14cbf32083) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2010/12/28 21:21:25.0782 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\WINDOWS\system32\drivers\tdtcp.sys
2010/12/28 21:21:26.0870 tdx (76b06eb8a01fc8624d699e7045303e54) C:\WINDOWS\system32\DRIVERS\tdx.sys
2010/12/28 21:21:28.0356 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/28 21:21:29.0488 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2010/12/28 21:21:30.0601 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/12/28 21:21:31.0746 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\WINDOWS\system32\DRIVERS\tssecsrv.sys
2010/12/28 21:21:32.0748 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/12/28 21:21:33.0852 tunnel (300db877ac094feab0be7688c3454a9c) C:\WINDOWS\system32\DRIVERS\tunnel.sys
2010/12/28 21:21:35.0242 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\WINDOWS\system32\drivers\uagp35.sys
2010/12/28 21:21:36.0453 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\WINDOWS\system32\DRIVERS\udfs.sys
2010/12/28 21:21:37.0600 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\WINDOWS\system32\drivers\uliagpkx.sys
2010/12/28 21:21:38.0909 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\WINDOWS\system32\drivers\uliahci.sys
2010/12/28 21:21:40.0223 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\WINDOWS\system32\drivers\ulsata.sys
2010/12/28 21:21:41.0668 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\WINDOWS\system32\drivers\ulsata2.sys
2010/12/28 21:21:42.0793 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\WINDOWS\system32\DRIVERS\umbus.sys
2010/12/28 21:21:43.0756 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/28 21:21:45.0013 usbaudio (32db9517628ff0d070682aab61e688f0) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/28 21:21:46.0208 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/28 21:21:47.0254 usbcir (e9476e6c486e76bc4898074768fb7131) C:\WINDOWS\system32\drivers\usbcir.sys
2010/12/28 21:21:48.0279 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/28 21:21:49.0650 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/28 21:21:50.0702 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\WINDOWS\system32\drivers\usbohci.sys
2010/12/28 21:21:51.0903 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\WINDOWS\system32\drivers\usbprint.sys
2010/12/28 21:21:53.0154 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/28 21:21:54.0352 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/28 21:21:55.0551 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/12/28 21:21:56.0893 vga (87b06e1f30b749a114f74622d013f8d4) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
2010/12/28 21:21:58.0158 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\WINDOWS\System32\drivers\vga.sys
2010/12/28 21:21:59.0313 viaagp (5d7159def58a800d5781ba3a879627bc) C:\WINDOWS\system32\drivers\viaagp.sys
2010/12/28 21:22:00.0279 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\WINDOWS\system32\drivers\viac7.sys
2010/12/28 21:22:01.0302 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\WINDOWS\system32\drivers\viaide.sys
2010/12/28 21:22:02.0227 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\WINDOWS\system32\drivers\volmgr.sys
2010/12/28 21:22:03.0423 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\WINDOWS\system32\drivers\volmgrx.sys
2010/12/28 21:22:04.0819 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\WINDOWS\system32\drivers\volsnap.sys
2010/12/28 21:22:05.0877 vsmraid (587253e09325e6bf226b299774b728a9) C:\WINDOWS\system32\drivers\vsmraid.sys
2010/12/28 21:22:07.0262 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\WINDOWS\system32\drivers\wacompen.sys
2010/12/28 21:22:08.0343 Wanarp (55201897378cca7af8b5efd874374a26) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/28 21:22:08.0398 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/28 21:22:09.0635 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\WINDOWS\system32\drivers\wd.sys
2010/12/28 21:22:10.0810 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\WINDOWS\system32\drivers\Wdf01000.sys
2010/12/28 21:22:12.0219 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/12/28 21:22:14.0113 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/28 21:22:15.0357 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/28 21:22:16.0556 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\WINDOWS\system32\drivers\ws2ifsl.sys
2010/12/28 21:22:17.0943 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2010/12/28 21:22:19.0500 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\WINDOWS\system32\DRIVERS\xaudio.sys
2010/12/28 21:22:20.0814 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\WINDOWS\system32\DRIVERS\yk60x86.sys
2010/12/28 21:22:21.0132 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/28 21:22:21.0177 ================================================================================
2010/12/28 21:22:21.0177 Scan finished
2010/12/28 21:22:21.0177 ================================================================================
2010/12/28 21:22:21.0209 Detected object count: 1
2010/12/28 21:22:40.0711 \HardDisk0 - will be cured after reboot
2010/12/28 21:22:40.0713 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

broni · 2010/12/28

Good job

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

garfield · 2010/12/28

Thanks you for your fast helping.

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00007e00
Boot sector MD5 is: bc3a483da6e5c3ac44723f8d118141eb

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

broni · 2010/12/28

When you see a note, that your post has to be approved by a moderator, just do that...wait

We need to fix your MBR....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

garfield · 2010/12/28

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1737
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 230):
0x82847000 \SystemRoot\system32\ntkrnlpa.exe
0x82814000 \SystemRoot\system32\hal.dll
0x80608000 \SystemRoot\system32\kdcom.dll
0x8060F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067F000 \SystemRoot\system32\PSHED.dll
0x80690000 \SystemRoot\system32\BOOTVID.dll
0x80698000 \SystemRoot\system32\CLFS.SYS
0x806D9000 \SystemRoot\system32\CI.dll
0x82E0A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E86000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E93000 \SystemRoot\system32\drivers\acpi.sys
0x82ED9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82EE2000 \SystemRoot\system32\drivers\msisadrv.sys
0x82EEA000 \SystemRoot\system32\drivers\pci.sys
0x82F11000 \SystemRoot\system32\drivers\isapnp.sys
0x82F20000 \SystemRoot\system32\drivers\mpio.sys
0x82F3C000 \SystemRoot\System32\drivers\partmgr.sys
0x82F4B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82F4E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82F58000 \SystemRoot\system32\drivers\volmgr.sys
0x82F67000 \SystemRoot\System32\drivers\volmgrx.sys
0x82FB1000 \SystemRoot\system32\drivers\intelide.sys
0x82FB8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82FC6000 \SystemRoot\system32\drivers\aliide.sys
0x82FCD000 \SystemRoot\system32\drivers\amdide.sys
0x82FD4000 \SystemRoot\system32\drivers\cmdide.sys
0x82FDC000 \SystemRoot\System32\drivers\mountmgr.sys
0x807B9000 \SystemRoot\system32\drivers\msdsm.sys
0x807D3000 \SystemRoot\system32\drivers\nvraid.sys
0x83C0C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x83C2D000 \SystemRoot\system32\drivers\pciide.sys
0x83C34000 \SystemRoot\system32\drivers\viaide.sys
0x83C3C000 \SystemRoot\system32\drivers\iastorv.sys
0x83CDD000 \SystemRoot\system32\drivers\atapi.sys
0x83CE5000 \SystemRoot\system32\drivers\ataport.SYS
0x83D03000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x83D1D000 \SystemRoot\system32\drivers\storport.sys
0x83D5E000 \SystemRoot\system32\drivers\msahci.sys
0x83D68000 \SystemRoot\system32\drivers\hpcisss.sys
0x83D73000 \SystemRoot\system32\drivers\adp94xx.sys
0x83E0B000 \SystemRoot\system32\drivers\adpahci.sys
0x83E57000 \SystemRoot\system32\drivers\adpu160m.sys
0x83E72000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x83E98000 \SystemRoot\system32\drivers\adpu320.sys
0x83EBE000 \SystemRoot\system32\drivers\djsvs.sys
0x83ED2000 \SystemRoot\system32\drivers\arc.sys
0x83EE8000 \SystemRoot\system32\drivers\arcsas.sys
0x83EFE000 \SystemRoot\system32\drivers\elxstor.sys
0x83F92000 \SystemRoot\system32\drivers\i2omp.sys
0x83F9C000 \SystemRoot\system32\drivers\iirsp.sys
0x83FAC000 \SystemRoot\system32\drivers\iteatapi.sys
0x83FB8000 \SystemRoot\system32\drivers\iteraid.sys
0x83FC4000 \SystemRoot\system32\drivers\lsi_fc.sys
0x83FDE000 \SystemRoot\system32\drivers\lsi_sas.sys
0x83FF6000 \SystemRoot\system32\drivers\megasas.sys
0x8B407000 \SystemRoot\system32\drivers\megasr.sys
0x8B4BE000 \SystemRoot\system32\drivers\mraid35x.sys
0x8B4C9000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B4D7000 \SystemRoot\system32\drivers\nvstor.sys
0x8B603000 \SystemRoot\system32\drivers\ql2300.sys
0x8B73B000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B790000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B79D000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B7B2000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B7BE000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B7C9000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B4E4000 \SystemRoot\system32\drivers\uliahci.sys
0x8B7D4000 \SystemRoot\system32\drivers\ulsata.sys
0x8B520000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B54C000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B56D000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B59F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B5AF000 \SystemRoot\system32\drivers\NIS\1005000.087\SYMEFA.SYS
0x8B7F5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B801000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B872000 \SystemRoot\system32\drivers\ndis.sys
0x8B97D000 \SystemRoot\system32\drivers\msrpc.sys
0x8B9A8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA05000 \SystemRoot\System32\drivers\tcpip.sys
0x8BAEF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BB0A000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BC01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD11000 \SystemRoot\system32\drivers\wd.sys
0x8BD19000 \SystemRoot\system32\drivers\volsnap.sys
0x8BD52000 \SystemRoot\system32\DRIVERS\tdrpman.sys
0x8BDAB000 \SystemRoot\System32\Drivers\spldr.sys
0x8BDB3000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8BDD1000 \SystemRoot\system32\drivers\sbp2port.sys
0x8BDE6000 \SystemRoot\System32\Drivers\mup.sys
0x8BB75000 \SystemRoot\System32\drivers\ecache.sys
0x8BB9C000 \SystemRoot\system32\drivers\disk.sys
0x8BDF5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BDFE000 \SystemRoot\system32\drivers\BMLoad.sys
0x8BBCF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BBDA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x90A08000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x91080000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91121000 \SystemRoot\System32\drivers\watchdog.sys
0x9112D000 \SystemRoot\System32\drivers\swmsflt.sys
0x91132000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9113D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9117B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91201000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9128E000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x913B8000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x9118A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x9119A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x911A8000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x911C2000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x911D3000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x91401000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x91453000 \SystemRoot\system32\DRIVERS\itecir.sys
0x914AC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x914BF000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x914C4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x914CF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x914FF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91501000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9150C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91524000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x9152A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91539000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x91542000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91546000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0x91559000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x91588000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91593000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x91599000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x915A6000 \SystemRoot\system32\DRIVERS\ks.sys
0x915D0000 \SystemRoot\System32\Drivers\RootMdm.sys
0x915D8000 \SystemRoot\system32\drivers\modem.sys
0x915E5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x911E7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x83DDD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BBE3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B9E3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91A0D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91A22000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x91A29000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91A39000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
0x91A44000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91A46000 \SystemRoot\system32\DRIVERS\circlass.sys
0x91A54000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91A5E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91A6B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91AA0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91AB1000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x91B12000 \SystemRoot\system32\DRIVERS\portcls.sys
0x91B3F000 \SystemRoot\system32\DRIVERS\drmk.sys
0x91B64000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x91B87000 \SystemRoot\system32\DRIVERS\hidir.sys
0x91B92000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91BA2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91BA9000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91BB2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91BBA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91BC3000 \SystemRoot\System32\Drivers\Null.SYS
0x91BCA000 \SystemRoot\System32\Drivers\Beep.SYS
0x91BD1000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x92201000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x922A1000 \SystemRoot\System32\drivers\vga.sys
0x922AD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x922CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x922D6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x922DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x922E9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x922F7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92300000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92316000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
0x9231B000 \SystemRoot\system32\DRIVERS\smb.sys
0x9232F000 \SystemRoot\system32\drivers\afd.sys
0x92377000 \SystemRoot\System32\DRIVERS\netbt.sys
0x923A9000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x923B2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x923C8000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x923D1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x923DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x923F2000 \??\C:\Windows\system32\drivers\NIS\1005000.087\SRTSPX.SYS
0x92406000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92442000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9244C000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
0x92498000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x924BD000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9251B000 \SystemRoot\System32\Drivers\dfsc.sys
0x92532000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x92549000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x9258E000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x925AF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x925B8000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x925CE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x925DB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x925E6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x81C30000 \SystemRoot\System32\win32k.sys
0x925F0000 \SystemRoot\System32\drivers\Dxapi.sys
0x91BF0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81E50000 \SystemRoot\System32\TSDDD.dll
0x81E70000 \SystemRoot\System32\cdd.dll
0x81E80000 \SystemRoot\System32\ATMFD.DLL
0x8BBAD000 \SystemRoot\system32\drivers\luafv.sys
0xAEA0E000 \SystemRoot\system32\DRIVERS\eamonm.sys
0xAEAB4000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xAEABE000 \SystemRoot\system32\DRIVERS\epfw.sys
0xAEAE0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAEAF0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAEB1A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAEB24000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAEB37000 \SystemRoot\system32\drivers\spsys.sys
0xB1806000 \SystemRoot\system32\drivers\HTTP.sys
0xB1873000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB1890000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB18A9000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB18BE000 \SystemRoot\system32\drivers\mrxdav.sys
0xB18DF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB18FE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB1937000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB194F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB1977000 \SystemRoot\System32\DRIVERS\srv.sys
0xB19DD000 \SystemRoot\System32\Drivers\btcusb.sys
0xB19E5000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0xB19F3000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB8403000 \SystemRoot\system32\drivers\peauth.sys
0xB84E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB84EB000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB8513000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB851F000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB8527000 \SystemRoot\system32\drivers\BCM42RLY.sys
0xB852F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB8538000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB8540000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0x77D20000 \Windows\System32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
736 C:\Windows\System32\smss.exe
880 csrss.exe
924 csrss.exe
932 C:\Windows\System32\wininit.exe
972 C:\Windows\System32\services.exe
996 C:\Windows\System32\winlogon.exe
1020 C:\Windows\System32\lsass.exe
1028 C:\Windows\System32\lsm.exe
1184 C:\Windows\System32\svchost.exe
1228 C:\Program Files\Fingerprint Sensor\AtService.exe
1264 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\svchost.exe
1472 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\stacsv.exe
1592 C:\Windows\System32\audiodg.exe
1672 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\SLsvc.exe
1772 C:\Windows\System32\svchost.exe
1908 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\WLTRYSVC.EXE
556 C:\Windows\System32\BCMWLTRY.EXE
572 C:\Windows\System32\wlanext.exe
776 C:\Windows\System32\spoolsv.exe
884 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1084 C:\Windows\System32\svchost.exe
2200 C:\Windows\System32\taskeng.exe
2276 C:\Windows\System32\dwm.exe
2292 C:\Windows\System32\taskeng.exe
2348 C:\Windows\explorer.exe
2360 C:\Windows\System32\taskeng.exe
2388 C:\Program Files\Google\Update\GoogleUpdate.exe
2732 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
2800 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\AEstSrv.exe
2828 C:\Windows\System32\alg.exe
2884 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2956 C:\Program Files\Bonjour\mDNSResponder.exe
2980 C:\Windows\System32\svchost.exe
3008 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
3116 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
3188 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
3244 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3296 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3304 C:\Program Files\Common Files\Motive\McciCMService.exe
3344 C:\Windows\System32\svchost.exe
3372 C:\Windows\System32\igfxsrvc.exe
3408 C:\Windows\System32\svchost.exe
3416 C:\Program Files\ESET\ESET Smart Security\egui.exe
3464 C:\Windows\System32\svchost.exe
3512 C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
3528 C:\Windows\System32\svchost.exe
3568 C:\Windows\System32\svchost.exe
3632 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3796 C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
3828 C:\Windows\System32\svchost.exe
3864 C:\Windows\System32\SearchIndexer.exe
3908 C:\Windows\System32\drivers\XAudio.exe
3924 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1580 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2588 C:\Windows\System32\wbem\unsecapp.exe
2144 WmiPrvSE.exe
2744 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3176 C:\Windows\System32\svchost.exe
2476 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
4140 C:\Windows\System32\SearchProtocolHost.exe
4252 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
5904 C:\Windows\servicing\TrustedInstaller.exe
4356 C:\Windows\System32\SearchFilterHost.exe
4948 C:\Users\Gartoy\Desktop\MBRCheck.exe
1952 <unknown>

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000070`30b2ac00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive1 Model Number: ST9500325AS, Rev: 0001SDM1
PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: CCF356FEC6D9BBB29EF3EF1E4270A2B799955EA4
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

broni · 2010/12/28

It didn't work, for whatever reason...
Let's try different approach...

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

Select your language and click next:

Click the button for "Use recovery tools ":

The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec ")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

garfield · 2010/12/29

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1737
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 231):
0x82814000 \SystemRoot\system32\ntkrnlpa.exe
0x82BCD000 \SystemRoot\system32\hal.dll
0x80602000 \SystemRoot\system32\kdcom.dll
0x80609000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80679000 \SystemRoot\system32\PSHED.dll
0x8068A000 \SystemRoot\system32\BOOTVID.dll
0x80692000 \SystemRoot\system32\CLFS.SYS
0x806D3000 \SystemRoot\system32\CI.dll
0x82E09000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82E85000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82E92000 \SystemRoot\system32\drivers\acpi.sys
0x82ED8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82EE1000 \SystemRoot\system32\drivers\msisadrv.sys
0x82EE9000 \SystemRoot\system32\drivers\pci.sys
0x82F10000 \SystemRoot\system32\drivers\isapnp.sys
0x82F1F000 \SystemRoot\system32\drivers\mpio.sys
0x82F3B000 \SystemRoot\System32\drivers\partmgr.sys
0x82F4A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82F4D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82F57000 \SystemRoot\system32\drivers\volmgr.sys
0x82F66000 \SystemRoot\System32\drivers\volmgrx.sys
0x82FB0000 \SystemRoot\system32\drivers\intelide.sys
0x82FB7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82FC5000 \SystemRoot\system32\drivers\aliide.sys
0x82FCC000 \SystemRoot\system32\drivers\amdide.sys
0x82FD3000 \SystemRoot\system32\drivers\cmdide.sys
0x82FDB000 \SystemRoot\System32\drivers\mountmgr.sys
0x807B3000 \SystemRoot\system32\drivers\msdsm.sys
0x807CD000 \SystemRoot\system32\drivers\nvraid.sys
0x83C0E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x83C2F000 \SystemRoot\system32\drivers\pciide.sys
0x83C36000 \SystemRoot\system32\drivers\viaide.sys
0x83C3E000 \SystemRoot\system32\drivers\iastorv.sys
0x83CDF000 \SystemRoot\system32\drivers\atapi.sys
0x83CE7000 \SystemRoot\system32\drivers\ataport.SYS
0x83D05000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x83D1F000 \SystemRoot\system32\drivers\storport.sys
0x83D60000 \SystemRoot\system32\drivers\msahci.sys
0x83D6A000 \SystemRoot\system32\drivers\hpcisss.sys
0x83D75000 \SystemRoot\system32\drivers\adp94xx.sys
0x83E07000 \SystemRoot\system32\drivers\adpahci.sys
0x83E53000 \SystemRoot\system32\drivers\adpu160m.sys
0x83E6E000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x83E94000 \SystemRoot\system32\drivers\adpu320.sys
0x83EBA000 \SystemRoot\system32\drivers\djsvs.sys
0x83ECE000 \SystemRoot\system32\drivers\arc.sys
0x83EE4000 \SystemRoot\system32\drivers\arcsas.sys
0x83EFA000 \SystemRoot\system32\drivers\elxstor.sys
0x83F8E000 \SystemRoot\system32\drivers\i2omp.sys
0x83F98000 \SystemRoot\system32\drivers\iirsp.sys
0x83FA8000 \SystemRoot\system32\drivers\iteatapi.sys
0x83FB4000 \SystemRoot\system32\drivers\iteraid.sys
0x83FC0000 \SystemRoot\system32\drivers\lsi_fc.sys
0x83FDA000 \SystemRoot\system32\drivers\lsi_sas.sys
0x83FF2000 \SystemRoot\system32\drivers\megasas.sys
0x8B40C000 \SystemRoot\system32\drivers\megasr.sys
0x8B4C3000 \SystemRoot\system32\drivers\mraid35x.sys
0x8B4CE000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B4DC000 \SystemRoot\system32\drivers\nvstor.sys
0x8B60F000 \SystemRoot\system32\drivers\ql2300.sys
0x8B747000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B79C000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B7A9000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B7BE000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B7CA000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B7D5000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B4E9000 \SystemRoot\system32\drivers\uliahci.sys
0x8B525000 \SystemRoot\system32\drivers\ulsata.sys
0x8B546000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B572000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B593000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B7E0000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B804000 \SystemRoot\system32\drivers\NIS\1005000.087\SYMEFA.SYS
0x8B853000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B858000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B8C9000 \SystemRoot\system32\drivers\ndis.sys
0x8B9D4000 \SystemRoot\system32\drivers\msrpc.sys
0x8B5C5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BA06000 \SystemRoot\System32\drivers\tcpip.sys
0x8BAF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BB0B000 \SystemRoot\system32\DRIVERS\timntr.sys
0x8BC0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD1C000 \SystemRoot\system32\drivers\wd.sys
0x8BD24000 \SystemRoot\system32\drivers\volsnap.sys
0x8BD5D000 \SystemRoot\system32\DRIVERS\tdrpman.sys
0x8BDB6000 \SystemRoot\System32\Drivers\spldr.sys
0x8BDBE000 \SystemRoot\system32\DRIVERS\snapman.sys
0x8BDDC000 \SystemRoot\system32\drivers\sbp2port.sys
0x8BDF1000 \SystemRoot\System32\Drivers\mup.sys
0x8BB76000 \SystemRoot\System32\drivers\ecache.sys
0x8BB9D000 \SystemRoot\system32\drivers\disk.sys
0x8BC00000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BC09000 \SystemRoot\system32\drivers\BMLoad.sys
0x8BBD0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BBDB000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8F80B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8FE83000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FF24000 \SystemRoot\System32\drivers\watchdog.sys
0x8FF30000 \SystemRoot\System32\drivers\swmsflt.sys
0x8FF35000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FF40000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FF7E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9020A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90297000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8FF8D000 \SystemRoot\system32\DRIVERS\k57nd60x.sys
0x903C1000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x903D1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x903DF000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8FFD1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8FFE2000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x9040C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x9045E000 \SystemRoot\system32\DRIVERS\itecir.sys
0x904B7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x904CA000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x904CF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x904DA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9050A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9050C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90517000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9052F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90535000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90544000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x9054D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90551000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
0x90564000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90593000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9059E000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x905A4000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x905B1000 \SystemRoot\system32\DRIVERS\ks.sys
0x905DB000 \SystemRoot\System32\Drivers\RootMdm.sys
0x905E3000 \SystemRoot\system32\drivers\modem.sys
0x8BBE4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x905F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9080A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9082D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9083C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90850000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90865000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x9086C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9087C000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
0x90887000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90889000 \SystemRoot\system32\DRIVERS\circlass.sys
0x90897000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x908A1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x908AE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x908E3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x908F4000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x90955000 \SystemRoot\system32\DRIVERS\portcls.sys
0x90982000 \SystemRoot\system32\DRIVERS\drmk.sys
0x909A7000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x909CA000 \SystemRoot\system32\DRIVERS\hidir.sys
0x909D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x909E5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x909EC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x909F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90800000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90400000 \SystemRoot\System32\Drivers\Null.SYS
0x903F9000 \SystemRoot\System32\Drivers\Beep.SYS
0x83DDF000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x91206000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x912A6000 \SystemRoot\System32\drivers\vga.sys
0x912B2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x912D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x912DB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x912E3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x912EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x912FC000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91305000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9131B000 \??\C:\WINDOWS\system32\drivers\tcpipBM.sys
0x91320000 \SystemRoot\system32\DRIVERS\smb.sys
0x91334000 \SystemRoot\system32\drivers\afd.sys
0x9137C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x913AE000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x913B7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x913CD000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x913D6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x913E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90200000 \??\C:\Windows\system32\drivers\NIS\1005000.087\SRTSPX.SYS
0x91405000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91441000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9144B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
0x91497000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x914BC000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9151A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91531000 \SystemRoot\System32\Drivers\dfsc.sys
0x91548000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x9158D000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x915AE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x915B7000 \SystemRoot\system32\DRIVERS\udfs.sys
0x915F2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F800000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FFF6000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9BA80000 \SystemRoot\System32\win32k.sys
0x8BBAE000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BBB8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9BCA0000 \SystemRoot\System32\TSDDD.dll
0x9BCC0000 \SystemRoot\System32\cdd.dll
0x9BCD0000 \SystemRoot\System32\ATMFD.DLL
0xAEA03000 \SystemRoot\system32\drivers\luafv.sys
0xAEA1E000 \SystemRoot\system32\DRIVERS\eamonm.sys
0xAEAC4000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xAEACE000 \SystemRoot\system32\DRIVERS\epfw.sys
0xAEAF0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAEB00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAEB2A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAEB34000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAEB47000 \SystemRoot\system32\drivers\HTTP.sys
0xB1805000 \SystemRoot\system32\drivers\spsys.sys
0xB18B5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB18D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB18EB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB1900000 \SystemRoot\system32\drivers\mrxdav.sys
0xB1921000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB1940000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB1979000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB1991000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB2002000 \SystemRoot\System32\DRIVERS\srv.sys
0xB2050000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xB2071000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
0xB207F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB2083000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB20AB000 \SystemRoot\system32\drivers\peauth.sys
0xB2189000 \SystemRoot\System32\Drivers\btcusb.sys
0xB2191000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB219B000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB21A7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB21AF000 \SystemRoot\system32\drivers\BCM42RLY.sys
0xB21B7000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB21BF000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB21C3000 \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
0x77780000 \Windows\System32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
740 C:\Windows\System32\smss.exe
820 csrss.exe
868 csrss.exe
876 C:\Windows\System32\wininit.exe
932 C:\Windows\System32\winlogon.exe
944 C:\Windows\System32\services.exe
964 C:\Windows\System32\lsass.exe
972 C:\Windows\System32\lsm.exe
1120 C:\Windows\System32\svchost.exe
1164 C:\Program Files\Fingerprint Sensor\AtService.exe
1200 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\stacsv.exe
1540 C:\Windows\System32\audiodg.exe
1628 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\SLsvc.exe
1708 C:\Windows\System32\svchost.exe
1860 C:\Windows\System32\svchost.exe
2020 C:\Windows\System32\WLTRYSVC.EXE
2032 C:\Windows\System32\BCMWLTRY.EXE
2040 C:\Windows\System32\wlanext.exe
648 C:\Windows\System32\spoolsv.exe
660 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1108 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\taskeng.exe
2140 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
2180 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\AEstSrv.exe
2192 C:\Windows\System32\alg.exe
2216 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2236 C:\Program Files\Bonjour\mDNSResponder.exe
2252 C:\Windows\System32\svchost.exe
2288 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2316 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
2452 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2476 C:\Program Files\Common Files\Motive\McciCMService.exe
2516 C:\Windows\System32\svchost.exe
2600 C:\Windows\System32\svchost.exe
2624 C:\Windows\System32\svchost.exe
2644 C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
2664 C:\Windows\System32\svchost.exe
2704 C:\Windows\System32\svchost.exe
2776 C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2856 C:\Windows\System32\svchost.exe
2876 C:\Windows\System32\SearchIndexer.exe
2924 C:\Windows\System32\drivers\XAudio.exe
2940 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3064 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3600 C:\Windows\System32\taskeng.exe
3660 C:\Windows\System32\taskeng.exe
3760 C:\Windows\System32\dwm.exe
3796 C:\Program Files\Google\Update\GoogleUpdate.exe
3804 C:\Windows\explorer.exe
204 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
3704 C:\Windows\System32\igfxsrvc.exe
3896 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3536 C:\Program Files\ESET\ESET Smart Security\egui.exe
1956 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1288 C:\Windows\System32\wbem\unsecapp.exe
824 WmiPrvSE.exe
3316 C:\Windows\System32\SearchProtocolHost.exe
3052 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3196 C:\Windows\System32\svchost.exe
3588 C:\Windows\servicing\TrustedInstaller.exe
3592 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
4344 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
5428 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
5180 C:\Windows\System32\SearchFilterHost.exe
5148 C:\Users\Gartoy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000070`30b2ac00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive1 Model Number: ST9500325AS, Rev: 0001SDM1
PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: CCF356FEC6D9BBB29EF3EF1E4270A2B799955EA4
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive:

broni · 2010/12/29

Delete your Combofix file, download fresh copy and post new log.

garfield · 2010/12/29

ComboFix 10-12-29.01 - Gartoy 12/29/2010 17:21:48.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3004.2025 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Gartoy\AppData\Roaming\CSI - New York.exe
c:\users\Gartoy\AppData\Roaming\Drawn The Painted Tower.exe

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 )))))))))))))))))))))))))))))))
.

2010-12-29 22:41 . 2010-12-29 22:41 -------- d-----w- c:\users\Gartoy\AppData\Local\temp
2010-12-29 22:41 . 2010-12-29 22:41 -------- d-----w- c:\users\tester\AppData\Local\temp
2010-12-29 22:41 . 2010-12-29 22:41 -------- d-----w- c:\users\tester.Happy\AppData\Local\temp
2010-12-29 22:41 . 2010-12-29 22:41 -------- d-----w- c:\users\tester.Happy.000\AppData\Local\temp
2010-12-29 22:41 . 2010-12-29 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-29 03:11 . 2010-12-29 03:11 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-12-28 06:36 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD4069AF-2F69-4D90-BA31-DFB56FE363CC}\mpengine.dll
2010-12-28 00:53 . 2010-12-28 15:01 -------- d-----w- c:\users\Gartoy\DoctorWeb
2010-12-28 00:20 . 2010-12-28 00:43 -------- d-----w- c:\users\Gartoy\AppData\Local\NPE
2010-12-27 21:43 . 2010-12-27 22:45 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-27 21:41 . 2010-12-29 03:09 -------- d-----w- c:\programdata\PC Tools
2010-12-27 18:51 . 2010-12-27 19:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-27 18:51 . 2010-12-27 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 18:32 . 2010-12-27 18:32 -------- d-----w- c:\program files\CCleaner
2010-12-27 00:06 . 2010-12-27 00:06 -------- d-----w- c:\users\Gartoy\AppData\Local\Adobe
2010-12-24 23:35 . 2010-12-24 23:35 -------- d-----w- c:\users\Gartoy\AppData\Local\Apple
2010-12-24 13:30 . 2009-04-11 06:32 19944 ----a-w- C:\atapi.sys
2010-12-24 03:21 . 2010-12-24 03:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-24 03:20 . 2010-12-24 03:33 -------- d-----w- c:\programdata\Hitman Pro
2010-12-22 20:23 . 2010-12-22 20:23 -------- d-----w- C:\$AVG
2010-12-22 17:55 . 2010-12-22 17:55 388096 ----a-r- c:\users\Gartoy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-22 01:27 . 2010-12-22 01:34 -------- d-----w- c:\users\Gartoy\AppData\Roaming\vlc
2010-12-22 01:25 . 2010-12-22 01:25 -------- d-----w- c:\program files\VideoLAN
2010-12-16 01:07 . 2010-12-16 01:07 -------- d-----w- c:\users\Gartoy\AppData\Roaming\dvdcss
2010-12-16 00:48 . 2010-12-16 00:48 -------- d-----w- c:\program files\Freemake
2010-12-16 00:27 . 2009-09-27 14:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-12-16 00:27 . 2004-02-22 15:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-12-16 00:27 . 2010-12-16 00:27 -------- d-----w- c:\program files\AviSynth 2.5
2010-12-16 00:27 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-16 00:27 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-12-16 00:20 . 2010-12-16 00:20 -------- d-----w- c:\program files\eRightSoft
2010-12-15 16:02 . 2010-12-15 16:02 -------- d-----w- c:\users\Gartoy\AppData\Roaming\webex
2010-12-15 16:00 . 2010-12-15 18:03 -------- d-----w- c:\programdata\WebEx
2010-12-15 03:28 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 03:28 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 03:28 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 03:28 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 03:28 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 02:51 . 2010-12-15 02:51 -------- d-----w- c:\program files\DVDx
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-08 20:03 . 2010-12-08 20:03 -------- d-----w- c:\programdata\gogii
2010-12-08 20:01 . 2010-12-08 20:02 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-07 15:36 . 2008-02-28 07:51 372736 ----a-w- c:\windows\system32\aestecap.dll
2010-12-07 15:36 . 2007-03-05 05:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-12-07 15:36 . 2008-02-28 07:51 133632 ----a-w- c:\windows\system32\aestacap.dll
2010-12-07 15:36 . 2008-04-17 00:50 2469888 ----a-w- c:\windows\system32\stlang.dll
2010-12-07 15:36 . 2008-02-28 07:51 73728 ----a-w- c:\windows\system32\AESTCom.dll
2010-12-07 15:36 . 2008-04-17 00:49 512000 ----a-w- c:\windows\system32\idtmini1.exe
2010-12-07 15:36 . 2008-04-17 00:49 5550145 ----a-w- c:\windows\system32\idtcpl.cpl
2010-12-06 16:21 . 2010-12-06 16:21 -------- d-----w- c:\users\Gartoy\AppData\Local\HCSShell
2010-12-06 01:26 . 2010-12-06 01:26 -------- d-----w- c:\users\Gartoy\AppData\Local\Avanquest North America
2010-12-06 01:26 . 2010-12-06 01:26 -------- d-----w- c:\users\Gartoy\AppData\Local\Creative Home
2010-12-05 17:00 . 2010-12-05 17:00 -------- d-----w- c:\program files\New Folder
2010-12-05 16:58 . 2010-12-05 16:53 388608 ----a-w- C:\HijackThis1.exe
2010-12-01 15:55 . 2010-12-01 15:55 -------- d-----w- c:\users\Gartoy\AppData\Roaming\GameMill Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-01-15 22:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-01-15 22:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-02 19:53 . 2010-11-02 19:53 12 ----a-w- c:\windows\Fonts\wfonts.key
2010-10-19 15:41 . 2009-10-04 06:25 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-05-02 23:00 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-20 23:00 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-15 23:00 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DpAgent "= "c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"egui "= "c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2219184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder 2010.lnk]
backup=c:\windows\pss\Event Planner Reminder 2010.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\MP3 Rocket (Minimized).lnk
backup=c:\windows\pss\MP3 Rocket (Minimized).lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN121T Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\NETGEAR WN121T Smart Wizard\NETGEAR WN121T Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN121T Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Gartoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Birthday reminder check.lnk]
backup=c:\windows\pss\Birthday reminder check.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Gartoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-03 04:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-09-14 06:55 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-09-14 07:02 905056 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 09:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2010-03-10 22:10 883272 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-10-13 18:17 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2009-10-13 06:37 41864 ----a-w- c:\program files\Camfrog\Camfrog Video Chat1\CamfrogNET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-08-15 13:39 50592 ----a-w- c:\users\Gartoy\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-31 00:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2010-04-14 16:58 524944 ----a-w- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-10-30 15:32 175128 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-10-30 15:32 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-07-12 17:43 226904 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 23:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-03 17:32 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 19:06 485208 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA001Cfg.exe]
2008-04-15 05:01 32768 ----a-w- c:\windows\OA001Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-10-30 15:32 166936 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RNmail]
2004-10-23 00:26 540734 ----a-w- c:\program files\RNmail\rn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-04-14 20:12 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-19 04:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-09-14 06:52 2595480 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-12-04 02:15 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2010-03-10 121416]
R3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-04-14 255536]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2010-03-10 125512]
R3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\ccHPx86.sys [2009-04-14 362544]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\Common Files\Symantec Shared(505)\EENGINE(22)(506)\EraserUtilDrv10910.sys [2009-04-03 101936]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-08-23 37120]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WN111.sys [2007-10-29 310016]
R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrveap32.sys [2007-09-11 15360]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-14 570880]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RGService;RGService;c:\program files\RadioGet\RGService.exe [2009-10-30 335872]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-05-25 31848]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\NIS\1002000.007\SYMNDISV.SYS [2009-04-14 40496]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 135664]
R4 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 9216]
R4 KMService;KMService;c:\windows\system32\srvany.exe [2010-06-24 8192]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS [2009-03-12 310320]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys [2009-01-29 292912]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\aestsrv.exe [2008-02-28 73728]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-17 1807608]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-04 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-17 659328]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-07 273448]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2007-03-22 20992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-05-25 31848]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 12:46]

2010-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 12:46]

2010-12-29 c:\windows\Tasks\HPCeeScheduleForGartoy.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]

2010-12-29 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-08-03 16:21]

2010-12-29 c:\windows\Tasks\User_Feed_Synchronization-{FA78D96C-D9A5-490F-9A32-637A23CE23F7}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
Trusted Zone: intuit.com\ttlc
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-29 17:41
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\Gartoy\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \ "Norton Internet Security\" /m \ "c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1056)
c:\windows\system32\bmnet.dll
.
Completion time: 2010-12-29 17:46:59
ComboFix-quarantined-files.txt 2010-12-29 22:46
ComboFix2.txt 2010-12-28 17:02

Pre-Run: 239,146,934,272 bytes free
Post-Run: 239,096,180,736 bytes free

- - End Of File - - B902657D053E5D325BB52A3147F2C481

broni · 2010/12/29

You have some Norton's leftovers.
Run this tool to remove them: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

Post fresh Combofix log.

garfield · 2010/12/29

ComboFix 10-12-29.01 - Gartoy 12/29/2010 19:03:01.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3004.2046 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 00:18 . 2010-12-30 00:19 -------- d-----w- c:\users\Gartoy\AppData\Local\temp
2010-12-30 00:18 . 2010-12-30 00:18 -------- d-----w- c:\users\tester\AppData\Local\temp
2010-12-30 00:18 . 2010-12-30 00:18 -------- d-----w- c:\users\tester.Happy\AppData\Local\temp
2010-12-30 00:18 . 2010-12-30 00:18 -------- d-----w- c:\users\tester.Happy.000\AppData\Local\temp
2010-12-30 00:18 . 2010-12-30 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-29 03:11 . 2010-12-29 03:11 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-12-28 06:36 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD4069AF-2F69-4D90-BA31-DFB56FE363CC}\mpengine.dll
2010-12-28 00:53 . 2010-12-28 15:01 -------- d-----w- c:\users\Gartoy\DoctorWeb
2010-12-28 00:20 . 2010-12-28 00:43 -------- d-----w- c:\users\Gartoy\AppData\Local\NPE
2010-12-27 21:43 . 2010-12-27 22:45 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-27 21:41 . 2010-12-29 03:09 -------- d-----w- c:\programdata\PC Tools
2010-12-27 18:51 . 2010-12-27 19:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-27 18:51 . 2010-12-27 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 18:32 . 2010-12-27 18:32 -------- d-----w- c:\program files\CCleaner
2010-12-27 00:06 . 2010-12-27 00:06 -------- d-----w- c:\users\Gartoy\AppData\Local\Adobe
2010-12-24 23:35 . 2010-12-24 23:35 -------- d-----w- c:\users\Gartoy\AppData\Local\Apple
2010-12-24 13:30 . 2009-04-11 06:32 19944 ----a-w- C:\atapi.sys
2010-12-24 03:21 . 2010-12-24 03:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-24 03:20 . 2010-12-24 03:33 -------- d-----w- c:\programdata\Hitman Pro
2010-12-22 20:23 . 2010-12-22 20:23 -------- d-----w- C:\$AVG
2010-12-22 17:55 . 2010-12-22 17:55 388096 ----a-r- c:\users\Gartoy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-22 01:27 . 2010-12-22 01:34 -------- d-----w- c:\users\Gartoy\AppData\Roaming\vlc
2010-12-22 01:25 . 2010-12-22 01:25 -------- d-----w- c:\program files\VideoLAN
2010-12-16 01:07 . 2010-12-16 01:07 -------- d-----w- c:\users\Gartoy\AppData\Roaming\dvdcss
2010-12-16 00:48 . 2010-12-16 00:48 -------- d-----w- c:\program files\Freemake
2010-12-16 00:27 . 2009-09-27 14:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-12-16 00:27 . 2004-02-22 15:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-12-16 00:27 . 2010-12-16 00:27 -------- d-----w- c:\program files\AviSynth 2.5
2010-12-16 00:27 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-16 00:27 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-12-16 00:20 . 2010-12-16 00:20 -------- d-----w- c:\program files\eRightSoft
2010-12-15 16:02 . 2010-12-15 16:02 -------- d-----w- c:\users\Gartoy\AppData\Roaming\webex
2010-12-15 16:00 . 2010-12-15 18:03 -------- d-----w- c:\programdata\WebEx
2010-12-15 03:28 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 03:28 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 03:28 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 03:28 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 03:28 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 02:51 . 2010-12-15 02:51 -------- d-----w- c:\program files\DVDx
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-08 20:03 . 2010-12-08 20:03 -------- d-----w- c:\programdata\gogii
2010-12-08 20:01 . 2010-12-08 20:02 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-07 15:36 . 2008-02-28 07:51 372736 ----a-w- c:\windows\system32\aestecap.dll
2010-12-07 15:36 . 2007-03-05 05:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-12-07 15:36 . 2008-02-28 07:51 133632 ----a-w- c:\windows\system32\aestacap.dll
2010-12-07 15:36 . 2008-04-17 00:50 2469888 ----a-w- c:\windows\system32\stlang.dll
2010-12-07 15:36 . 2008-02-28 07:51 73728 ----a-w- c:\windows\system32\AESTCom.dll
2010-12-07 15:36 . 2008-04-17 00:49 512000 ----a-w- c:\windows\system32\idtmini1.exe
2010-12-07 15:36 . 2008-04-17 00:49 5550145 ----a-w- c:\windows\system32\idtcpl.cpl
2010-12-06 16:21 . 2010-12-06 16:21 -------- d-----w- c:\users\Gartoy\AppData\Local\HCSShell
2010-12-06 01:26 . 2010-12-06 01:26 -------- d-----w- c:\users\Gartoy\AppData\Local\Avanquest North America
2010-12-06 01:26 . 2010-12-06 01:26 -------- d-----w- c:\users\Gartoy\AppData\Local\Creative Home
2010-12-05 17:00 . 2010-12-05 17:00 -------- d-----w- c:\program files\New Folder
2010-12-05 16:58 . 2010-12-05 16:53 388608 ----a-w- C:\HijackThis1.exe
2010-12-01 15:55 . 2010-12-01 15:55 -------- d-----w- c:\users\Gartoy\AppData\Roaming\GameMill Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-01-15 22:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-01-15 22:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-02 19:53 . 2010-11-02 19:53 12 ----a-w- c:\windows\Fonts\wfonts.key
2010-10-19 15:41 . 2009-10-04 06:25 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-05-02 23:00 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-20 23:00 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-15 23:00 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DpAgent "= "c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"egui "= "c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2219184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder 2010.lnk]
backup=c:\windows\pss\Event Planner Reminder 2010.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\MP3 Rocket (Minimized).lnk
backup=c:\windows\pss\MP3 Rocket (Minimized).lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN121T Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\NETGEAR WN121T Smart Wizard\NETGEAR WN121T Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN121T Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Gartoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Birthday reminder check.lnk]
backup=c:\windows\pss\Birthday reminder check.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Gartoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-03 04:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-09-14 06:55 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-09-14 07:02 905056 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 09:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2010-03-10 22:10 883272 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-10-13 18:17 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2009-10-13 06:37 41864 ----a-w- c:\program files\Camfrog\Camfrog Video Chat1\CamfrogNET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-08-15 13:39 50592 ----a-w- c:\users\Gartoy\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-31 00:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2010-04-14 16:58 524944 ----a-w- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-10-30 15:32 175128 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-10-30 15:32 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-07-12 17:43 226904 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 23:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-03 17:32 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 19:06 485208 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA001Cfg.exe]
2008-04-15 05:01 32768 ----a-w- c:\windows\OA001Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-10-30 15:32 166936 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RNmail]
2004-10-23 00:26 540734 ----a-w- c:\program files\RNmail\rn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-04-14 20:12 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-19 04:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-09-14 06:52 2595480 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-12-04 02:15 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2010-03-10 121416]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2010-03-10 125512]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-08-23 37120]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WN111.sys [2007-10-29 310016]
R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrveap32.sys [2007-09-11 15360]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-14 570880]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RGService;RGService;c:\program files\RadioGet\RGService.exe [2009-10-30 335872]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-05-25 31848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 135664]
R4 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 9216]
R4 KMService;KMService;c:\windows\system32\srvany.exe [2010-06-24 8192]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\aestsrv.exe [2008-02-28 73728]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-17 1807608]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-04 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-17 659328]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-07 273448]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2007-03-22 20992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-05-25 31848]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 12:46]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 12:46]

2010-12-29 c:\windows\Tasks\HPCeeScheduleForGartoy.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]

2010-12-30 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-08-03 16:21]

2010-12-30 c:\windows\Tasks\User_Feed_Synchronization-{FA78D96C-D9A5-490F-9A32-637A23CE23F7}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
Trusted Zone: intuit.com\ttlc
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-29 19:19
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\bmnet.dll
.
Completion time: 2010-12-29 19:22:32
ComboFix-quarantined-files.txt 2010-12-30 00:22
ComboFix2.txt 2010-12-29 22:47
ComboFix3.txt 2010-12-28 17:02

Pre-Run: 239,011,016,704 bytes free
Post-Run: 238,979,952,640 bytes free

- - End Of File - - A24B314B13E1611DBC256A1357F83146

broni · 2010/12/29

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
C:\atapi.sys


Folder::
C:\$AVG


Driver::
Viewpoint Manager Service
KMService
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

garfield · 2010/12/29

ComboFix 10-12-29.01 - Gartoy 12/29/2010 20:07:13.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3004.2000 [GMT -5:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\cfscript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active

FILE ::
"C:\atapi.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$AVG
c:\$avg\$VAULT\V_00000001.fil
c:\$avg\$VAULT\V_00000002.fil
c:\$avg\$VAULT\V_00000006.fil
c:\$avg\$VAULT\V_00000007.fil
c:\$avg\$VAULT\V_00000008.fil
c:\$avg\$VAULT\V_00000010.fil
c:\$avg\$VAULT\V_00000011.fil
c:\$avg\$VAULT\V_00000013.fil
c:\$avg\$VAULT\V_00000014.fil
c:\$avg\$VAULT\vvfolder.idx
C:\atapi.sys

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_KMService
-------\Service_Viewpoint Manager Service

((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 01:22 . 2010-12-30 01:28 -------- d-----w- c:\users\Gartoy\AppData\Local\temp
2010-12-30 01:22 . 2010-12-30 01:22 -------- d-----w- c:\users\tester\AppData\Local\temp
2010-12-30 01:22 . 2010-12-30 01:22 -------- d-----w- c:\users\tester.Happy\AppData\Local\temp
2010-12-30 01:22 . 2010-12-30 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 01:22 . 2010-12-30 01:22 -------- d-----w- c:\users\tester.Happy.000\AppData\Local\temp
2010-12-29 03:11 . 2010-12-29 03:11 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-12-28 06:36 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD4069AF-2F69-4D90-BA31-DFB56FE363CC}\mpengine.dll
2010-12-28 00:53 . 2010-12-28 15:01 -------- d-----w- c:\users\Gartoy\DoctorWeb
2010-12-28 00:20 . 2010-12-28 00:43 -------- d-----w- c:\users\Gartoy\AppData\Local\NPE
2010-12-27 21:43 . 2010-12-27 22:45 -------- d-----w- C:\TDSSKiller_Quarantine
2010-12-27 21:41 . 2010-12-29 03:09 -------- d-----w- c:\programdata\PC Tools
2010-12-27 18:51 . 2010-12-27 19:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-27 18:51 . 2010-12-27 19:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-27 18:32 . 2010-12-27 18:32 -------- d-----w- c:\program files\CCleaner
2010-12-27 00:06 . 2010-12-27 00:06 -------- d-----w- c:\users\Gartoy\AppData\Local\Adobe
2010-12-24 23:35 . 2010-12-24 23:35 -------- d-----w- c:\users\Gartoy\AppData\Local\Apple
2010-12-24 03:21 . 2010-12-24 03:37 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-24 03:20 . 2010-12-24 03:33 -------- d-----w- c:\programdata\Hitman Pro
2010-12-22 17:55 . 2010-12-22 17:55 388096 ----a-r- c:\users\Gartoy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-22 01:27 . 2010-12-22 01:34 -------- d-----w- c:\users\Gartoy\AppData\Roaming\vlc
2010-12-22 01:25 . 2010-12-22 01:25 -------- d-----w- c:\program files\VideoLAN
2010-12-16 01:07 . 2010-12-16 01:07 -------- d-----w- c:\users\Gartoy\AppData\Roaming\dvdcss
2010-12-16 00:48 . 2010-12-16 00:48 -------- d-----w- c:\program files\Freemake
2010-12-16 00:27 . 2009-09-27 14:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-12-16 00:27 . 2004-02-22 15:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-12-16 00:27 . 2010-12-16 00:27 -------- d-----w- c:\program files\AviSynth 2.5
2010-12-16 00:27 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-16 00:27 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-12-16 00:20 . 2010-12-16 00:20 -------- d-----w- c:\program files\eRightSoft
2010-12-15 16:02 . 2010-12-15 16:02 -------- d-----w- c:\users\Gartoy\AppData\Roaming\webex
2010-12-15 16:00 . 2010-12-15 18:03 -------- d-----w- c:\programdata\WebEx
2010-12-15 03:28 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 03:28 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 03:28 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 03:28 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-15 03:28 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 02:51 . 2010-12-15 02:51 -------- d-----w- c:\program files\DVDx
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-13 20:54 . 2010-12-13 20:54 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-08 20:03 . 2010-12-08 20:03 -------- d-----w- c:\programdata\gogii
2010-12-08 20:01 . 2010-12-08 20:02 -------- d-----w- c:\program files\Twisted - A Haunted Carol
2010-12-07 15:36 . 2008-02-28 07:51 372736 ----a-w- c:\windows\system32\aestecap.dll
2010-12-07 15:36 . 2007-03-05 05:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2010-12-07 15:36 . 2008-02-28 07:51 133632 ----a-w- c:\windows\system32\aestacap.dll
2010-12-07 15:36 . 2008-04-17 00:50 2469888 ----a-w- c:\windows\system32\stlang.dll
2010-12-07 15:36 . 2008-02-28 07:51 73728 ----a-w- c:\windows\system32\AESTCom.dll
2010-12-07 15:36 . 2008-04-17 00:49 512000 ----a-w- c:\windows\system32\idtmini1.exe
2010-12-07 15:36 . 2008-04-17 00:49 5550145 ----a-w- c:\windows\system32\idtcpl.cpl
2010-12-06 16:21 . 2010-12-06 16:21 -------- d-----w- c:\users\Gartoy\AppData\Local\HCSShell
2010-12-06 01:26 . 2010-12-06 01:26 -------- d-----w- c:\users\Gartoy\AppData\Local\Avanquest North America
2010-12-06 01:26 . 2010-12-06 01:26 -------- d-----w- c:\users\Gartoy\AppData\Local\Creative Home
2010-12-05 17:00 . 2010-12-05 17:00 -------- d-----w- c:\program files\New Folder
2010-12-05 16:58 . 2010-12-05 16:53 388608 ----a-w- C:\HijackThis1.exe
2010-12-01 15:55 . 2010-12-01 15:55 -------- d-----w- c:\users\Gartoy\AppData\Roaming\GameMill Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2010-01-15 22:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-01-15 22:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-02 19:53 . 2010-11-02 19:53 12 ----a-w- c:\windows\Fonts\wfonts.key
2010-10-19 15:41 . 2009-10-04 06:25 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-05-02 23:00 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-20 23:00 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-15 23:00 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DpAgent "= "c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"egui "= "c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-04 2219184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder 2010.lnk]
backup=c:\windows\pss\Event Planner Reminder 2010.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Rocket (Minimized).lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\MP3 Rocket (Minimized).lnk
backup=c:\windows\pss\MP3 Rocket (Minimized).lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WN121T Smart Wizard.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\NETGEAR WN121T Smart Wizard\NETGEAR WN121T Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN121T Smart Wizard.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Gartoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Birthday reminder check.lnk]
backup=c:\windows\pss\Birthday reminder check.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Gartoy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-10-03 04:32 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-09-14 06:55 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-09-14 07:02 905056 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-10-03 09:08 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 22:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2010-03-10 22:10 883272 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-10-13 18:17 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2009-10-13 06:37 41864 ----a-w- c:\program files\Camfrog\Camfrog Video Chat1\CamfrogNET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-08-15 13:39 50592 ----a-w- c:\users\Gartoy\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2007-10-31 00:52 16200 ----a-w- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2010-04-14 16:58 524944 ----a-w- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-10-30 15:32 175128 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-10-30 15:32 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-07-12 17:43 226904 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 23:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-03 17:32 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 19:06 485208 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA001Cfg.exe]
2008-04-15 05:01 32768 ----a-w- c:\windows\OA001Cfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-10-30 15:32 166936 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RNmail]
2004-10-23 00:26 540734 ----a-w- c:\program files\RNmail\rn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-04-14 20:12 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-19 04:34 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-09-14 06:52 2595480 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-12-04 02:15 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2010-03-10 121416]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2010-03-10 125512]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-08-23 37120]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\WN111.sys [2007-10-29 310016]
R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrveap32.sys [2007-09-11 15360]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-14 570880]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RGService;RGService;c:\program files\RadioGet\RGService.exe [2009-10-30 335872]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-05-25 31848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 135664]
R4 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2008-04-27 9216]
R4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\aestsrv.exe [2008-02-28 73728]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-17 1807608]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-11-04 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 41336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-17 659328]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-03-08 62496]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-07 273448]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2007-03-22 20992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-05-25 31848]
S4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 23:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 12:46]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 12:46]

2010-12-29 c:\windows\Tasks\HPCeeScheduleForGartoy.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]

2010-12-30 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-08-03 16:21]

2010-12-30 c:\windows\Tasks\User_Feed_Synchronization-{FA78D96C-D9A5-490F-9A32-637A23CE23F7}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: bmnet.dll
Trusted Zone: intuit.com\ttlc
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-29 20:27
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1016)
c:\windows\system32\bmnet.dll

- - - - - - - > 'Explorer.exe'(4676)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Ralink\Common\RalinkRegistryWriter.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-12-29 20:36:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-30 01:36
ComboFix2.txt 2010-12-30 00:22
ComboFix3.txt 2010-12-29 22:47
ComboFix4.txt 2010-12-28 17:02

Pre-Run: 238,971,527,168 bytes free
Post-Run: 238,904,795,136 bytes free

- - End Of File - - 674020CE6DE93E3EFB4B49A6BC7FBD93

broni · 2010/12/29

Please, re-run TDSSKiller one more time.

Log in or Sign up

Inactive Threat found MBR sector of the 1. physical disk.

garfield Inactive Thread Starter

Admin. Administrator Administrator Staff

garfield Inactive Thread Starter

garfield Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Threat found MBR sector of the 1. physical disk.

garfield Inactive Thread Starter

Admin. Administrator Administrator Staff

garfield Inactive Thread Starter

garfield Inactive Thread Starter

Admin. Administrator Administrator Staff

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

garfield Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches