Solved Aftermath of Trojans

[Resolved] Aftermath of Trojans

My computer was infected with a Trojan from a bad video link I believe.
Problems:
Safe mode loads without any icons, taskbar or menus.
Unable to use System restore.
Unable to change the default audio device from VIA HD Audio Output to Plantronics Headset.
When in Firefox a new tab opening advertising a 'virus removal' tool.
IE8 cannot acess th windows update site, though otherwise works fine.
Whilst in Firefox I recieve an erropr pop up saying:

'Generic Host Process for Wind32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.'

And then asks me to send an error report to Microsoft.

AVG free edition found 6 files, only 3 of which it could fix.
I then ran Adaware, Spybot S&D, and Malwarebyte's Antimalware, all of which found several files, and managed to sucessfully remove these files, though re running scans would find new files to be removed.

I tried to Run System restore but couldn't, in normal mode it would shutdown windows perform the restore but upon restarting windows would inform me that it couldn't restore to this point and to pick another restore point, this happened on the multiple restore points I tried.
In Safe mode System restore wouldn't run giving the error message:

'system restore is not able to protect your computer, please restart your computer and run system restore again'

I then ran Combofix, since doing this I can't find any infected files when I run any scans but my system still seems to be infected, as none of the issues have been resolved including the tab opening in firefox.

Hope this made some sense, will post logs below.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6417

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/04/2011 03:07:53
mbam-log-2011-04-22 (03-07-53).txt

Scan type: Quick scan
Objects scanned: 153356
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-22 03:19:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500418AS rev.CC38
Running: wi5l7jcw.exe; Driver: C:\DOCUME~1\david1\LOCALS~1\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB80F887E]
SSDT sptd.sys ZwEnumerateKey [0xB7F0AFFE]
SSDT sptd.sys ZwEnumerateValueKey [0xB7F0B38C]
SSDT sptd.sys ZwOpenKey [0xB7ED6DA0]
SSDT sptd.sys ZwQueryKey [0xB7F0B464]
SSDT sptd.sys ZwQueryValueKey [0xB7F0B2E4]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB80F8BFE]

INT 0x62 ? 8A689CC8
INT 0x63 ? 8A40AF00
INT 0x63 ? 8A40AF00
INT 0x63 ? 8A40AF00
INT 0x73 ? 8A689CC8
INT 0x83 ? 8A40AF00
INT 0x83 ? 8A40AF00
INT 0x83 ? 8A40AF00
INT 0xA4 ? 8A40AF00
INT 0xB4 ? 8A40AF00

---- Kernel code sections - GMER 1.0.15 ----

.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F775B5]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB43913A0, 0x5FDFF2, 0xE8000020]
.text USBPORT.SYS!DllUnload B43718AC 5 Bytes JMP 8A40A410
PAGE acbw66f8.SYS B42BF800 15 Bytes [C6, 45, F4, 20, C6, 45, EC, ...]
PAGE acbw66f8.SYS B42BF810 7 Bytes [00, 85, D2, 0F, 84, DF, 03]
PAGE acbw66f8.SYS B42BF818 15 Bytes [00, 80, 7D, 0F, AD, 75, 0A, ...] {ADD [EAX+0x75ad0f7d], AL; OR AL, [EAX+0xfc0377b]; OR EDI, 0x3}
PAGE acbw66f8.SYS B42BF828 36 Bytes [00, 80, 7D, 0F, A3, 75, 0F, ...]
PAGE acbw66f8.SYS B42BF84D 176 Bytes [0F, 84, A5, 03, 00, 00, 8B, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D2000C
.text C:\WINDOWS\System32\svchost.exe[1072] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E4000A
.text C:\WINDOWS\system32\wuauclt.exe[1140] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 011A000A
.text C:\WINDOWS\system32\wuauclt.exe[1140] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 011B000A
.text C:\WINDOWS\system32\wuauclt.exe[1140] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0119000C
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0147000A
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0148000A
.text C:\WINDOWS\Explorer.EXE[1540] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0146000C
.text C:\WINDOWS\Explorer.EXE[1540] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\Explorer.EXE[1540] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\Explorer.EXE[1540] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\Explorer.EXE[1540] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\Explorer.EXE[1540] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\Explorer.EXE[1540] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1540] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\Explorer.EXE[1540] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\Explorer.EXE[1540] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\Explorer.EXE[1540] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 71]
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 71]
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [71, 71] {JNO 0x73}
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [77, 71] {JA 0x73}
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02B20001
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 717E0F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 717B0F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 71810F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71870F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 71840F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] USER32.dll!SendInput + 4 7E42F144 2 Bytes [8C, 71]
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 718A0F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71930F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71900F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 71990F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 71960F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 719C0F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 71A20F5A
.text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[2304] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 719F0F5A
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [81, 71]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [87, 71]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [84, 71]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [8A, 71]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 71940F5A
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 719A0F5A
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 71970F5A
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] USER32.dll!SendInput + 4 7E42F144 2 Bytes [9F, 71]
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 719D0F5A
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71A60F5A
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A30F5A
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71910F5A
.text C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe[2324] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 718E0F5A
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ADVAPI32.DLL!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] ADVAPI32.DLL!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe[2408] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B30001
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2424] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [84, 71]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [81, 71]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [87, 71]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 718E0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 718B0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 71910F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71970F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 71940F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] USER32.dll!SendInput + 4 7E42F144 2 Bytes [9C, 71]
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 719A0F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71A30F5A
.text C:\Program Files\Microsoft Security Client\msseces.exe[2500] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2624] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AA0001
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Documents and Settings\david1\Desktop\wi5l7jcw.exe[3712] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E9D57E] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E9D0CA] sptd.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E9DFEA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E9D0CA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E9D36C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E9D2AE] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E9E1C6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E9DFEA] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EB1FC6] sptd.sys
IAT \SystemRoot\System32\Drivers\acbw66f8.SYS[HAL.dll!KeGetCurrentIrql] 0C55FF56
IAT \SystemRoot\System32\Drivers\acbw66f8.SYS[HAL.dll!KfAcquireSpinLock] 75FF006A
IAT \SystemRoot\System32\Drivers\acbw66f8.SYS[HAL.dll!KfReleaseSpinLock] B0868DFC
IAT \SystemRoot\System32\Drivers\acbw66f8.SYS[HAL.dll!KfRaiseIrql] 5300000F
IAT \SystemRoot\System32\Drivers\acbw66f8.SYS[HAL.dll!KfLowerIrql] 55FF5650
IAT \SystemRoot\System32\Drivers\acbw66f8.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 83FC5D01

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6881F8
Device \Driver\usbohci \Device\USBPDO-0 8A4DA1F8
Device \Driver\usbohci \Device\USBPDO-1 8A4DA1F8
Device \Driver\usbohci \Device\USBPDO-2 8A4DA1F8
Device \Driver\usbehci \Device\USBPDO-3 8A3FC1F8
Device \Driver\usbohci \Device\USBPDO-4 8A4DA1F8
Device \Driver\usbohci \Device\USBPDO-5 8A4DA1F8
Device \Driver\PCI_PNP9478 \Device\00000049 sptd.sys
Device \Driver\PCI_PNP9478 \Device\00000049 sptd.sys
Device \Driver\usbehci \Device\USBPDO-6 8A3FC1F8
Device \Driver\Cdrom \Device\CdRom0 8A3E51F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB7 0x75 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0x53 0x2D 0xD5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x9B 0x91 0x74 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x9E 0xD0 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB7 0x75 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0x43 0x5D 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x9B 0x91 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x9E 0xD0 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB7 0x75 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0x43 0x5D 0x8E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x9B 0x91 0x74 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x9E 0xD0 0x65 ...

---- EOF - GMER 1.0.15 ----

 

Thank you for your fast response, here are the other logs.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0001001c

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0x8A560000 \WINDOWS\system32\KDCOM.DLL
0xB84BC000 \WINDOWS\system32\BOOTVID.dll
0xB7E9B000 sptd.sys
0xB85A8000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E83000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E55000 ACPI.sys
0xB7E44000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7E25000 ftdisk.sys
0xB85AA000 dmload.sys
0xB7DFF000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7DE7000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DC7000 fltMgr.sys
0xB7DB5000 sr.sys
0xB80F8000 Lbd.sys
0xB8338000 PxHelp20.sys
0xB7D9E000 KSecDD.sys
0xB7D8B000 WudfPf.sys
0xB7CFE000 Ntfs.sys
0xB7CD1000 NDIS.sys
0xB7CB7000 Mup.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xB4391000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB437D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB83A0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB4359000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB83A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB50FF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB50EF000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB4336000 \SystemRoot\system32\DRIVERS\ks.sys
0xB430E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB42FA000 \SystemRoot\system32\DRIVERS\parport.sys
0xB85D4000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB8308000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB83B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8318000 \SystemRoot\system32\DRIVERS\serial.sys
0xB7C67000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB42BD000 \SystemRoot\System32\Drivers\acbw66f8.SYS
0xB7C57000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB87F5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8248000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8574000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB3193000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83B8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB0BA9000 \SystemRoot\system32\DRIVERS\psched.sys
0xB513F000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8408000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8410000 \SystemRoot\system32\DRIVERS\raspti.sys
0xAFBEC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB35DC000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8418000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8632000 \SystemRoot\system32\DRIVERS\swenum.sys
0xAD1D8000 \SystemRoot\system32\DRIVERS\update.sys
0xB4D24000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xADB73000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xADB63000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85D6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAA311000 \SystemRoot\system32\drivers\viahduaa.sys
0xAA2ED000 \SystemRoot\system32\drivers\portcls.sys
0xADB53000 \SystemRoot\system32\drivers\drmk.sys
0xAA266000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xACB07000 \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
0xB85F2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87FE000 \SystemRoot\System32\Drivers\Null.SYS
0xB85F4000 \SystemRoot\System32\Drivers\Beep.SYS
0xACF0E000 \SystemRoot\System32\drivers\vga.sys
0xB85F6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85F8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xACF06000 \SystemRoot\System32\Drivers\Msfs.SYS
0xACEFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xACA5D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA233000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA1DA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA1B2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA18C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xACAF7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA16A000 \SystemRoot\System32\drivers\afd.sys
0xACAE7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA13F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA0CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xACEEE000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3102BABE-4BE2-4659-A8B7-21EFF689973D}\MpKsle8387d74.sys
0xACED6000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3102BABE-4BE2-4659-A8B7-21EFF689973D}\MpKsladccab55.sys
0xAC8C9000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3102BABE-4BE2-4659-A8B7-21EFF689973D}\MpKsl995fbab1.sys
0xACA45000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xACAC7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAC8B9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xACAA7000 \SystemRoot\System32\Drivers\Fips.SYS
0xB85FA000 \SystemRoot\system32\drivers\AsUpIO.sys
0xB8708000 \SystemRoot\system32\drivers\AsIO.sys
0xB85FC000 \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
0xAC8A9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xAC62C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB35CC000 \SystemRoot\system32\drivers\usbaudio.sys
0xB35BC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA0B7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8600000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAC620000 \SystemRoot\System32\drivers\Dxapi.sys
0xAC891000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86FE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD62D000 \SystemRoot\System32\ATMFD.DLL
0xA84C3000 \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
0xACDC3000 \SystemRoot\system32\DRIVERS\Sftvolxp.sys
0xA8437000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA82B6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB85B4000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA835B000 \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys
0xA8229000 \SystemRoot\system32\drivers\wdmaud.sys
0xB8178000 \SystemRoot\system32\drivers\sysaudio.sys
0xA803B000 \SystemRoot\system32\DRIVERS\Sftfsxp.sys
0xA7F43000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7E20000 \SystemRoot\system32\DRIVERS\Sftplayxp.sys
0xA7E5F000 \SystemRoot\system32\DRIVERS\Sftredirxp.sys
0xA79A7000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8460000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3102BABE-4BE2-4659-A8B7-21EFF689973D}\MpKslec12f4a4.sys
0xA757B000 \??\C:\DOCUME~1\david1\LOCALS~1\Temp\pxtdapod.sys
0xA7550000 \SystemRoot\system32\drivers\kmixer.sys
0xA74BD000 \SystemRoot\system32\DRIVERS\arusb.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Pro\Engine.dll

Processes (total 35):
0 System Idle Process
4 System
436 C:\WINDOWS\system32\smss.exe
492 csrss.exe
516 C:\WINDOWS\system32\winlogon.exe
564 C:\WINDOWS\system32\services.exe
584 C:\WINDOWS\system32\lsass.exe
764 C:\Program Files\Emsisoft Anti-Malware\a2service.exe
860 C:\WINDOWS\system32\nvsvc32.exe
920 C:\WINDOWS\system32\svchost.exe
992 svchost.exe
1036 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1072 C:\WINDOWS\system32\svchost.exe
1152 C:\WINDOWS\system32\svchost.exe
1240 svchost.exe
1308 svchost.exe
1528 C:\WINDOWS\system32\spoolsv.exe
1540 C:\WINDOWS\explorer.exe
1636 svchost.exe
1700 C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
1816 C:\Program Files\Java\jre6\bin\jqs.exe
480 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
1048 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
1140 C:\WINDOWS\system32\wuauclt.exe
2252 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
2304 C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
2408 C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
2424 C:\WINDOWS\system32\rundll32.exe
2500 C:\Program Files\Microsoft Security Client\msseces.exe
2624 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2944 alg.exe
900 wmiprvse.exe
2312 C:\Program Files\Mozilla Firefox\firefox.exe
3548 C:\Program Files\Mozilla Firefox\plugin-container.exe
1212 C:\Documents and Settings\david1\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC38

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by david1 at 3:33:45.92 on 22/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1469 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
.
============== Running Processes ===============
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Documents and Settings\david1\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Cpu Level Up help] "c:\program files\asus\ai suite\CpuLevelUpHelp.exe "
mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -b
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {551012F8-F810-4CD5-B18E-794A2C429E70} = 8.8.8.8,8.8.8.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\david1\applic~1\mozilla\firefox\profiles\6f0app4b.default\
FF - prefs.js: browser.startup.homepage - www.wowhead.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500418AS rev.CC38 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A5E94F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5ef7d0]; MOV EAX, [0x8a5ef84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A626AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006f[0x8A6303B8]
5 ACPI[0xB7E5B620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A649D98]
\Driver\atapi[0x8A6459E8] -> IRP_MJ_CREATE -> 0x8A5E94F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5E933B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 3:35:40.60 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 09/12/2010 22:11:03
System Uptime: 22/04/2011 03:32:00 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A78LT-M
Processor: AMD Phenom(tm) II X4 B60 Processor | AM3 | 3314/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 263.064 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_83A31043&REV_03\4&37FD4B11&0&0050
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_83A31043&REV_03\4&37FD4B11&0&0050
Service: RTLE8023xp
.
==== System Restore Points ===================
.
RP67: 20/01/2011 14:51:03 - System Checkpoint
RP68: 21/01/2011 13:25:14 - Installed DirectX
RP69: 21/01/2011 13:25:25 - Installed DirectX
RP70: 21/01/2011 13:26:24 - Installed DirectX
RP71: 21/01/2011 13:27:03 - Installed DirectX
RP72: 22/01/2011 14:15:12 - System Checkpoint
RP73: 24/01/2011 17:51:35 - System Checkpoint
RP74: 25/01/2011 22:11:05 - System Checkpoint
RP75: 27/01/2011 01:26:04 - System Checkpoint
RP76: 28/01/2011 19:45:44 - System Checkpoint
RP77: 30/01/2011 11:01:19 - System Checkpoint
RP78: 01/02/2011 09:10:05 - System Checkpoint
RP79: 01/02/2011 12:53:45 - Installed Java(TM) 6 Update 22
RP80: 01/02/2011 12:54:05 - Installed OpenOffice.org 3.3
RP81: 01/02/2011 17:58:51 - Installed Microsoft Office Professional 2010 Trial
RP82: 01/02/2011 18:02:37 - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
RP83: 01/02/2011 23:53:29 - Software Distribution Service 3.0
RP84: 02/02/2011 19:02:34 - Installed Java(TM) 6 Update 23
RP85: 03/02/2011 11:31:24 - Installed DirectX
RP86: 04/02/2011 12:28:01 - System Checkpoint
RP87: 05/02/2011 16:29:50 - System Checkpoint
RP88: 07/02/2011 09:01:45 - System Checkpoint
RP89: 08/02/2011 12:31:03 - System Checkpoint
RP90: 09/02/2011 13:08:19 - System Checkpoint
RP91: 10/02/2011 03:00:15 - Software Distribution Service 3.0
RP92: 10/02/2011 12:57:32 - Installed J2SE Development Kit 5.0 Update 22
RP93: 10/02/2011 13:02:52 - Installed J2SE Runtime Environment 5.0 Update 22
RP94: 11/02/2011 13:52:40 - System Checkpoint
RP95: 11/02/2011 18:14:22 - Installed Tom Clancy's Rainbow Six Vegas
RP96: 11/02/2011 19:09:19 - Installed DirectX
RP97: 12/02/2011 21:46:46 - System Checkpoint
RP98: 13/02/2011 23:18:11 - System Checkpoint
RP99: 14/02/2011 23:58:12 - System Checkpoint
RP100: 15/02/2011 10:56:30 - Installed DirectX
RP101: 16/02/2011 10:58:09 - System Checkpoint
RP102: 16/02/2011 14:33:52 - Installed DirectX
RP103: 17/02/2011 03:10:32 - Installed DirectX
RP104: 17/02/2011 03:11:51 - Installed DirectX
RP105: 17/02/2011 03:12:27 - Installed Fallout 3
RP106: 18/02/2011 12:39:34 - System Checkpoint
RP107: 19/02/2011 12:50:04 - System Checkpoint
RP108: 20/02/2011 13:36:25 - System Checkpoint
RP109: 21/02/2011 15:15:06 - System Checkpoint
RP110: 22/02/2011 19:07:21 - System Checkpoint
RP111: 23/02/2011 19:09:28 - System Checkpoint
RP112: 23/02/2011 22:20:43 - Installed DirectX
RP113: 25/02/2011 17:26:01 - System Checkpoint
RP114: 27/02/2011 11:04:19 - System Checkpoint
RP115: 28/02/2011 12:24:35 - System Checkpoint
RP116: 01/03/2011 13:20:43 - System Checkpoint
RP117: 02/03/2011 14:04:30 - System Checkpoint
RP118: 02/03/2011 21:35:14 - Software Distribution Service 3.0
RP119: 02/03/2011 21:37:10 - Software Distribution Service 3.0
RP120: 02/03/2011 21:42:22 - Software Distribution Service 3.0
RP121: 02/03/2011 22:02:11 - Software Distribution Service 3.0
RP122: 03/03/2011 00:53:10 - Update to an unsigned driver
RP123: 03/03/2011 01:00:48 - Update to an unsigned driver
RP124: 03/03/2011 01:35:04 - Restore Operation
RP125: 03/03/2011 01:50:59 - Restore Operation
RP126: 03/03/2011 02:33:22 - Removed NVIDIA PhysX
RP127: 03/03/2011 02:39:37 - Update to an unsigned driver
RP128: 04/03/2011 22:07:37 - System Checkpoint
RP129: 05/03/2011 13:27:03 - Installed DirectX
RP130: 06/03/2011 13:47:38 - System Checkpoint
RP131: 06/03/2011 19:51:05 - Installed DirectX
RP132: 07/03/2011 23:12:49 - System Checkpoint
RP133: 08/03/2011 01:42:15 - Installed Fallout 3 - The Garden of Eden Creation Kit
RP134: 08/03/2011 17:03:30 - Removed Fallout 3 - The Garden of Eden Creation Kit
RP135: 08/03/2011 17:04:32 - Installed Fallout 3 - The Garden of Eden Creation Kit
RP136: 08/03/2011 17:07:47 - Removed Fallout 3 - The Garden of Eden Creation Kit
RP137: 08/03/2011 21:06:41 - Removed Medal of Honor (TM)
RP138: 09/03/2011 12:54:02 - Software Distribution Service 3.0
RP139: 10/03/2011 13:39:44 - System Checkpoint
RP140: 11/03/2011 14:26:47 - System Checkpoint
RP141: 12/03/2011 15:40:30 - System Checkpoint
RP142: 14/03/2011 13:59:54 - System Checkpoint
RP143: 15/03/2011 14:34:50 - System Checkpoint
RP144: 16/03/2011 03:40:40 - Software Distribution Service 3.0
RP145: 17/03/2011 09:13:31 - System Checkpoint
RP146: 18/03/2011 21:08:55 - System Checkpoint
RP147: 19/03/2011 21:48:44 - System Checkpoint
RP148: 21/03/2011 08:19:44 - System Checkpoint
RP149: 23/03/2011 09:11:35 - System Checkpoint
RP150: 23/03/2011 20:57:32 - Software Distribution Service 3.0
RP151: 25/03/2011 13:33:10 - System Checkpoint
RP152: 26/03/2011 13:35:52 - System Checkpoint
RP153: 28/03/2011 17:33:38 - System Checkpoint
RP154: 29/03/2011 19:24:00 - System Checkpoint
RP155: 31/03/2011 10:19:40 - System Checkpoint
RP156: 01/04/2011 13:19:15 - System Checkpoint
RP157: 02/04/2011 22:30:11 - System Checkpoint
RP158: 03/04/2011 22:38:05 - System Checkpoint
RP159: 05/04/2011 14:01:05 - System Checkpoint
RP160: 06/04/2011 14:14:01 - System Checkpoint
RP161: 07/04/2011 14:16:49 - System Checkpoint
RP162: 08/04/2011 15:43:44 - Restore Operation
RP163: 08/04/2011 19:17:25 - Removed Tiny Desktop Firewall 2005
RP164: 09/04/2011 01:02:39 - Installed RssReader
RP165: 10/04/2011 08:44:41 - System Checkpoint
RP166: 11/04/2011 18:26:37 - System Checkpoint
RP167: 13/04/2011 09:27:52 - System Checkpoint
RP168: 14/04/2011 03:00:17 - Software Distribution Service 3.0
RP169: 14/04/2011 13:31:38 - Software Distribution Service 3.0
RP170: 15/04/2011 19:43:26 - System Checkpoint
RP171: 17/04/2011 11:10:06 - System Checkpoint
RP172: 18/04/2011 13:42:13 - System Checkpoint
RP173: 18/04/2011 22:47:36 - Removed RssReader
RP174: 19/04/2011 18:20:18 - avast! Free Antivirus Setup
RP175: 19/04/2011 18:55:11 - Removed AVG 2011
RP176: 19/04/2011 18:54:39 - avast! Free Antivirus Setup
RP177: 19/04/2011 19:06:27 - Removed AVG 2011
RP178: 19/04/2011 19:07:08 - Removed AVG 2011
RP179: 19/04/2011 22:08:55 - Restore Operation
RP180: 19/04/2011 22:12:41 - Restore Operation
RP181: 20/04/2011 02:58:24 - Restore Operation
RP182: 20/04/2011 03:53:26 - avast! Free Antivirus Setup
RP183: 20/04/2011 03:55:28 - Removed GameSpy Comrade.
RP184: 20/04/2011 03:56:11 - Removed Hitman Blood Money
RP185: 20/04/2011 03:57:17 - Removed PC Probe II
RP186: 20/04/2011 03:58:41 - Removed Skype Toolbars
RP187: 22/04/2011 02:14:09 - Removed Java(TM) 6 Update 23
RP188: 22/04/2011 02:34:01 - Restore Operation
.
==== Installed Programs ======================
.
.
==== Event Viewer Messages From Past Week ========
.
.
==== End Of File ===========================

 

says mod needs to verify my post that includes the dds and attach log.

 

ComboFix 11-04-21.06 - david1 22/04/2011 19:17:45.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1495 [GMT 1:00]
Running from: c:\documents and settings\david1\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
.
((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
.
.
2011-04-22 18:10 . 2011-04-22 18:10 -------- d-----w- C:\32788R22FWJFW
2011-04-22 18:06 . 2011-04-22 18:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2011-04-22 18:04 . 2011-04-22 18:04 106496 --sha-r- c:\windows\system32\cscripts.dll
2011-04-22 17:51 . 2011-04-22 17:51 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3102BABE-4BE2-4659-A8B7-21EFF689973D}\MpKsl2405c022.sys
2011-04-22 01:32 . 2011-04-22 01:32 -------- d-----w- C:\Inetpub
2011-04-22 01:23 . 2008-04-14 11:00 8192 ----a-w- c:\windows\system32\staxmem.dll
2011-04-22 01:14 . 2011-04-22 01:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-22 01:09 . 2011-04-22 01:09 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3102BABE-4BE2-4659-A8B7-21EFF689973D}\MpKsl51774c29.sys
2011-04-22 00:36 . 2011-04-22 01:32 -------- d-----w- c:\program files\CleanUp!
2011-04-21 13:12 . 2011-04-22 17:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2011-04-20 03:12 . 2011-04-18 08:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3102BABE-4BE2-4659-A8B7-21EFF689973D}\mpengine.dll
2011-04-20 03:12 . 2011-02-02 17:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-20 03:02 . 2011-04-20 03:02 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-20 01:52 . 2011-04-20 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-04-19 17:47 . 2011-04-19 17:47 -------- d-----w- c:\documents and settings\david1\Application Data\Malwarebytes
2011-04-19 17:47 . 2011-04-19 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-19 17:47 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-19 17:47 . 2011-04-20 01:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-19 17:47 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-19 17:20 . 2011-04-20 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-19 17:20 . 2011-04-19 17:20 -------- d-----w- c:\program files\AVAST Software
2011-04-19 16:55 . 2011-04-19 16:55 -------- d-----w- c:\documents and settings\david1\Application Data\thecleaner
2011-04-19 16:41 . 2011-04-20 02:56 -------- d-----w- c:\program files\Panda Security
2011-04-19 03:20 . 2011-04-19 03:20 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-19 03:20 . 2011-04-19 03:20 -------- d-----w- c:\documents and settings\david1\Local Settings\Application Data\Sunbelt Software
2011-04-19 03:19 . 2011-04-22 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-18 20:50 . 2011-04-18 20:50 0 ----a-w- c:\windows\Tzidog.bin
2011-04-09 00:02 . 2011-04-18 21:47 -------- d-----w- c:\program files\RssReader
2011-04-08 18:29 . 2011-04-20 03:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-08 18:29 . 2011-04-20 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-08 14:45 . 2011-04-08 14:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-30 09:12 . 2011-03-30 10:12 -------- d-----w- C:\Mp3 Output
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 01:14 . 2011-02-01 12:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:31 . 2010-12-09 21:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:35 . 2010-06-09 05:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27 . 2010-06-09 05:42 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 08:27 . 2011-03-03 02:56 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-23 08:27 . 2011-03-03 02:56 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 08:27 . 2011-03-03 02:56 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 08:27 . 2011-03-03 02:55 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-23 08:27 . 2011-03-03 02:55 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 08:27 . 2011-03-03 02:55 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 08:27 . 2011-03-03 02:39 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 08:27 . 2010-12-10 05:58 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 08:27 . 2010-12-10 05:58 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 08:27 . 2010-12-10 05:58 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 08:27 . 2010-12-10 05:58 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 01:33 . 2011-02-23 01:33 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-02-23 01:33 . 2011-02-23 01:33 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-02-23 01:33 . 2011-02-23 01:33 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-02-23 01:33 . 2011-02-23 01:33 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-02-23 01:33 . 2011-02-23 01:33 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-02-23 01:33 . 2011-02-23 01:33 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-02-23 01:33 . 2011-02-23 01:33 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-02-23 01:33 . 2011-02-23 01:33 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-02-23 01:33 . 2011-02-23 01:33 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-02-23 01:33 . 2011-02-23 01:33 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-02-23 01:33 . 2011-02-23 01:33 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-02-23 01:33 . 2011-02-23 01:33 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-02-23 01:33 . 2011-02-23 01:33 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-02-23 01:33 . 2011-02-23 01:33 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-02-23 01:33 . 2011-02-23 01:33 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-02-23 01:33 . 2011-02-23 01:33 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-02-23 01:33 . 2011-02-23 01:33 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-02-23 01:33 . 2011-02-23 01:33 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-02-23 01:33 . 2011-02-23 01:33 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-02-23 01:33 . 2011-02-23 01:33 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-02-23 01:33 . 2011-02-23 01:33 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-02-23 01:33 . 2011-02-23 01:33 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-02-23 01:33 . 2011-02-23 01:33 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-02-23 01:33 . 2011-02-23 01:33 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-02-23 01:33 . 2011-02-23 01:33 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-02-23 01:33 . 2011-02-23 01:33 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-02-23 01:33 . 2011-02-23 01:33 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-02-22 23:27 . 2010-06-09 05:41 919552 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:27 . 2010-06-09 05:41 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:27 . 2010-06-09 05:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-18 12:08 . 2010-06-09 05:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:19 . 2010-06-09 05:42 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 13:18 . 2008-04-14 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 12:32 . 2010-12-10 03:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 03:06 . 2011-01-03 01:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-15 12:56 . 2008-04-14 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
------- Sigcheck -------
.
[-] 2010-06-09 . 8D8F2E6C15CBC6F8F1BD114EF6329EE6 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-04-20_01.46.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-22 17:51 . 2011-04-22 17:51 16384 c:\windows\Temp\Perflib_Perfdata_dc.dat
+ 2008-04-14 11:00 . 2011-04-22 18:13 88098 c:\windows\system32\perfc009.dat
- 2008-04-14 11:00 . 2011-04-20 01:14 88098 c:\windows\system32\perfc009.dat
+ 2011-04-22 01:24 . 2008-04-14 11:00 25088 c:\windows\system32\inetsrv\iisadmin.dll
+ 2011-04-22 01:23 . 2008-04-14 11:00 29696 c:\windows\system32\inetsrv\admexs.dll
- 2010-12-09 22:10 . 2011-04-18 21:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-22 01:09 . 2011-04-22 01:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-22 01:09 . 2011-04-22 01:09 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-22 01:09 . 2011-04-22 01:09 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-04-22 01:09 . 2011-04-22 01:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-12-09 22:10 . 2011-04-18 21:03 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-03-03 01:35 . 2011-04-22 01:32 902052 c:\windows\system32\Restore\rstrlog.dat
- 2008-04-14 11:00 . 2011-04-20 01:14 504598 c:\windows\system32\perfh009.dat
+ 2008-04-14 11:00 . 2011-04-22 18:13 504598 c:\windows\system32\perfh009.dat
+ 2011-04-22 00:37 . 2011-04-22 00:37 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
+ 2011-04-22 00:37 . 2011-04-22 00:37 311456 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
+ 2011-02-10 13:03 . 2011-04-22 01:14 157472 c:\windows\system32\javaws.exe
- 2011-02-10 13:03 . 2010-11-12 18:53 157472 c:\windows\system32\javaws.exe
+ 2011-02-10 13:03 . 2011-04-22 01:14 145184 c:\windows\system32\javaw.exe
- 2011-02-10 13:03 . 2010-11-12 18:53 145184 c:\windows\system32\javaw.exe
- 2011-02-10 13:03 . 2010-11-12 18:53 145184 c:\windows\system32\java.exe
+ 2011-02-10 13:03 . 2011-04-22 01:14 145184 c:\windows\system32\java.exe
+ 2011-04-22 01:24 . 2008-04-14 11:00 108544 c:\windows\system32\inetsrv\AppConf.dll
+ 2010-12-10 03:40 . 2011-04-20 03:01 293272 c:\windows\system32\FNTCACHE.DAT
+ 2010-10-24 20:25 . 2010-10-24 20:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2011-04-22 01:15 . 2011-04-22 01:15 180224 c:\windows\Installer\4c444.msi
+ 2011-04-22 01:14 . 2011-04-22 01:14 677376 c:\windows\Installer\4c434.msi
+ 2011-04-20 03:02 . 2011-04-20 03:02 786432 c:\windows\Installer\1bc59.msi
+ 2011-04-20 03:02 . 2011-04-20 03:02 479744 c:\windows\Installer\1bc52.msi
+ 2011-04-20 03:02 . 2011-04-20 03:02 301056 c:\windows\Installer\1bc4c.msi
- 2010-12-09 22:06 . 2011-04-14 02:01 39828936 c:\windows\system32\MRT.exe
+ 2010-12-09 22:06 . 2011-04-07 12:52 39828936 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 22:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck "= "c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-01-18 33714176]
"Cpu Level Up help "= "c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2009-12-28 887936]
"ASUS Update Checker "= "c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472]
"Six Engine "= "c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2011-02-23 111208]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2011-02-23 13880424]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3 "= "advpack.dll" [2010-06-09 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent "= "c:\program files\DAEMON Tools Pro\DTAgent.exe" -autorun
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\World of Warcraft\\Launcher.exe "=
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\plants vs zombies\\PlantsVsZombies.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\crysis warhead\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Spotify\\spotify.exe "=
"c:\\Program Files\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE "=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\lego star wars saga\\LEGOStarWarsSaga.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe "=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\crysis 2 - demo\\Bin32\\Crysis2Demo.exe "=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe "=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\fallout new vegas\\FalloutNVLauncher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\dragon age ii demo\\DragonAge2Launcher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\dragon age ii demo\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm "=
"c:\\Documents and Settings\\david1\\Local Settings\\Apps\\2.0\\XY6W7L0G.YRK\\LGQYX26Z.TL4\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe "=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/12/2010 10:22 420920]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [11/12/2010 15:41 11448]
R1 MpKsl2405c022;MpKsl2405c022;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3102BABE-4BE2-4659-A8B7-21EFF689973D}\MpKsl2405c022.sys [22/04/2011 18:51 28752]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [11/12/2010 15:41 96896]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [14/12/2010 14:36 20328]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 03:33 821664]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 02:10 483688]
R3 arusb(TP-LINK);Wireless Network Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [26/12/2010 10:54 598528]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 23:23 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 23:23 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 23:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 23:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 02:10 209768]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [09/12/2010 23:28 2106880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL2405C022
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-04-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 22:44]
.
2011-04-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-12-10 22:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: {551012F8-F810-4CD5-B18E-794A2C429E70} = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\documents and settings\david1\Application Data\Mozilla\Firefox\Profiles\6f0app4b.default\
FF - prefs.js: browser.startup.homepage - www.wowhead.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RADVideo - c:\program files\RADVideo\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-22 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500418AS rev.CC38 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A61333B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-1177238915-2147140409-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:41,ad,b1,98,d9,4f,04,ce,31,6c,77,e8,bd,c9,21,6c,2e,5d,2f,a3,03,1b,0e,
a2,44,be,15,29,46,51,bf,17,0e,86,8f,bc,73,b9,0e,a6,24,a7,3f,27,e7,53,fd,21,\
"?? "=hex:01,26,99,cb,08,82,6e,cd,bc,80,71,14,36,5c,39,e7
.
[HKEY_USERS\S-1-5-21-1801674531-1177238915-2147140409-1004\Software\SecuROM\License information*]
"datasecu "=hex:b5,9f,46,68,14,86,17,83,64,d3,61,9f,f9,8b,cd,74,de,ed,85,5e,2a,
65,32,5b,2e,b3,fc,8f,0b,50,b9,39,85,8d,f0,39,ad,13,35,e3,25,fd,8d,6b,00,e9,\
"rkeysecu "=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\WININET.dll
.
Completion time: 2011-04-22 19:25:46
ComboFix-quarantined-files.txt 2011-04-22 18:25
ComboFix2.txt 2011-04-20 02:18
ComboFix3.txt 2011-04-20 01:49
.
Pre-Run: 296,641,867,776 bytes free
Post-Run: 296,715,558,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - E9F94FC258E997D9CC1475BCFDD2E03D

 

it brigns up a progress bar, says initialising, but at 80% (always 80%) i get an error message:

'TDSS rootkit removing tool has encountered a problem and needs to close. We are sorry for the inconvenience.'

 

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-23 00:16:35
-----------------------------
00:16:35.031 OS Version: Windows 5.1.2600 Service Pack 3
00:16:35.031 Number of processors: 4 586 0x403
00:16:35.031 ComputerName: DAVID UserName:
00:16:40.546 Initialize success
00:16:46.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:16:46.453 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
00:16:46.453 Device \Driver\atapi -> DriverStartIo 8a60f33b
00:16:46.453 Disk 0 MBR read error
00:16:46.453 Disk 0 MBR scan
00:16:46.453 MBR BIOS signature not found 0
00:16:46.453 Disk 0 scanning sectors +976752000
00:16:46.453 Disk 0 scanning C:\WINDOWS\system32\drivers
00:16:50.218 Service scanning
00:16:51.312 Disk 0 trace - called modules:
00:16:51.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89e40878]<<
00:16:51.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a63aab8]
00:16:51.312 Scan finished successfully

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0001001c

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7E9B000 sptd.sys
0xB85AA000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xB7E83000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB7E55000 ACPI.sys
0xB7E44000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7E25000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7DFF000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7DE7000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7DC7000 fltMgr.sys
0xB7DB5000 sr.sys
0xB8338000 PxHelp20.sys
0xB7D9E000 KSecDD.sys
0xB7D8B000 WudfPf.sys
0xB7CFE000 Ntfs.sys
0xB7CD1000 NDIS.sys
0xB7CB7000 Mup.sys
0xB8278000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xB4D85000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB4D71000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8420000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB4D4D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8428000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8288000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8298000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB4D2A000 \SystemRoot\system32\DRIVERS\ks.sys
0xB4D02000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB4CEE000 \SystemRoot\system32\DRIVERS\parport.sys
0xB85CC000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB82A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB82B8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB859C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB4CB1000 \SystemRoot\System32\Drivers\a4cei3mh.SYS
0xB7C8F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB876C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB82C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7C8B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB445A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB84A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB4449000 \SystemRoot\system32\DRIVERS\psched.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB84A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB84B0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB3759000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB8308000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8358000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85D0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB36FB000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C6F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8318000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8138000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85D6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB1308000 \SystemRoot\system32\drivers\viahduaa.sys
0xB12E4000 \SystemRoot\system32\drivers\portcls.sys
0xB8148000 \SystemRoot\system32\drivers\drmk.sys
0xB1235000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xB85DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86BB000 \SystemRoot\System32\Drivers\Null.SYS
0xB85DE000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83A0000 \SystemRoot\System32\drivers\vga.sys
0xB85E0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB83A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB83B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8594000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1202000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB11A9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1181000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB115B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8158000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB1139000 \SystemRoot\System32\drivers\afd.sys
0xB8168000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB110E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB109E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8198000 \SystemRoot\System32\Drivers\Fips.SYS
0xB85E4000 \SystemRoot\system32\drivers\AsUpIO.sys
0xB86DF000 \SystemRoot\system32\drivers\AsIO.sys
0xB36E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB83B8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB81C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB0FE3000 \SystemRoot\system32\DRIVERS\arusb.sys
0xB83C0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB36DF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB81D8000 \SystemRoot\system32\drivers\usbaudio.sys
0xB0FCB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85E6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB15BF000 \SystemRoot\System32\drivers\Dxapi.sys
0xB83C8000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8713000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD62D000 \SystemRoot\System32\ATMFD.DLL
0xB0470000 \SystemRoot\system32\DRIVERS\Sftvolxp.sys
0xB03E8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB009B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB8620000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB01AC000 \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys
0xAFF96000 \SystemRoot\system32\drivers\wdmaud.sys
0xB0110000 \SystemRoot\system32\drivers\sysaudio.sys
0xAFEE8000 \SystemRoot\system32\DRIVERS\Sftfsxp.sys
0xAFE68000 \SystemRoot\system32\DRIVERS\srv.sys
0xAFCAA000 \SystemRoot\system32\DRIVERS\Sftplayxp.sys
0xAFCA6000 \SystemRoot\system32\DRIVERS\Sftredirxp.sys
0xAF6C4000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8390000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65191DD8-7D5F-4446-AD1D-B7BE324B5C01}\MpKsl7283f3c0.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Pro\Engine.dll

Processes (total 31):
0 System Idle Process
4 System
440 C:\WINDOWS\system32\smss.exe
668 csrss.exe
692 C:\WINDOWS\system32\winlogon.exe
736 C:\WINDOWS\system32\services.exe
748 C:\WINDOWS\system32\lsass.exe
912 C:\WINDOWS\system32\nvsvc32.exe
936 C:\WINDOWS\system32\svchost.exe
1024 svchost.exe
1084 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1136 C:\WINDOWS\system32\svchost.exe
1180 C:\WINDOWS\system32\svchost.exe
1252 svchost.exe
1308 svchost.exe
1628 C:\WINDOWS\system32\spoolsv.exe
1696 svchost.exe
1728 C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
1800 C:\Program Files\Java\jre6\bin\jqs.exe
516 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
628 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
652 C:\WINDOWS\system32\wuauclt.exe
872 C:\WINDOWS\explorer.exe
1772 C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
2052 C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
2076 C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
2088 C:\WINDOWS\system32\rundll32.exe
2224 C:\Program Files\Microsoft Security Client\msseces.exe
2232 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2900 alg.exe
3704 C:\Documents and Settings\david1\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC38

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

2011/04/23 17:32:26.0328 3860 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/23 17:32:26.0437 3860 ================================================================================
2011/04/23 17:32:26.0437 3860 SystemInfo:
2011/04/23 17:32:26.0437 3860
2011/04/23 17:32:26.0437 3860 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/23 17:32:26.0437 3860 Product type: Workstation
2011/04/23 17:32:26.0437 3860 ComputerName: DAVID
2011/04/23 17:32:26.0437 3860 UserName: david1
2011/04/23 17:32:26.0437 3860 Windows directory: C:\WINDOWS
2011/04/23 17:32:26.0437 3860 System windows directory: C:\WINDOWS
2011/04/23 17:32:26.0437 3860 Processor architecture: Intel x86
2011/04/23 17:32:26.0437 3860 Number of processors: 4
2011/04/23 17:32:26.0437 3860 Page size: 0x1000
2011/04/23 17:32:26.0437 3860 Boot type: Normal boot
2011/04/23 17:32:26.0437 3860 ================================================================================
2011/04/23 17:32:27.0046 3860 Initialize success
2011/04/23 17:32:30.0421 4008 ================================================================================
2011/04/23 17:32:30.0421 4008 Scan started
2011/04/23 17:32:30.0421 4008 Mode: Manual;
2011/04/23 17:32:30.0421 4008 ================================================================================
2011/04/23 17:32:31.0125 4008 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/23 17:32:31.0171 4008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/23 17:32:31.0234 4008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/23 17:32:31.0281 4008 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/23 17:32:31.0343 4008 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/04/23 17:32:31.0390 4008 arusb(TP-LINK) (a947ff19567c674c6f99369e3f1212bb) C:\WINDOWS\system32\DRIVERS\arusb.sys
2011/04/23 17:32:31.0437 4008 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys
2011/04/23 17:32:31.0453 4008 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
2011/04/23 17:32:31.0484 4008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/23 17:32:31.0500 4008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/23 17:32:31.0515 4008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/23 17:32:31.0562 4008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/23 17:32:31.0578 4008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/23 17:32:31.0703 4008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/23 17:32:31.0718 4008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/23 17:32:31.0734 4008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/23 17:32:31.0750 4008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/23 17:32:31.0812 4008 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2011/04/23 17:32:31.0843 4008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/23 17:32:31.0875 4008 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/23 17:32:31.0890 4008 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/23 17:32:31.0906 4008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/23 17:32:31.0921 4008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/23 17:32:31.0937 4008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/23 17:32:31.0953 4008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/23 17:32:31.0968 4008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/23 17:32:31.0984 4008 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/23 17:32:32.0000 4008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/23 17:32:32.0015 4008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/23 17:32:32.0046 4008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/23 17:32:32.0062 4008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/23 17:32:32.0109 4008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/23 17:32:32.0125 4008 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/23 17:32:32.0140 4008 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/23 17:32:32.0187 4008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/23 17:32:32.0218 4008 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/23 17:32:32.0234 4008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/23 17:32:32.0265 4008 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/23 17:32:32.0281 4008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/23 17:32:32.0281 4008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/23 17:32:32.0296 4008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/23 17:32:32.0312 4008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/23 17:32:32.0359 4008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/23 17:32:32.0359 4008 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/23 17:32:32.0375 4008 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/23 17:32:32.0390 4008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/23 17:32:32.0437 4008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/23 17:32:32.0468 4008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/23 17:32:32.0531 4008 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/23 17:32:32.0703 4008 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/23 17:32:32.0781 4008 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/23 17:32:32.0796 4008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/23 17:32:32.0859 4008 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/23 17:32:32.0937 4008 MpKsle03e52df (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65191DD8-7D5F-4446-AD1D-B7BE324B5C01}\MpKsle03e52df.sys
2011/04/23 17:32:32.0953 4008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/23 17:32:33.0000 4008 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/23 17:32:33.0015 4008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/23 17:32:33.0031 4008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/23 17:32:33.0031 4008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/23 17:32:33.0046 4008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/23 17:32:33.0062 4008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/23 17:32:33.0109 4008 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/04/23 17:32:33.0109 4008 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/23 17:32:33.0125 4008 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/23 17:32:33.0140 4008 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/23 17:32:33.0156 4008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/23 17:32:33.0171 4008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/23 17:32:33.0218 4008 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/23 17:32:33.0234 4008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/23 17:32:33.0250 4008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/23 17:32:33.0265 4008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/23 17:32:33.0281 4008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/23 17:32:33.0328 4008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/23 17:32:33.0500 4008 nv (5e640f37801f2d4152d11595218915cd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/23 17:32:34.0187 4008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/23 17:32:34.0203 4008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/23 17:32:34.0218 4008 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/23 17:32:34.0250 4008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/23 17:32:34.0281 4008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/23 17:32:34.0312 4008 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/23 17:32:34.0328 4008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/23 17:32:34.0343 4008 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/23 17:32:34.0468 4008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/23 17:32:34.0484 4008 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/23 17:32:34.0515 4008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/23 17:32:34.0531 4008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/23 17:32:34.0562 4008 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/23 17:32:34.0609 4008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/23 17:32:34.0625 4008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/23 17:32:34.0640 4008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/23 17:32:34.0640 4008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/23 17:32:34.0656 4008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/23 17:32:34.0687 4008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/23 17:32:34.0718 4008 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/23 17:32:34.0750 4008 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/23 17:32:34.0781 4008 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/23 17:32:34.0828 4008 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/04/23 17:32:34.0859 4008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/23 17:32:34.0890 4008 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/23 17:32:34.0906 4008 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/23 17:32:34.0921 4008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/23 17:32:34.0968 4008 Sftfs (14cb193ecd4e71a32446790f9ecf39dd) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
2011/04/23 17:32:34.0984 4008 Sftplay (1f05637831caf19b069aaf361d720bb9) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
2011/04/23 17:32:35.0000 4008 Sftredir (423628f17862593d7d43e02187f4c1b5) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
2011/04/23 17:32:35.0031 4008 Sftvol (258ab73a01fa1b8d1a2a053c6bba5544) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
2011/04/23 17:32:35.0078 4008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/23 17:32:35.0140 4008 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/23 17:32:35.0140 4008 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2
2011/04/23 17:32:35.0140 4008 sptd - detected Locked file (1)
2011/04/23 17:32:35.0156 4008 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/23 17:32:35.0187 4008 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/23 17:32:35.0234 4008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/23 17:32:35.0250 4008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/23 17:32:35.0296 4008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/23 17:32:35.0359 4008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/23 17:32:35.0390 4008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/23 17:32:35.0406 4008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/23 17:32:35.0406 4008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/23 17:32:35.0453 4008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/23 17:32:35.0515 4008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/23 17:32:35.0562 4008 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/23 17:32:35.0578 4008 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/23 17:32:35.0593 4008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/23 17:32:35.0593 4008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/23 17:32:35.0609 4008 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/23 17:32:35.0640 4008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/23 17:32:35.0671 4008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/23 17:32:35.0734 4008 VIAHdAudAddService (80952920d6fdd8d65d37f488de340b5d) C:\WINDOWS\system32\drivers\viahduaa.sys
2011/04/23 17:32:35.0796 4008 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/23 17:32:35.0812 4008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/23 17:32:35.0828 4008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/23 17:32:35.0859 4008 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/23 17:32:35.0906 4008 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/23 17:32:35.0953 4008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/23 17:32:35.0968 4008 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/23 17:32:36.0093 4008 ================================================================================
2011/04/23 17:32:36.0093 4008 Scan finished
2011/04/23 17:32:36.0093 4008 ================================================================================
2011/04/23 17:32:36.0093 3404 Detected object count: 1
2011/04/23 17:32:46.0703 3404 Locked file(sptd) - User select action: Skip

 

ComboFix 11-04-22.03 - david1 23/04/2011 18:31:07.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1537 [GMT 1:00]
Running from: c:\documents and settings\david1\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-23 16:38 . 2011-04-23 16:38 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDB18034-4C70-40D2-B482-609EE2163E05}\MpKsl9db69aaf.sys
2011-04-23 16:38 . 2011-04-18 08:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-23 16:38 . 2011-04-18 08:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDB18034-4C70-40D2-B482-609EE2163E05}\mpengine.dll
2011-04-22 18:06 . 2011-04-22 18:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2011-04-22 18:04 . 2011-04-22 18:04 106496 --sha-r- c:\windows\system32\cscripts.dll
2011-04-22 01:32 . 2011-04-22 01:32 -------- d-----w- C:\Inetpub
2011-04-22 01:23 . 2008-04-14 11:00 8192 ----a-w- c:\windows\system32\staxmem.dll
2011-04-22 01:14 . 2011-04-22 01:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-22 00:36 . 2011-04-22 01:32 -------- d-----w- c:\program files\CleanUp!
2011-04-20 03:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-20 03:02 . 2011-04-20 03:02 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-20 01:52 . 2011-04-20 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-04-19 17:47 . 2011-04-19 17:47 -------- d-----w- c:\documents and settings\david1\Application Data\Malwarebytes
2011-04-19 17:47 . 2011-04-19 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-19 17:47 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-19 17:47 . 2011-04-20 01:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-19 17:47 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-19 17:20 . 2011-04-20 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-19 17:20 . 2011-04-19 17:20 -------- d-----w- c:\program files\AVAST Software
2011-04-19 16:55 . 2011-04-19 16:55 -------- d-----w- c:\documents and settings\david1\Application Data\thecleaner
2011-04-19 16:41 . 2011-04-20 02:56 -------- d-----w- c:\program files\Panda Security
2011-04-19 03:20 . 2011-04-19 03:20 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-19 03:20 . 2011-04-19 03:20 -------- d-----w- c:\documents and settings\david1\Local Settings\Application Data\Sunbelt Software
2011-04-19 03:19 . 2011-04-22 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-18 20:50 . 2011-04-18 20:50 0 ----a-w- c:\windows\Tzidog.bin
2011-04-09 00:02 . 2011-04-18 21:47 -------- d-----w- c:\program files\RssReader
2011-04-08 18:29 . 2011-04-20 03:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-08 18:29 . 2011-04-20 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-08 14:45 . 2011-04-08 14:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-30 09:12 . 2011-03-30 10:12 -------- d-----w- C:\Mp3 Output
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 01:14 . 2011-02-01 12:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:31 . 2010-12-09 21:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:35 . 2010-06-09 05:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27 . 2010-06-09 05:42 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 08:27 . 2011-03-03 02:56 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-23 08:27 . 2011-03-03 02:56 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 08:27 . 2011-03-03 02:56 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 08:27 . 2011-03-03 02:55 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-23 08:27 . 2011-03-03 02:55 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 08:27 . 2011-03-03 02:55 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 08:27 . 2011-03-03 02:39 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 08:27 . 2010-12-10 05:58 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 08:27 . 2010-12-10 05:58 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 08:27 . 2010-12-10 05:58 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 08:27 . 2010-12-10 05:58 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 01:33 . 2011-02-23 01:33 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-02-23 01:33 . 2011-02-23 01:33 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-02-23 01:33 . 2011-02-23 01:33 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-02-23 01:33 . 2011-02-23 01:33 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-02-23 01:33 . 2011-02-23 01:33 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-02-23 01:33 . 2011-02-23 01:33 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-02-23 01:33 . 2011-02-23 01:33 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-02-23 01:33 . 2011-02-23 01:33 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-02-23 01:33 . 2011-02-23 01:33 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-02-23 01:33 . 2011-02-23 01:33 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-02-23 01:33 . 2011-02-23 01:33 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-02-23 01:33 . 2011-02-23 01:33 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-02-23 01:33 . 2011-02-23 01:33 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-02-23 01:33 . 2011-02-23 01:33 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-02-23 01:33 . 2011-02-23 01:33 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-02-23 01:33 . 2011-02-23 01:33 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-02-23 01:33 . 2011-02-23 01:33 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-02-23 01:33 . 2011-02-23 01:33 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-02-23 01:33 . 2011-02-23 01:33 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-02-23 01:33 . 2011-02-23 01:33 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-02-23 01:33 . 2011-02-23 01:33 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-02-23 01:33 . 2011-02-23 01:33 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-02-23 01:33 . 2011-02-23 01:33 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-02-23 01:33 . 2011-02-23 01:33 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-02-23 01:33 . 2011-02-23 01:33 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-02-23 01:33 . 2011-02-23 01:33 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-02-23 01:33 . 2011-02-23 01:33 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-02-22 23:27 . 2010-06-09 05:41 919552 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:27 . 2010-06-09 05:41 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:27 . 2010-06-09 05:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-18 12:08 . 2010-06-09 05:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:19 . 2010-06-09 05:42 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 13:18 . 2008-04-14 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 12:32 . 2010-12-10 03:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 03:06 . 2011-01-03 01:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-15 12:56 . 2008-04-14 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
------- Sigcheck -------
.
[-] 2010-06-09 . 8D8F2E6C15CBC6F8F1BD114EF6329EE6 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-04-20_01.46.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-23 16:27 . 2011-04-23 16:27 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
- 2008-04-14 11:00 . 2011-04-20 01:14 88098 c:\windows\system32\perfc009.dat
+ 2008-04-14 11:00 . 2011-04-23 16:31 88098 c:\windows\system32\perfc009.dat
+ 2011-04-22 01:24 . 2008-04-14 11:00 25088 c:\windows\system32\inetsrv\iisadmin.dll
+ 2011-04-22 01:23 . 2008-04-14 11:00 29696 c:\windows\system32\inetsrv\admexs.dll
+ 2011-04-22 01:09 . 2011-04-22 01:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-09 22:10 . 2011-04-18 21:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-22 01:09 . 2011-04-22 01:09 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-22 01:09 . 2011-04-22 01:09 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-04-23 16:51 . 2011-04-23 16:51 28160 c:\windows\Installer\1637c8.msi
+ 2011-03-03 01:35 . 2011-04-22 01:32 902052 c:\windows\system32\Restore\rstrlog.dat
- 2008-04-14 11:00 . 2011-04-20 01:14 504598 c:\windows\system32\perfh009.dat
+ 2008-04-14 11:00 . 2011-04-23 16:31 504598 c:\windows\system32\perfh009.dat
+ 2011-04-22 00:37 . 2011-04-22 00:37 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
+ 2011-04-22 00:37 . 2011-04-22 00:37 311456 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
+ 2011-02-10 13:03 . 2011-04-22 01:14 157472 c:\windows\system32\javaws.exe
- 2011-02-10 13:03 . 2010-11-12 18:53 157472 c:\windows\system32\javaws.exe
+ 2011-02-10 13:03 . 2011-04-22 01:14 145184 c:\windows\system32\javaw.exe
- 2011-02-10 13:03 . 2010-11-12 18:53 145184 c:\windows\system32\javaw.exe
- 2011-02-10 13:03 . 2010-11-12 18:53 145184 c:\windows\system32\java.exe
+ 2011-02-10 13:03 . 2011-04-22 01:14 145184 c:\windows\system32\java.exe
+ 2011-04-22 01:24 . 2008-04-14 11:00 108544 c:\windows\system32\inetsrv\AppConf.dll
+ 2010-12-10 03:40 . 2011-04-20 03:01 293272 c:\windows\system32\FNTCACHE.DAT
+ 2010-10-24 20:25 . 2010-10-24 20:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2011-04-22 01:15 . 2011-04-22 01:15 180224 c:\windows\Installer\4c444.msi
+ 2011-04-22 01:14 . 2011-04-22 01:14 677376 c:\windows\Installer\4c434.msi
+ 2011-04-20 03:02 . 2011-04-20 03:02 786432 c:\windows\Installer\1bc59.msi
+ 2011-04-20 03:02 . 2011-04-20 03:02 479744 c:\windows\Installer\1bc52.msi
+ 2011-04-20 03:02 . 2011-04-20 03:02 301056 c:\windows\Installer\1bc4c.msi
- 2010-12-09 22:06 . 2011-04-14 02:01 39828936 c:\windows\system32\MRT.exe
+ 2010-12-09 22:06 . 2011-04-07 12:52 39828936 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 22:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck "= "c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-01-18 33714176]
"Cpu Level Up help "= "c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2009-12-28 887936]
"ASUS Update Checker "= "c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472]
"Six Engine "= "c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2011-02-23 111208]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2011-02-23 13880424]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3 "= "advpack.dll" [2010-06-09 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent "= "c:\program files\DAEMON Tools Pro\DTAgent.exe" -autorun
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\World of Warcraft\\Launcher.exe "=
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\plants vs zombies\\PlantsVsZombies.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\crysis warhead\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Spotify\\spotify.exe "=
"c:\\Program Files\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE "=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\lego star wars saga\\LEGOStarWarsSaga.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe "=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\crysis 2 - demo\\Bin32\\Crysis2Demo.exe "=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe "=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\fallout new vegas\\FalloutNVLauncher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\dragon age ii demo\\DragonAge2Launcher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\dragon age ii demo\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm "=
"c:\\Documents and Settings\\david1\\Local Settings\\Apps\\2.0\\XY6W7L0G.YRK\\LGQYX26Z.TL4\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe "=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/12/2010 10:22 420920]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [11/12/2010 15:41 11448]
R1 MpKsl9db69aaf;MpKsl9db69aaf;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BDB18034-4C70-40D2-B482-609EE2163E05}\MpKsl9db69aaf.sys [23/04/2011 17:38 28752]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [11/12/2010 15:41 96896]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [14/12/2010 14:36 20328]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 03:33 821664]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 02:10 483688]
R3 arusb(TP-LINK);Wireless Network Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [26/12/2010 10:54 598528]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 23:23 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 23:23 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 23:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 23:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 02:10 209768]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [09/12/2010 23:28 2106880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL9DB69AAF
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-04-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 22:44]
.
2011-04-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-12-10 22:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: {551012F8-F810-4CD5-B18E-794A2C429E70} = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\documents and settings\david1\Application Data\Mozilla\Firefox\Profiles\6f0app4b.default\
FF - prefs.js: browser.startup.homepage - www.wowhead.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 18:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-1177238915-2147140409-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:41,ad,b1,98,d9,4f,04,ce,31,6c,77,e8,bd,c9,21,6c,2e,5d,2f,a3,03,1b,0e,
a2,44,be,15,29,46,51,bf,17,0e,86,8f,bc,73,b9,0e,a6,24,a7,3f,27,e7,53,fd,21,\
"?? "=hex:01,26,99,cb,08,82,6e,cd,bc,80,71,14,36,5c,39,e7
.
[HKEY_USERS\S-1-5-21-1801674531-1177238915-2147140409-1004\Software\SecuROM\License information*]
"datasecu "=hex:b5,9f,46,68,14,86,17,83,64,d3,61,9f,f9,8b,cd,74,de,ed,85,5e,2a,
65,32,5b,2e,b3,fc,8f,0b,50,b9,39,85,8d,f0,39,ad,13,35,e3,25,fd,8d,6b,00,e9,\
"rkeysecu "=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2011-04-23 18:36:56
ComboFix-quarantined-files.txt 2011-04-23 17:36
ComboFix2.txt 2011-04-22 18:25
ComboFix3.txt 2011-04-20 02:18
ComboFix4.txt 2011-04-20 01:49
.
Pre-Run: 295,903,236,096 bytes free
Post-Run: 295,919,706,112 bytes free
.
- - End Of File - - 789FE15140BF88E914375D2DD777F99E

 

ComboFix 11-04-23.01 - david1 23/04/2011 21:56:16.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1456 [GMT 1:00]
Running from: c:\documents and settings\david1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\david1\Desktop\CFScript.txt
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\cscripts.dll "
"c:\windows\system32\drivers\SBREDrv.sys "
"c:\windows\Tzidog.bin "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\david1\Local Settings\Application Data\Sunbelt Software
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\Setup\setup.ini
c:\program files\Panda Security
c:\windows\system32\cscripts.dll
c:\windows\system32\drivers\SBREDrv.sys
c:\windows\Tzidog.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))
.
.
2011-04-23 17:37 . 2011-04-23 17:37 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{824B47F1-C542-4188-84CD-0B57F0480DDD}\MpKsl023b294c.sys
2011-04-23 17:37 . 2011-04-18 08:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{824B47F1-C542-4188-84CD-0B57F0480DDD}\mpengine.dll
2011-04-23 16:38 . 2011-04-18 08:15 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-22 18:06 . 2011-04-22 18:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2011-04-22 01:32 . 2011-04-22 01:32 -------- d-----w- C:\Inetpub
2011-04-22 01:23 . 2008-04-14 11:00 8192 ----a-w- c:\windows\system32\staxmem.dll
2011-04-22 01:14 . 2011-04-22 01:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-22 00:36 . 2011-04-22 01:32 -------- d-----w- c:\program files\CleanUp!
2011-04-20 03:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-20 03:02 . 2011-04-20 03:02 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-20 01:52 . 2011-04-20 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-04-19 17:47 . 2011-04-19 17:47 -------- d-----w- c:\documents and settings\david1\Application Data\Malwarebytes
2011-04-19 17:47 . 2011-04-19 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-19 17:47 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-19 17:47 . 2011-04-20 01:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-19 17:47 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-19 17:20 . 2011-04-20 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-04-19 16:55 . 2011-04-19 16:55 -------- d-----w- c:\documents and settings\david1\Application Data\thecleaner
2011-04-19 03:19 . 2011-04-22 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-09 00:02 . 2011-04-18 21:47 -------- d-----w- c:\program files\RssReader
2011-04-08 18:29 . 2011-04-20 03:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-08 18:29 . 2011-04-20 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-08 14:45 . 2011-04-08 14:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-30 09:12 . 2011-03-30 10:12 -------- d-----w- C:\Mp3 Output
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 01:14 . 2011-02-01 12:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:31 . 2010-12-09 21:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:35 . 2010-06-09 05:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27 . 2010-06-09 05:42 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 08:27 . 2011-03-03 02:56 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-23 08:27 . 2011-03-03 02:56 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 08:27 . 2011-03-03 02:56 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 08:27 . 2011-03-03 02:55 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-23 08:27 . 2011-03-03 02:55 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 08:27 . 2011-03-03 02:55 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 08:27 . 2011-03-03 02:39 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 08:27 . 2010-12-10 05:58 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 08:27 . 2010-12-10 05:58 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 08:27 . 2010-12-10 05:58 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 08:27 . 2010-12-10 05:58 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 01:33 . 2011-02-23 01:33 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-02-23 01:33 . 2011-02-23 01:33 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-02-23 01:33 . 2011-02-23 01:33 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-02-23 01:33 . 2011-02-23 01:33 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-02-23 01:33 . 2011-02-23 01:33 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-02-23 01:33 . 2011-02-23 01:33 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-02-23 01:33 . 2011-02-23 01:33 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-02-23 01:33 . 2011-02-23 01:33 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-02-23 01:33 . 2011-02-23 01:33 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-02-23 01:33 . 2011-02-23 01:33 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-02-23 01:33 . 2011-02-23 01:33 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-02-23 01:33 . 2011-02-23 01:33 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-02-23 01:33 . 2011-02-23 01:33 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-02-23 01:33 . 2011-02-23 01:33 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-02-23 01:33 . 2011-02-23 01:33 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-02-23 01:33 . 2011-02-23 01:33 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-02-23 01:33 . 2011-02-23 01:33 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-02-23 01:33 . 2011-02-23 01:33 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-02-23 01:33 . 2011-02-23 01:33 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-02-23 01:33 . 2011-02-23 01:33 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-02-23 01:33 . 2011-02-23 01:33 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-02-23 01:33 . 2011-02-23 01:33 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-02-23 01:33 . 2011-02-23 01:33 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-02-23 01:33 . 2011-02-23 01:33 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-02-23 01:33 . 2011-02-23 01:33 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-02-23 01:33 . 2011-02-23 01:33 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2011-02-23 01:33 . 2011-02-23 01:33 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-02-23 01:33 . 2011-02-23 01:33 13880424 ----a-w- c:\windows\system32\nvcpl.dll
2011-02-23 01:33 . 2011-02-23 01:33 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-02-22 23:27 . 2010-06-09 05:41 919552 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:27 . 2010-06-09 05:41 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:27 . 2010-06-09 05:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-18 12:08 . 2010-06-09 05:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:19 . 2010-06-09 05:42 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 13:18 . 2008-04-14 11:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 12:32 . 2010-12-10 03:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 03:06 . 2011-01-03 01:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-15 12:56 . 2008-04-14 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2008-04-14 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2008-04-14 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2008-04-14 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
------- Sigcheck -------
.
[-] 2010-06-09 . 8D8F2E6C15CBC6F8F1BD114EF6329EE6 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-04-20_01.46.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-23 16:27 . 2011-04-23 16:27 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
- 2008-04-14 11:00 . 2011-04-20 01:14 88098 c:\windows\system32\perfc009.dat
+ 2008-04-14 11:00 . 2011-04-23 16:31 88098 c:\windows\system32\perfc009.dat
+ 2011-04-22 01:24 . 2008-04-14 11:00 25088 c:\windows\system32\inetsrv\iisadmin.dll
+ 2011-04-22 01:23 . 2008-04-14 11:00 29696 c:\windows\system32\inetsrv\admexs.dll
+ 2011-04-22 01:09 . 2011-04-22 01:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-09 22:10 . 2011-04-18 21:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-22 01:09 . 2011-04-22 01:09 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-22 01:09 . 2011-04-22 01:09 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-04-23 16:51 . 2011-04-23 16:51 28160 c:\windows\Installer\1637c8.msi
+ 2011-03-03 01:35 . 2011-04-22 01:32 902052 c:\windows\system32\Restore\rstrlog.dat
- 2008-04-14 11:00 . 2011-04-20 01:14 504598 c:\windows\system32\perfh009.dat
+ 2008-04-14 11:00 . 2011-04-23 16:31 504598 c:\windows\system32\perfh009.dat
+ 2011-04-22 00:37 . 2011-04-22 00:37 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
+ 2011-04-22 00:37 . 2011-04-22 00:37 311456 c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.dll
+ 2011-02-10 13:03 . 2011-04-22 01:14 157472 c:\windows\system32\javaws.exe
- 2011-02-10 13:03 . 2010-11-12 18:53 157472 c:\windows\system32\javaws.exe
+ 2011-02-10 13:03 . 2011-04-22 01:14 145184 c:\windows\system32\javaw.exe
- 2011-02-10 13:03 . 2010-11-12 18:53 145184 c:\windows\system32\javaw.exe
- 2011-02-10 13:03 . 2010-11-12 18:53 145184 c:\windows\system32\java.exe
+ 2011-02-10 13:03 . 2011-04-22 01:14 145184 c:\windows\system32\java.exe
+ 2011-04-22 01:24 . 2008-04-14 11:00 108544 c:\windows\system32\inetsrv\AppConf.dll
+ 2010-12-10 03:40 . 2011-04-20 03:01 293272 c:\windows\system32\FNTCACHE.DAT
+ 2010-10-24 20:25 . 2010-10-24 20:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2011-04-22 01:15 . 2011-04-22 01:15 180224 c:\windows\Installer\4c444.msi
+ 2011-04-22 01:14 . 2011-04-22 01:14 677376 c:\windows\Installer\4c434.msi
+ 2011-04-20 03:02 . 2011-04-20 03:02 786432 c:\windows\Installer\1bc59.msi
+ 2011-04-20 03:02 . 2011-04-20 03:02 479744 c:\windows\Installer\1bc52.msi
+ 2011-04-20 03:02 . 2011-04-20 03:02 301056 c:\windows\Installer\1bc4c.msi
- 2010-12-09 22:06 . 2011-04-14 02:01 39828936 c:\windows\system32\MRT.exe
+ 2010-12-09 22:06 . 2011-04-07 12:52 39828936 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 22:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck "= "c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-01-18 33714176]
"Cpu Level Up help "= "c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2009-12-28 887936]
"ASUS Update Checker "= "c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2009-12-28 121472]
"Six Engine "= "c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2011-02-23 111208]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2011-02-23 13880424]
"nwiz "= "c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3 "= "advpack.dll" [2010-06-09 128512]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Pro Agent "= "c:\program files\DAEMON Tools Pro\DTAgent.exe" -autorun
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\World of Warcraft\\Launcher.exe "=
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\plants vs zombies\\PlantsVsZombies.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\crysis warhead\\Bin32\\Crysis.exe "=
"c:\\Program Files\\Spotify\\spotify.exe "=
"c:\\Program Files\\Codemasters\\The Lord of the Rings Online\\lotroclient.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE "=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\bioshock\\Builds\\Release\\Bioshock.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\lego star wars saga\\LEGOStarWarsSaga.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe "=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\crysis 2 - demo\\Bin32\\Crysis2Demo.exe "=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe "=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\fallout new vegas\\FalloutNVLauncher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\dragon age ii demo\\DragonAge2Launcher.exe "=
"c:\\Program Files\\Steam\\SteamApps\\common\\dragon age ii demo\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm "=
"c:\\Documents and Settings\\david1\\Local Settings\\Apps\\2.0\\XY6W7L0G.YRK\\LGQYX26Z.TL4\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe "=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/12/2010 10:22 420920]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [11/12/2010 15:41 11448]
R1 MpKsl023b294c;MpKsl023b294c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{824B47F1-C542-4188-84CD-0B57F0480DDD}\MpKsl023b294c.sys [23/04/2011 18:37 28752]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [11/12/2010 15:41 96896]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [14/12/2010 14:36 20328]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28/02/2010 03:33 821664]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24/04/2010 02:10 483688]
R3 arusb(TP-LINK);Wireless Network Adapter Service(TP-LINK);c:\windows\system32\drivers\arusb.sys [26/12/2010 10:54 598528]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 23:23 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 23:23 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 23:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 23:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24/04/2010 02:10 209768]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [09/12/2010 23:28 2106880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL023B294C
*NewlyCreated* - MPKSL9DB69AAF
*Deregistered* - klmd25
*Deregistered* - MpKsl9db69aaf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
.
2011-04-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 22:44]
.
2011-04-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-12-10 22:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: {551012F8-F810-4CD5-B18E-794A2C429E70} = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\documents and settings\david1\Application Data\Mozilla\Firefox\Profiles\6f0app4b.default\
FF - prefs.js: browser.startup.homepage - www.wowhead.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 21:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1801674531-1177238915-2147140409-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:41,ad,b1,98,d9,4f,04,ce,31,6c,77,e8,bd,c9,21,6c,2e,5d,2f,a3,03,1b,0e,
a2,44,be,15,29,46,51,bf,17,0e,86,8f,bc,73,b9,0e,a6,24,a7,3f,27,e7,53,fd,21,\
"?? "=hex:01,26,99,cb,08,82,6e,cd,bc,80,71,14,36,5c,39,e7
.
[HKEY_USERS\S-1-5-21-1801674531-1177238915-2147140409-1004\Software\SecuROM\License information*]
"datasecu "=hex:b5,9f,46,68,14,86,17,83,64,d3,61,9f,f9,8b,cd,74,de,ed,85,5e,2a,
65,32,5b,2e,b3,fc,8f,0b,50,b9,39,85,8d,f0,39,ad,13,35,e3,25,fd,8d,6b,00,e9,\
"rkeysecu "=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2011-04-23 21:59:54
ComboFix-quarantined-files.txt 2011-04-23 20:59
ComboFix2.txt 2011-04-22 18:25
ComboFix3.txt 2011-04-20 02:18
ComboFix4.txt 2011-04-20 01:49
.
Pre-Run: 295,722,188,800 bytes free
Post-Run: 295,710,486,528 bytes free
.
- - End Of File - - 1A02C70043274EAF39DB77D477EA094B

 

I notice at the top of the log it mentions emisoft, I have that uninstalled so Don't know why it is in the log, double checked it isnt in my add/remove programs list.