Solved Trojan: Mebroot

[Resolved] Trojan: Mebroot

Hello. I recieved an email a couple of days ago indicating that I have the Trojan Mebroot infested in my laptop currently. I have come here in desperation for help removing this trojan, as my internet has threatened to cut my internet connection if I do not remove it. So far only Combofix has been able to detect the trojan, showing "rootkit activity detected ", however it has not been able to remove it. I currently have Windows 7.

Please help


DDS (Ver_10-03-17.01) - NTFSx86
Run by Michael at 17:46:40.72 on Sat 02/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.962 [GMT 10:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\System32\dinotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Users\Michael\AppData\Local\temp\jkos-Michael\binaries\ScanningProcess.exe
C:\Users\Michael\AppData\Local\temp\jkos-Michael\binaries\ScanningProcess.exe
C:\Users\Michael\AppData\Local\temp\jkos-Michael\binaries\ScanningProcess.exe
C:\Users\Michael\AppData\Local\temp\jkos-Michael\binaries\ScanningProcess.exe
C:\Users\Michael\AppData\Local\temp\jkos-Michael\binaries\ScanningProcess.exe
C:\Users\Michael\AppData\Local\temp\jkos-Michael\binaries\ScanningProcess.exe
C:\Users\Michael\AppData\Local\temp\jkos-Michael\binaries\ScanningProcess.exe
C:\Users\Michael\AppData\Local\temp\jkos-Michael\binaries\ScanningProcess.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" updatewithcreateonce "software\hewlett-packard\media\Webcam "
mRun: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\SmartMenu.exe /background
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "c:\program files\hewlett-packard\recovery\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\recovery" updatewithcreateonce "software\cyberlink\PowerRecover "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\sophos~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-au\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
AppInit_DLLs: c:\progra~1\sophos\sophos~1\sophos_detoured.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

================= FIREFOX ===================

FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\bp7q6tam.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-6-18 121848]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe [2010-4-3 81920]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2009-7-9 26168]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-6-18 104488]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-18 93736]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-2-3 175144]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-21 116136]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-4-10 66592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-4-3 230400]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-9 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-10 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-9-12 228408]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2010-9-19 406016]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-17 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-10 4232192]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2010-6-18 23928]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-22 1343400]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-6-18 22536]

=============== Created Last 30 ================

2010-10-01 15:29:48 0 d-sh--w- C:\$RECYCLE.BIN
2010-10-01 14:23:44 77312 ----a-w- c:\windows\MBR.exe
2010-10-01 14:23:43 98816 ----a-w- c:\windows\sed.exe
2010-10-01 14:23:43 256512 ----a-w- c:\windows\PEV.exe
2010-10-01 14:23:43 161792 ----a-w- c:\windows\SWREG.exe
2010-10-01 13:06:01 0 d-----w- c:\program files\Trend Micro
2010-10-01 11:31:09 0 d-----w- c:\program files\Linksys
2010-10-01 11:25:57 0 d-----w- c:\programdata\Pure Networks
2010-10-01 08:13:35 0 d-----w- c:\programdata\MFAData
2010-10-01 01:21:22 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-01 01:21:22 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-30 10:44:07 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 06:25:20 0 d-----w- c:\programdata\Clarus
2010-09-30 06:25:20 0 d-----w- C:\Log
2010-09-30 05:26:24 0 d-----w- c:\program files\Clarus
2010-09-30 05:06:06 0 d-----w- C:\9c215e53533fbb1dbfa3387412
2010-09-25 12:55:34 0 d-----w- c:\programdata\Blizzard Entertainment
2010-09-25 12:55:34 0 d-----w- c:\program files\StarCraft II
2010-09-25 12:55:34 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-09-18 14:19:34 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-09-18 14:19:25 0 d-----w- c:\program files\Ashampoo
2010-09-18 14:16:29 0 d-----w- c:\program files\CCleaner
2010-09-18 14:15:51 0 d-----w- c:\users\michael\appdata\roaming\Auslogics
2010-09-18 14:15:45 0 d-----w- c:\program files\Auslogics
2010-09-15 08:43:07 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-08 09:46:20 103312 ----a-w- C:\bootsect.exe
2010-09-08 09:19:49 3244324864 ----a-w- C:\Win7.iso
2010-09-08 07:52:12 0 d-----w- C:\Windows install

==================== Find3M ====================

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-22 16:37:16 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:47:36.36 ===============

__________________________________________________________________________________________________________

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/12/2009 6:40:24 PM
System Uptime: 10/02/2010 11:22:54 AM (5622 hours ago)

Motherboard: Quanta | | 363E
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | CPU | 1597/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 454 GiB total, 350.281 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.959 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 596 GiB total, 365.038 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\6&1A4D48D&0&5
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\6&1A4D48D&0&5
Service:

==== System Restore Points ===================

RP109: 30/09/2010 3:26:11 PM - Installed Samsung Auto Backup
RP110: 30/09/2010 8:44:01 PM - Windows Update
RP111: 1/10/2010 11:20:55 AM - Windows Update
RP112: 1/10/2010 5:30:45 PM - Windows Update
RP113: 1/10/2010 9:41:29 PM - Removed Cisco Network Magic
RP114: 1/10/2010 9:41:53 PM - Removed Pure Networks Platform
RP115: 2/10/2010 12:19:14 PM - Windows Update
RP116: 2/10/2010 12:24:38 PM - Windows Update

==== Installed Programs ======================

2007 Microsoft Office system
7-Zip 4.65
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3 MUI
Adobe Shockwave Player
AOL Toolbar 5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo WinOptimizer 2010 Advanced
Auslogics Disk Defrag
Bonjour
CCleaner
CyberLink DVD Suite
ENE CIR Receiver Driver
Google Toolbar for Internet Explorer
Google Update Helper
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Games
HP Integrated Module with Bluetooth wireless technology
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Update
HP User Guides 0154
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 20
JMicron Flash Media Controller Driver
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NirSoft MessenPass
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
PowerRecover
QLBCASL
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Samsung Auto Backup
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SoftStylus
Sophos Anti-Virus
Sophos AutoUpdate
StarCraft II
Synaptics Pointing Device Driver
Uniblue RegistryBooster 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2291599)
VLC media player 1.0.5
Windows 7 USB/DVD Download Tool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin

==== Event Viewer Messages From Past Week ========

30/09/2010 3:31:18 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/09/2010 3:31:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
30/09/2010 3:31:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Health Check Service service.
2/10/2010 3:43:07 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
2/10/2010 2:41:20 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
2/10/2010 2:19:30 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
2/10/2010 12:52:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MAGGIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8074E01D-DFB4-473F-9AED-F216A8EE. The master browser is stopping or an election is being forced.
2/10/2010 1:28:31 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/10/2010 1:22:08 AM, Error: Service Control Manager [7000] - The eamonm service failed to start due to the following error: The system cannot find the file specified.
1/10/2010 7:09:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
1/10/2010 10:10:29 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MAGGIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0AEC2DC9-E0A0-4CE8-963D-6934940B. The master browser is stopping or an election is being forced.

==== End Of File ===========================

__________________________________________________________________________________________________________
ComboFix 10-09-30.05 - Michael 02/10/2010 1:23.4.8 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1991 [GMT 10:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))
.

2010-10-01 15:28 . 2010-10-01 15:28 -------- d-----w- c:\users\Michael\AppData\Local\temp
2010-10-01 15:28 . 2010-10-01 15:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-01 15:28 . 2010-10-01 15:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-01 15:19 . 2010-10-01 15:19 -------- d-----w- C:\32788R22FWJFW
2010-10-01 13:06 . 2010-10-01 13:06 -------- d-----w- c:\program files\Trend Micro
2010-10-01 11:31 . 2010-10-01 13:05 -------- d-----w- c:\program files\Linksys
2010-10-01 11:25 . 2010-10-01 11:42 -------- d-----w- c:\programdata\Pure Networks
2010-10-01 08:13 . 2010-10-01 08:21 -------- d-----w- c:\programdata\MFAData
2010-10-01 01:21 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-01 01:21 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-30 10:44 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 06:25 . 2010-09-30 06:25 -------- d-----w- c:\programdata\Clarus
2010-09-30 06:25 . 2010-09-30 06:25 -------- d-----w- C:\Log
2010-09-30 05:26 . 2010-09-30 05:26 -------- d-----w- c:\program files\Clarus
2010-09-30 05:06 . 2010-09-30 05:06 -------- d-----w- C:\9c215e53533fbb1dbfa3387412
2010-09-25 13:34 . 2010-09-25 13:34 47876 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-25 12:55 . 2010-09-28 11:37 -------- d-----w- c:\program files\StarCraft II
2010-09-25 12:55 . 2010-09-25 13:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-09-25 12:55 . 2010-09-25 13:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-18 14:19 . 2009-08-24 11:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-09-18 14:19 . 2010-09-18 14:19 -------- d-----w- c:\program files\Ashampoo
2010-09-18 14:16 . 2010-09-18 14:16 -------- d-----w- c:\program files\CCleaner
2010-09-18 14:15 . 2010-09-18 14:15 -------- d-----w- c:\users\Michael\AppData\Roaming\Auslogics
2010-09-18 14:15 . 2010-09-18 14:15 -------- d-----w- c:\program files\Auslogics
2010-09-15 08:43 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-08 09:46 . 2010-09-08 09:45 103312 ----a-w- C:\bootsect.exe
2010-09-08 09:27 . 2010-09-08 09:27 119808 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2010-09-08 09:27 . 2010-09-08 09:27 -------- d-----w- c:\users\Michael\AppData\Local\Apps
2010-09-08 07:52 . 2010-09-08 09:45 -------- d-----w- C:\Windows install

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 14:26 . 2009-09-11 18:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-01 14:14 . 2010-02-28 08:49 -------- d-----w- c:\users\Michael\AppData\Roaming\vlc
2010-10-01 12:23 . 2009-12-30 07:46 113912 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-30 05:26 . 2009-09-11 18:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 04:13 . 2009-09-11 19:32 -------- d-----w- c:\programdata\Microsoft Help
2010-09-11 15:32 . 2010-02-23 04:35 -------- d-----w- c:\users\Michael\AppData\Roaming\NPresenter
2010-09-10 03:00 . 2010-01-01 14:01 -------- d-----w- c:\programdata\NOS
2010-09-08 13:45 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-09-08 13:39 . 2010-08-14 11:32 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-08 13:38 . 2010-08-14 11:30 -------- d-----w- c:\programdata\DivX
2010-08-28 10:46 . 2010-08-28 10:46 -------- d--h--r- c:\users\Michael\AppData\Roaming\SecuROM
2010-08-16 10:48 . 2010-08-16 10:47 -------- d-----w- c:\users\Michael\AppData\Roaming\FreeFLVConverter
2010-08-01 05:41 . 2010-08-01 05:42 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-01 05:41 . 2010-03-09 13:16 38784 ----a-w- c:\users\Michael\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-29 06:30 . 2010-08-12 03:34 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 03:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-22 16:37 . 2010-08-16 10:47 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-07-16 03:54 . 2010-01-17 15:06 2380712 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
2010-07-16 03:51 . 2010-07-16 03:51 14904 ----a-w- c:\windows\help\OEM\Scripts\LaunchHPForums.exe
2010-07-08 18:00 . 2010-07-13 00:59 516784 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb47ED.tmp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-30 39408]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-02 1549608]
"HPCam_Menu "= "c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"SmartMenu "= "c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 567864]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut "= "c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2010-04-02 495708]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-11-28 13826664]

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2010-9-30 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2010-9-30 77824]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2010-9-30 102400]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-2-3 429096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle "= 2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring "=dword:00000001

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-17 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-23 4232192]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2010-06-18 23928]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-06-18 22536]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-06-18 121848]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [2010-04-02 81920]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-06-18 104488]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-18 93736]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-04-10 66592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-04-02 230400]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 14:47]

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 14:47]

2010-10-01 c:\windows\Tasks\Scheduled scan.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-06-18 05:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\bp7q6tam.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83008000]<< >>UNKNOWN [0x8BE1B000]<< >>UNKNOWN [0x8CC5D000]<< >>UNKNOWN [0x8C9C8000]<< >>UNKNOWN [0x83418000]<< >>UNKNOWN [0x8BF23000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
DeleteProcedure -> 0x8d609b88
SecurityProcedure -> 0x861d07b8
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-11435735-3056468348-2357536009-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:7a,60,5f,98,4e,b4,bc,d5,34,4f,65,55,31,f5,2c,c5,ae,7e,57,a2,2c,eb,62,
f0,0a,4c,d0,a4,e9,61,80,07,9b,f1,22,c6,aa,43,5b,90,21,74,6e,ef,53,a3,2a,d0,\
"?? "=hex:34,f4,1a,25,7d,3c,13,03,c8,ee,89,3f,79,ea,ac,db

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-02 01:29:41
ComboFix-quarantined-files.txt 2010-10-01 15:29
ComboFix2.txt 2010-10-01 15:02
ComboFix3.txt 2010-10-01 14:49
ComboFix4.txt 2010-10-01 14:35

Pre-Run: 371,252,887,552 bytes free
Post-Run: 371,195,834,368 bytes free

- - End Of File - - 888F42D31A358F6F2B450F64E53683DB

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 242):
0x83008000 \SystemRoot\system32\ntkrnlpa.exe
0x83418000 \SystemRoot\system32\halmacpi.dll
0x80BCF000 \SystemRoot\system32\kdcom.dll
0x8361D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83695000 \SystemRoot\system32\PSHED.dll
0x836A6000 \SystemRoot\system32\BOOTVID.dll
0x836AE000 \SystemRoot\system32\CLFS.SYS
0x836F0000 \SystemRoot\system32\CI.dll
0x8BC34000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BCA5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BCB3000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BCFB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BD04000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BD0C000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BD36000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BD41000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x8BD50000 \SystemRoot\system32\DRIVERS\mpio.sys
0x8BD74000 \SystemRoot\System32\drivers\partmgr.sys
0x8BD85000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8BD8D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8BD98000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BDA8000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BDF3000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BC0E000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8BC15000 \SystemRoot\system32\DRIVERS\aliide.sys
0x8BC1C000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8BC23000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x8379B000 \SystemRoot\System32\drivers\mountmgr.sys
0x837B1000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x837D1000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x8BE1B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BE40000 \SystemRoot\system32\DRIVERS\viaide.sys
0x8BE48000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x8BF23000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C00F000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C032000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x8C04A000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C091000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8C09B000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x8C0AE000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x8C118000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8C164000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x8C18A000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x8C19E000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8C1C4000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x8C21B000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x8C258000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C261000 \SystemRoot\system32\DRIVERS\arc.sys
0x8C277000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x8C28F000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x8C302000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x8C312000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x8C32C000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x8C33C000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x8C356000 \SystemRoot\system32\DRIVERS\megasas.sys
0x8C361000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x8C200000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x8C1DB000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8C425000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x8C5A4000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x8C400000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x8C40D000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x8C614000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x8C639000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C66D000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C67E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C7AD000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C7D8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C805000 \SystemRoot\System32\Drivers\cng.sys
0x8C862000 \SystemRoot\System32\drivers\pcw.sys
0x8C870000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C879000 \SystemRoot\system32\drivers\ndis.sys
0x8C930000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C96E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CA36000 \SystemRoot\System32\drivers\tcpip.sys
0x8CB7F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CBB0000 \SystemRoot\system32\DRIVERS\wd.sys
0x8CBB8000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CBF7000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8CA00000 \SystemRoot\System32\Drivers\spldr.sys
0x8CA08000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8C993000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CA20000 \SystemRoot\System32\Drivers\mup.sys
0x8C9C0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C9C8000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8CC2B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CC5D000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CD66000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CD85000 \SystemRoot\system32\DRIVERS\savonaccess.sys
0x8CDAB000 \SystemRoot\System32\Drivers\Null.SYS
0x8CDB2000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CDB9000 \SystemRoot\System32\drivers\vga.sys
0x8CDC5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CDE6000 \SystemRoot\System32\drivers\watchdog.sys
0x8CDF3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CC00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CC08000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CC10000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CC1B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C9D1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C9E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91E31000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91E63000 \SystemRoot\system32\drivers\afd.sys
0x91EBD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91EC4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91EE3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x91EF4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91F02000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91F15000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91F25000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91F66000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91F70000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91F7A000 \SystemRoot\System32\drivers\discache.sys
0x91F86000 \SystemRoot\System32\Drivers\dfsc.sys
0x91F9E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x91FAC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91FCD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92E3A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x937AB000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x937AD000 \SystemRoot\System32\Drivers\fastfat.SYS
0x92013000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x920CA000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92103000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92122000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92131000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x93A2A000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x940A6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x940B0000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x940EC000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x94118000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x94137000 \SystemRoot\system32\DRIVERS\enecir.sys
0x94150000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x94168000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x94171000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9417E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x941B3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x941B5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x941C2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x941C8000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x941D3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x941DC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x941EE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x93A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x93A12000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9217C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92187000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x921A9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x921C1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x921D8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x941FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x921EF000 \SystemRoot\system32\DRIVERS\circlass.sys
0x92000000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9601B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9605F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x96070000 \SystemRoot\system32\drivers\nvhda32v.sys
0x96083000 \SystemRoot\system32\drivers\portcls.sys
0x960B2000 \SystemRoot\system32\drivers\drmk.sys
0x960CB000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x96C3E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x96D5A000 \SystemRoot\system32\drivers\modem.sys
0x96D67000 \SystemRoot\system32\DRIVERS\hidir.sys
0x96D76000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x96D89000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x96D90000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x96D9C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x81ED0000 \SystemRoot\System32\win32k.sys
0x96DA7000 \SystemRoot\System32\drivers\Dxapi.sys
0x96DB1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CC6E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96DBE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82130000 \SystemRoot\System32\TSDDD.dll
0x82160000 \SystemRoot\System32\cdd.dll
0x96DE5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x82180000 \SystemRoot\System32\ATMFD.DLL
0x96136000 \SystemRoot\system32\drivers\luafv.sys
0x96151000 \SystemRoot\system32\drivers\WudfPf.sys
0x9616B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9617B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x961C1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x961D1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA2C0C000 \SystemRoot\system32\drivers\HTTP.sys
0xA2C91000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA2CAA000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA2CBC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2CDF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2D1A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2D4D000 \SystemRoot\system32\drivers\peauth.sys
0xA2DE4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x937D7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA2DEE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EE1C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EE6B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9EEBC000 \??\C:\Users\Michael\AppData\Local\Temp\mbr.sys
0x9EEC2000 \??\C:\Users\Michael\AppData\Local\Temp\catchme.sys
0x9EECA000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x9EF54000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9EF5D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9EF87000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9EF92000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9EFA9000 \SystemRoot\System32\Drivers\usbvideo.sys
0x77360000 \Windows\System32\ntdll.dll
0x47E80000 \Windows\System32\smss.exe
0x775A0000 \Windows\System32\apisetschema.dll
0x00CF0000 \Windows\System32\autochk.exe
0x774E0000 \Windows\System32\msvcrt.dll
0x77310000 \Windows\System32\Wldap32.dll
0x774D0000 \Windows\System32\lpk.dll
0x772C0000 \Windows\System32\gdi32.dll
0x77230000 \Windows\System32\clbcatq.dll
0x77160000 \Windows\System32\msctf.dll
0x770D0000 \Windows\System32\oleaut32.dll
0x77070000 \Windows\System32\difxapi.dll
0x77030000 \Windows\System32\ws2_32.dll
0x76F80000 \Windows\System32\rpcrt4.dll
0x76F20000 \Windows\System32\shlwapi.dll
0x774C0000 \Windows\System32\psapi.dll
0x76EA0000 \Windows\System32\comdlg32.dll
0x774B0000 \Windows\System32\normaliz.dll
0x76E70000 \Windows\System32\imagehlp.dll
0x76E50000 \Windows\System32\imm32.dll
0x774A0000 \Windows\System32\nsi.dll
0x76C50000 \Windows\System32\iertutil.dll
0x76000000 \Windows\System32\shell32.dll
0x75F60000 \Windows\System32\advapi32.dll
0x75DC0000 \Windows\System32\setupapi.dll
0x75CC0000 \Windows\System32\wininet.dll
0x75BE0000 \Windows\System32\kernel32.dll
0x75B40000 \Windows\System32\usp10.dll
0x759E0000 \Windows\System32\ole32.dll
0x75910000 \Windows\System32\user32.dll
0x757D0000 \Windows\System32\urlmon.dll
0x757B0000 \Windows\System32\sechost.dll
0x75760000 \Windows\System32\KernelBase.dll
0x75740000 \Windows\System32\devobj.dll
0x756B0000 \Windows\System32\comctl32.dll
0x75590000 \Windows\System32\crypt32.dll
0x75560000 \Windows\System32\wintrust.dll
0x75530000 \Windows\System32\cfgmgr32.dll
0x75520000 \Windows\System32\msasn1.dll

Processes (total 63):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
524 csrss.exe
600 C:\Windows\System32\wininit.exe
608 csrss.exe
656 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\winlogon.exe
1096 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe
1388 C:\Windows\System32\svchost.exe
1436 C:\Windows\System32\hpservice.exe
1452 C:\Windows\System32\nvvsvc.exe
1508 C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
1668 C:\Windows\System32\dwm.exe
1976 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\spoolsv.exe
424 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\taskhost.exe
1768 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe
1596 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1932 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1120 C:\Program Files\Bonjour\mDNSResponder.exe
1376 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2176 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2340 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2364 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
2400 C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
2680 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3188 C:\Windows\System32\svchost.exe
3612 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2444 C:\Windows\System32\taskeng.exe
2484 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
2456 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3940 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3528 C:\Windows\System32\svchost.exe
1416 C:\Program Files\Windows Media Player\wmpnetwk.exe
4052 C:\Windows\System32\svchost.exe
3600 C:\Windows\explorer.exe
3476 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3768 C:\Program Files\Sophos\AutoUpdate\ALMon.exe
3864 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3856 C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
2504 C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
3416 C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
5384 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
6012 C:\Windows\System32\dinotify.exe
2696 C:\Program Files\Mozilla Firefox\firefox.exe
2528 C:\Windows\System32\taskhost.exe
5000 C:\Windows\System32\audiodg.exe
5620 taskhost.exe
3028 C:\Windows\explorer.exe
1260 dllhost.exe
3140 dllhost.exe
4484 C:\Users\Michael\Downloads\MBRCheck.exe
5664 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`7ad00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003HPM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CDCF34788DFE028394B05CFD3FED6A10819A5EEF


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

Thank you for your fast response.

Although it is 4am, I am quite sure I have followed the instructions to the best I can (some variations as always with individual laptops), but the CD doesn't work.

I click on your NTBR link and download it. I double-click, and the new folder pops up, but I recieve a notification asking if I would like to install it using recommended settings; I guess that means it's not compatible with my laptop/Windows 7. I have tried both ignoring it and clicking on the option to install it again using recommened settings. Both times I have the same result.

I boot first from the CD, and I choose the English language. However, after that an error appears.

Can't open CD driver CDRCACH
SHSUCDX can't install
ERROR: Failure loading; unable to find CD-ROM drive!


Unless I've been a complete tomato with the instructions, it looks like the link you asked me to download from doesn't work with my laptop.

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 239):
0x83049000 \SystemRoot\system32\ntkrnlpa.exe
0x83012000 \SystemRoot\system32\halmacpi.dll
0x80BA2000 \SystemRoot\system32\kdcom.dll
0x83639000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x836B1000 \SystemRoot\system32\PSHED.dll
0x836C2000 \SystemRoot\system32\BOOTVID.dll
0x836CA000 \SystemRoot\system32\CLFS.SYS
0x8370C000 \SystemRoot\system32\CI.dll
0x8BC26000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BC97000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BCA5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BCED000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BCF6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BCFE000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BD28000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BD33000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x8BD42000 \SystemRoot\system32\DRIVERS\mpio.sys
0x8BD66000 \SystemRoot\System32\drivers\partmgr.sys
0x8BD77000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8BD7F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8BD8A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BD9A000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BDE5000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8BDEC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BC00000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8BC07000 \SystemRoot\system32\DRIVERS\aliide.sys
0x8BC0E000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8BC15000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x837B7000 \SystemRoot\System32\drivers\mountmgr.sys
0x837CD000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x83600000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x8BE02000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BE27000 \SystemRoot\system32\DRIVERS\viaide.sys
0x8BE2F000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x8BF0A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8BFE4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C023000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C046000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x8C05E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C0A5000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8C0AF000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x8C0C2000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x8C12C000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8C178000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x8C19E000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x8C1B2000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8C1D8000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x8C22F000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x8C26C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C275000 \SystemRoot\system32\DRIVERS\arc.sys
0x8C28B000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x8C2A3000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x8C316000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x8C326000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x8C340000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x8C350000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x8C36A000 \SystemRoot\system32\DRIVERS\megasas.sys
0x8C419000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x8C4AB000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x8C4B9000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8C618000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x8C797000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x8C7EC000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x8C600000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x8C4DE000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x8C503000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C537000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C813000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C942000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C96D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C980000 \SystemRoot\System32\Drivers\cng.sys
0x8C9DD000 \SystemRoot\System32\drivers\pcw.sys
0x8C9EB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C548000 \SystemRoot\system32\drivers\ndis.sys
0x8C375000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C3B3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CA2D000 \SystemRoot\System32\drivers\tcpip.sys
0x8CB76000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CBA7000 \SystemRoot\system32\DRIVERS\wd.sys
0x8CBAF000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CBEE000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8CBF7000 \SystemRoot\System32\Drivers\spldr.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8C200000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CA18000 \SystemRoot\System32\Drivers\mup.sys
0x8C9F4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C800000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8CC2C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CC5E000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CD67000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CD86000 \SystemRoot\system32\DRIVERS\savonaccess.sys
0x8CDAC000 \SystemRoot\System32\Drivers\Null.SYS
0x8CDB3000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CDBA000 \SystemRoot\System32\drivers\vga.sys
0x8CDC6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CDE7000 \SystemRoot\System32\drivers\watchdog.sys
0x8CDF4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CC00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CC08000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CC10000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CC1B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C400000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C3D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91803000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91835000 \SystemRoot\system32\drivers\afd.sys
0x9188F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91896000 \SystemRoot\system32\DRIVERS\pacer.sys
0x918B5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x918C6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x918D4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x918E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x918F7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91938000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91942000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9194C000 \SystemRoot\System32\drivers\discache.sys
0x91958000 \SystemRoot\System32\Drivers\dfsc.sys
0x91970000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9197E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9199F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92C2F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x935A0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x935A2000 \SystemRoot\System32\Drivers\fastfat.SYS
0x92401000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x924B8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x924F1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92510000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9251F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x93A1E000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x9409A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x940A4000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x940E0000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x9410C000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x9412B000 \SystemRoot\system32\DRIVERS\enecir.sys
0x94144000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9415C000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x94165000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x94172000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x941A7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x941A9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x941B6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x941BC000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x941C7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x941D0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x941E2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x93A00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9256A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x93A12000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92582000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x925A4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x925BC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x925D3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x941EF000 \SystemRoot\system32\DRIVERS\swenum.sys
0x935CC000 \SystemRoot\system32\DRIVERS\ks.sys
0x941F1000 \SystemRoot\system32\DRIVERS\circlass.sys
0x925EA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x919A3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92C00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92C11000 \SystemRoot\system32\drivers\nvhda32v.sys
0x94E33000 \SystemRoot\system32\drivers\portcls.sys
0x94E62000 \SystemRoot\system32\drivers\drmk.sys
0x94E7B000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x9500A000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x95126000 \SystemRoot\system32\drivers\modem.sys
0x95133000 \SystemRoot\system32\DRIVERS\hidir.sys
0x95142000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95155000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9515C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x95168000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x96590000 \SystemRoot\System32\win32k.sys
0x95173000 \SystemRoot\System32\drivers\Dxapi.sys
0x9517D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95188000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x967F0000 \SystemRoot\System32\TSDDD.dll
0x96420000 \SystemRoot\System32\cdd.dll
0x96440000 \SystemRoot\System32\ATMFD.DLL
0x95193000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x951AA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x951CE000 \SystemRoot\system32\drivers\luafv.sys
0x94EE6000 \SystemRoot\system32\drivers\WudfPf.sys
0x94F00000 \SystemRoot\system32\DRIVERS\udfs.sys
0x951E9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CC6F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x94F40000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x94F51000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94F61000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x94FA7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94FB7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E606000 \SystemRoot\system32\drivers\HTTP.sys
0x9E68B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E6A4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E6B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E6D9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E714000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E747000 \SystemRoot\system32\drivers\peauth.sys
0x9E7DE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x94FCA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E7E8000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2E17000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2E66000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2EB7000 \SystemRoot\system32\drivers\MSPQM.sys
0x76E00000 \Windows\System32\ntdll.dll
0x477D0000 \Windows\System32\smss.exe
0x77040000 \Windows\System32\apisetschema.dll
0x00910000 \Windows\System32\autochk.exe
0x77020000 \Windows\System32\normaliz.dll
0x76F90000 \Windows\System32\clbcatq.dll
0x76D20000 \Windows\System32\kernel32.dll
0x76C70000 \Windows\System32\msvcrt.dll
0x76BD0000 \Windows\System32\usp10.dll
0x76F70000 \Windows\System32\sechost.dll
0x76B90000 \Windows\System32\ws2_32.dll
0x76A50000 \Windows\System32\urlmon.dll
0x769F0000 \Windows\System32\shlwapi.dll
0x76970000 \Windows\System32\comdlg32.dll
0x76920000 \Windows\System32\gdi32.dll
0x76F60000 \Windows\System32\psapi.dll
0x768F0000 \Windows\System32\imagehlp.dll
0x767F0000 \Windows\System32\wininet.dll
0x76720000 \Windows\System32\user32.dll
0x766C0000 \Windows\System32\difxapi.dll
0x76560000 \Windows\System32\ole32.dll
0x76490000 \Windows\System32\msctf.dll
0x76F40000 \Windows\System32\imm32.dll
0x76480000 \Windows\System32\lpk.dll
0x762E0000 \Windows\System32\setupapi.dll
0x762D0000 \Windows\System32\nsi.dll
0x76230000 \Windows\System32\advapi32.dll
0x76180000 \Windows\System32\rpcrt4.dll
0x75F80000 \Windows\System32\iertutil.dll
0x75F30000 \Windows\System32\Wldap32.dll
0x75EA0000 \Windows\System32\oleaut32.dll
0x75250000 \Windows\System32\shell32.dll
0x75130000 \Windows\System32\crypt32.dll
0x75100000 \Windows\System32\cfgmgr32.dll
0x750D0000 \Windows\System32\wintrust.dll
0x750B0000 \Windows\System32\devobj.dll
0x75020000 \Windows\System32\comctl32.dll
0x74FD0000 \Windows\System32\KernelBase.dll
0x74FC0000 \Windows\System32\msasn1.dll

Processes (total 76):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
516 csrss.exe
608 C:\Windows\System32\wininit.exe
616 csrss.exe
664 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\nvvsvc.exe
904 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe
1168 C:\Windows\System32\audiodg.exe
1248 C:\Windows\System32\winlogon.exe
1320 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\nvvsvc.exe
1408 C:\Windows\System32\hpservice.exe
1492 C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
1672 C:\Windows\System32\dwm.exe
1696 C:\Windows\explorer.exe
1988 C:\Windows\System32\svchost.exe
656 C:\Windows\System32\spoolsv.exe
888 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\taskhost.exe
376 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1292 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe
2076 C:\Program Files\LSI SoftModem\agrsmsvc.exe
2084 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2132 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2140 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
2200 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2232 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
2264 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2276 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2300 C:\Program Files\Bonjour\mDNSResponder.exe
2396 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2432 C:\Windows\System32\taskeng.exe
2540 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2676 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2788 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2844 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
2896 C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
3084 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3132 C:\Program Files\iTunes\iTunesHelper.exe
3188 C:\Program Files\IDT\WDM\sttray.exe
3276 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3392 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3400 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3420 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3532 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3824 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3832 C:\Program Files\Sophos\AutoUpdate\ALMon.exe
3840 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3848 C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
3856 C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
3872 C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
1384 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
1312 C:\Windows\System32\svchost.exe
2560 WmiPrvSE.exe
3736 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4100 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4196 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4392 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4424 C:\Program Files\iPod\bin\iPodService.exe
4688 C:\Windows\System32\taskeng.exe
4752 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
4760 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4860 C:\Windows\System32\svchost.exe
5252 dllhost.exe
5296 dllhost.exe
5328 C:\Users\Michael\Downloads\MBRCheck.exe
5344 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`7ad00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003HPM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

 

I cannot download it. I have allowed pop-ups, yet nothing comes up. I right-click on the direct link, but I get a sys40823.exe.htm file. This is what I get after a few seconds, and when I open the .htm file.


error

Errore 404
File non trovato
L'indirizzo inserito non è più disponibile oppure è errato. Verifica di aver digitato correttamente dopodichè avvisa il webmaster del problema incontrato.

Clicca qui per tornare alla Home Page.

 

HAMeb: "This tool is not compatible with your system. "

Profiles:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-11435735-3056468348-2357536009-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\Michael

SystemRoot REG_SZ C:\Windows

 

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4745

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/10/2010 2:58:13 PM
mbam-log-2010-10-05 (14-58-13).txt

Scan type: Quick scan
Objects scanned: 141429
Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Thank you for your time and effort Broni, for everything you have done I am most grateful.

I do worry about the risk of being infected again. I have a firewall and a decent anti-virus, yet it has still managed to bypass such precautions and infect my computer.

Of a more specific inquiry, should I check the other computers in my household that may contain such a trojan?

 

I apologise, my eyes have been lazy.

When I ran ComboFix, it once again detected rootkit activity. I pray that that is really not the case. I thought we had rid of that thing.

ComboFix 10-10-04.02 - Michael 05/10/2010 22:50:24.5.8 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1921 [GMT 11:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-09-05 to 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-10-05 11:56 . 2010-10-05 11:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-05 11:56 . 2010-10-05 11:56 -------- d-----w- c:\users\Michael\AppData\Local\temp
2010-10-05 11:56 . 2010-10-05 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-05 03:50 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-05 03:50 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 13:06 . 2010-10-01 13:06 -------- d-----w- c:\program files\Trend Micro
2010-10-01 11:31 . 2010-10-01 13:05 -------- d-----w- c:\program files\Linksys
2010-10-01 11:25 . 2010-10-01 11:42 -------- d-----w- c:\programdata\Pure Networks
2010-10-01 08:13 . 2010-10-01 08:21 -------- d-----w- c:\programdata\MFAData
2010-10-01 01:21 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-01 01:21 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-30 10:44 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 06:25 . 2010-09-30 06:25 -------- d-----w- c:\programdata\Clarus
2010-09-30 06:25 . 2010-09-30 06:25 -------- d-----w- C:\Log
2010-09-30 05:26 . 2010-09-30 05:26 -------- d-----w- c:\program files\Clarus
2010-09-30 05:06 . 2010-09-30 05:06 -------- d-----w- C:\9c215e53533fbb1dbfa3387412
2010-09-25 13:34 . 2010-09-25 13:34 47876 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-25 12:55 . 2010-09-28 11:37 -------- d-----w- c:\program files\StarCraft II
2010-09-25 12:55 . 2010-09-25 13:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-09-25 12:55 . 2010-09-25 13:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-18 14:19 . 2009-08-24 11:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-09-18 14:19 . 2010-09-18 14:19 -------- d-----w- c:\program files\Ashampoo
2010-09-18 14:16 . 2010-09-18 14:16 -------- d-----w- c:\program files\CCleaner
2010-09-18 14:15 . 2010-09-18 14:15 -------- d-----w- c:\users\Michael\AppData\Roaming\Auslogics
2010-09-18 14:15 . 2010-09-18 14:15 -------- d-----w- c:\program files\Auslogics
2010-09-15 08:43 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-08 09:46 . 2010-09-08 09:45 103312 ----a-w- C:\bootsect.exe
2010-09-08 09:27 . 2010-09-08 09:27 119808 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2010-09-08 09:27 . 2010-09-08 09:27 -------- d-----w- c:\users\Michael\AppData\Local\Apps
2010-09-08 07:52 . 2010-09-08 09:45 -------- d-----w- C:\Windows install

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 03:50 . 2010-03-14 00:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 14:26 . 2009-09-11 18:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-01 14:14 . 2010-02-28 08:49 -------- d-----w- c:\users\Michael\AppData\Roaming\vlc
2010-10-01 12:23 . 2009-12-30 07:46 113912 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-30 05:26 . 2009-09-11 18:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 04:13 . 2009-09-11 19:32 -------- d-----w- c:\programdata\Microsoft Help
2010-09-11 15:32 . 2010-02-23 04:35 -------- d-----w- c:\users\Michael\AppData\Roaming\NPresenter
2010-09-10 03:00 . 2010-01-01 14:01 -------- d-----w- c:\programdata\NOS
2010-09-08 13:45 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-09-08 13:39 . 2010-08-14 11:32 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-08 13:38 . 2010-08-14 11:30 -------- d-----w- c:\programdata\DivX
2010-08-28 10:46 . 2010-08-28 10:46 -------- d--h--r- c:\users\Michael\AppData\Roaming\SecuROM
2010-08-16 10:48 . 2010-08-16 10:47 -------- d-----w- c:\users\Michael\AppData\Roaming\FreeFLVConverter
2010-08-01 05:41 . 2010-08-01 05:42 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-01 05:41 . 2010-03-09 13:16 38784 ----a-w- c:\users\Michael\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-29 06:30 . 2010-08-12 03:34 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 03:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-22 16:37 . 2010-08-16 10:47 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-07-16 03:54 . 2010-01-17 15:06 2380712 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
2010-07-16 03:51 . 2010-07-16 03:51 14904 ----a-w- c:\windows\help\OEM\Scripts\LaunchHPForums.exe
2010-07-08 18:00 . 2010-07-13 00:59 516784 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb47ED.tmp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-30 39408]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-02 1549608]
"HPCam_Menu "= "c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"SmartMenu "= "c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 567864]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut "= "c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2010-04-02 495708]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-11-28 13826664]

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2010-9-30 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2010-9-30 77824]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2010-9-30 102400]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-2-3 429096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle "= 2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring "=dword:00000001

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-17 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-23 4232192]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2010-06-18 23928]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-06-18 22536]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-06-18 121848]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [2010-04-02 81920]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-06-18 104488]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-18 93736]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-04-10 66592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-04-02 230400]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 14:47]

2010-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 14:47]

2010-10-05 c:\windows\Tasks\Scheduled scan.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-06-18 05:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\bp7q6tam.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-11435735-3056468348-2357536009-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:7a,60,5f,98,4e,b4,bc,d5,34,4f,65,55,31,f5,2c,c5,ae,7e,57,a2,2c,eb,62,
f0,0a,4c,d0,a4,e9,61,80,07,9b,f1,22,c6,aa,43,5b,90,21,74,6e,ef,53,a3,2a,d0,\
"?? "=hex:34,f4,1a,25,7d,3c,13,03,c8,ee,89,3f,79,ea,ac,db

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-05 22:57:33
ComboFix-quarantined-files.txt 2010-10-05 11:57
ComboFix2.txt 2010-10-01 15:29
ComboFix3.txt 2010-10-01 15:02
ComboFix4.txt 2010-10-01 14:49
ComboFix5.txt 2010-10-05 11:45

Pre-Run: 379,702,657,024 bytes free
Post-Run: 379,768,401,920 bytes free

- - End Of File - - BA656E9CB3037912E5AF2767EDF4C5F0

 

In case you need it, I ran the MBRCheck again. If you don't need it, no harm done, eh?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 240):
0x83056000 \SystemRoot\system32\ntkrnlpa.exe
0x8301F000 \SystemRoot\system32\halmacpi.dll
0x80BC6000 \SystemRoot\system32\kdcom.dll
0x8363F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x836B7000 \SystemRoot\system32\PSHED.dll
0x836C8000 \SystemRoot\system32\BOOTVID.dll
0x836D0000 \SystemRoot\system32\CLFS.SYS
0x83712000 \SystemRoot\system32\CI.dll
0x8BC24000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BC95000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BCA3000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BCEB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BCF4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BCFC000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BD26000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BD31000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x8BD40000 \SystemRoot\system32\DRIVERS\mpio.sys
0x8BD64000 \SystemRoot\System32\drivers\partmgr.sys
0x8BD75000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8BD7D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8BD88000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BD98000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BDE3000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8BDEA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BDF8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\aliide.sys
0x8BC07000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8BC0E000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x837BD000 \SystemRoot\System32\drivers\mountmgr.sys
0x837D3000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x83600000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x8BE15000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BE3A000 \SystemRoot\system32\DRIVERS\viaide.sys
0x8BE42000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x8BF1D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8BFF7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8C015000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8C038000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x8C050000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C097000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8C0A1000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x8C0B4000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x8C11E000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8C16A000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x8C190000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x8C1A4000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8C1CA000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x8C203000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x8C240000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8C249000 \SystemRoot\system32\DRIVERS\arc.sys
0x8C25F000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x8C277000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x8C2EA000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x8C2FA000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x8C314000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x8C324000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x8C33E000 \SystemRoot\system32\DRIVERS\megasas.sys
0x8C349000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x8C3DB000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x8C43C000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8C461000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x8C62A000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x8C67F000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x8C68C000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x8C6A2000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x8C6C7000 \SystemRoot\system32\drivers\fltmgr.sys
0x8C6FB000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C80E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C93D000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C968000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C97B000 \SystemRoot\System32\Drivers\cng.sys
0x8C9D8000 \SystemRoot\System32\drivers\pcw.sys
0x8C9E6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C70C000 \SystemRoot\system32\drivers\ndis.sys
0x8CA09000 \SystemRoot\system32\drivers\NETIO.SYS
0x8CA47000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CA6C000 \SystemRoot\System32\drivers\tcpip.sys
0x8CBB5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CBE6000 \SystemRoot\system32\DRIVERS\wd.sys
0x8CC14000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8CC53000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8CC5C000 \SystemRoot\System32\Drivers\spldr.sys
0x8CC64000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8CC7C000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CCA9000 \SystemRoot\System32\Drivers\mup.sys
0x8CCB9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CCC1000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8CCCA000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CCFC000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C7C3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C600000 \SystemRoot\system32\DRIVERS\savonaccess.sys
0x8CDF4000 \SystemRoot\System32\Drivers\Null.SYS
0x8CBEE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C9EF000 \SystemRoot\System32\drivers\vga.sys
0x8C400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C800000 \SystemRoot\System32\drivers\watchdog.sys
0x8CBF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CA00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C7E2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C7EA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C421000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C5E0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C7F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9082C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9085E000 \SystemRoot\system32\drivers\afd.sys
0x908B8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x908BF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x908DE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x908EF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x908FD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90910000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90920000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90961000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9096B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90975000 \SystemRoot\System32\drivers\discache.sys
0x90981000 \SystemRoot\System32\Drivers\dfsc.sys
0x90999000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x909A7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x909C8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92E05000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x93776000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x93778000 \SystemRoot\System32\Drivers\fastfat.SYS
0x94C2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x94CE1000 \SystemRoot\System32\drivers\dxgmms1.sys
0x94D1A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x94D39000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x94D48000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9640F000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x96A8B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x96A95000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x96AD1000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x96AFD000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x96B1C000 \SystemRoot\system32\DRIVERS\enecir.sys
0x96B35000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x96B4D000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x96B56000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x96B63000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x96B98000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x96B9A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x96BA7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x96BAD000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x96BB8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x96BC1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x96BD3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x96BE0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x94D93000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x96BF2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x94DAB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x94DCD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x94DE5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x94C00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x96BFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x937A2000 \SystemRoot\system32\DRIVERS\ks.sys
0x96400000 \SystemRoot\system32\DRIVERS\circlass.sys
0x94C17000 \SystemRoot\system32\DRIVERS\umbus.sys
0x96C0D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x96C51000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x96C62000 \SystemRoot\system32\drivers\nvhda32v.sys
0x96C75000 \SystemRoot\system32\drivers\portcls.sys
0x96CA4000 \SystemRoot\system32\drivers\drmk.sys
0x96CBD000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x9741C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x97538000 \SystemRoot\system32\drivers\modem.sys
0x97545000 \SystemRoot\system32\DRIVERS\hidir.sys
0x97554000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97567000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9756E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9757A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9AB40000 \SystemRoot\System32\win32k.sys
0x97585000 \SystemRoot\System32\drivers\Dxapi.sys
0x9758F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9759A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CD0D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x975A7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x975B8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9ADA0000 \SystemRoot\System32\TSDDD.dll
0x9ADD0000 \SystemRoot\System32\cdd.dll
0x9AA00000 \SystemRoot\System32\ATMFD.DLL
0x975C3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x975DA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x97400000 \SystemRoot\system32\drivers\luafv.sys
0x96D28000 \SystemRoot\system32\drivers\WudfPf.sys
0x96D42000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96D52000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x96D98000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x96DA8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D00D000 \SystemRoot\system32\drivers\HTTP.sys
0x9D092000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D0AB000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D0BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D0E0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D11B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D14E000 \SystemRoot\system32\drivers\peauth.sys
0x9D1E5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x96DBB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D1EF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9FC28000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9FC77000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FCC8000 \??\C:\Users\Michael\AppData\Local\Temp\mbr.sys
0x9FCCE000 \??\C:\Users\Michael\AppData\Local\Temp\catchme.sys
0x9FCD6000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77910000 \Windows\System32\ntdll.dll
0x478A0000 \Windows\System32\smss.exe
0x77B50000 \Windows\System32\apisetschema.dll
0x00C80000 \Windows\System32\autochk.exe
0x77B30000 \Windows\System32\psapi.dll
0x77A60000 \Windows\System32\user32.dll
0x778B0000 \Windows\System32\difxapi.dll
0x77A50000 \Windows\System32\normaliz.dll
0x778A0000 \Windows\System32\lpk.dll
0x77820000 \Windows\System32\comdlg32.dll
0x77680000 \Windows\System32\setupapi.dll
0x77580000 \Windows\System32\wininet.dll
0x774D0000 \Windows\System32\rpcrt4.dll
0x77470000 \Windows\System32\shlwapi.dll
0x77330000 \Windows\System32\urlmon.dll
0x77290000 \Windows\System32\usp10.dll
0x76640000 \Windows\System32\shell32.dll
0x76620000 \Windows\System32\imm32.dll
0x76590000 \Windows\System32\oleaut32.dll
0x76390000 \Windows\System32\iertutil.dll
0x762B0000 \Windows\System32\kernel32.dll
0x76260000 \Windows\System32\Wldap32.dll
0x76210000 \Windows\System32\gdi32.dll
0x76200000 \Windows\System32\nsi.dll
0x760A0000 \Windows\System32\ole32.dll
0x76000000 \Windows\System32\advapi32.dll
0x75F70000 \Windows\System32\clbcatq.dll
0x75F40000 \Windows\System32\imagehlp.dll
0x75F20000 \Windows\System32\sechost.dll
0x75E50000 \Windows\System32\msctf.dll
0x75DA0000 \Windows\System32\msvcrt.dll
0x75D60000 \Windows\System32\ws2_32.dll
0x75CD0000 \Windows\System32\comctl32.dll
0x75CA0000 \Windows\System32\wintrust.dll
0x75C70000 \Windows\System32\cfgmgr32.dll
0x75C20000 \Windows\System32\KernelBase.dll
0x75B00000 \Windows\System32\crypt32.dll
0x75AE0000 \Windows\System32\devobj.dll
0x75AD0000 \Windows\System32\msasn1.dll

Processes (total 60):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
520 csrss.exe
608 C:\Windows\System32\wininit.exe
616 csrss.exe
664 C:\Windows\System32\services.exe
680 C:\Windows\System32\lsass.exe
688 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\nvvsvc.exe
896 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\stacsv.exe
1272 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\winlogon.exe
1392 C:\Windows\System32\hpservice.exe
1468 C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
1552 C:\Windows\System32\nvvsvc.exe
1736 C:\Windows\System32\dwm.exe
1996 C:\Windows\System32\svchost.exe
656 C:\Windows\System32\spoolsv.exe
912 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\taskhost.exe
1796 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\AEstSrv.exe
1980 C:\Program Files\LSI SoftModem\agrsmsvc.exe
732 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
620 C:\Program Files\Bonjour\mDNSResponder.exe
1668 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2256 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2368 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2440 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
2468 C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
2660 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3008 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3208 C:\Windows\System32\svchost.exe
3620 C:\Windows\System32\rundll32.exe
2332 C:\Windows\System32\taskeng.exe
2244 C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
3652 C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2224 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2176 C:\Windows\System32\svchost.exe
1916 C:\Program Files\Windows Media Player\wmpnetwk.exe
1368 C:\Windows\System32\svchost.exe
2764 C:\ComboFix\CF14655.cfxxe
3492 C:\Windows\System32\conhost.exe
2168 C:\ComboFix\mbr.cfxxe
1532 C:\Windows\explorer.exe
3088 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4072 C:\Program Files\Sophos\AutoUpdate\ALMon.exe
388 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
748 C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
3504 C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
3692 C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
2116 C:\Program Files\Mozilla Firefox\firefox.exe
4064 taskhost.exe
3612 C:\Users\Michael\Downloads\MBRCheck.exe
804 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`7ad00000 (NTFS)

PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (32)


Done!

 

This one scared me, I think it locked all my registry keys so I couldn't open anything. Had to restart, then all was fine.



ComboFix 10-10-05.01 - Michael 06/10/2010 15:14:03.6.8 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3063.1971 [GMT 11:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
Command switches used :: c:\users\Michael\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\DRIVERS\eamonm.sys "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EAMONM
-------\Service_eamonm


((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 05:02 . 2010-10-06 05:02 -------- d-----w- C:\Device
2010-10-06 04:19 . 2010-10-06 05:03 -------- d-----w- c:\users\Michael\AppData\Local\temp
2010-10-06 04:19 . 2010-10-06 04:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-06 04:19 . 2010-10-06 04:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-05 03:50 . 2010-04-29 04:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-05 03:50 . 2010-04-29 04:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 13:06 . 2010-10-01 13:06 -------- d-----w- c:\program files\Trend Micro
2010-10-01 11:31 . 2010-10-01 13:05 -------- d-----w- c:\program files\Linksys
2010-10-01 11:25 . 2010-10-01 11:42 -------- d-----w- c:\programdata\Pure Networks
2010-10-01 08:13 . 2010-10-01 08:21 -------- d-----w- c:\programdata\MFAData
2010-10-01 01:21 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-01 01:21 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-30 10:44 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 06:25 . 2010-09-30 06:25 -------- d-----w- c:\programdata\Clarus
2010-09-30 06:25 . 2010-09-30 06:25 -------- d-----w- C:\Log
2010-09-30 05:26 . 2010-09-30 05:26 -------- d-----w- c:\program files\Clarus
2010-09-30 05:06 . 2010-09-30 05:06 -------- d-----w- C:\9c215e53533fbb1dbfa3387412
2010-09-25 13:34 . 2010-09-25 13:34 47876 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-25 12:55 . 2010-09-28 11:37 -------- d-----w- c:\program files\StarCraft II
2010-09-25 12:55 . 2010-09-25 13:34 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-09-25 12:55 . 2010-09-25 13:18 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-09-18 14:19 . 2009-08-24 11:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2010-09-18 14:19 . 2010-09-18 14:19 -------- d-----w- c:\program files\Ashampoo
2010-09-18 14:16 . 2010-09-18 14:16 -------- d-----w- c:\program files\CCleaner
2010-09-18 14:15 . 2010-09-18 14:15 -------- d-----w- c:\users\Michael\AppData\Roaming\Auslogics
2010-09-18 14:15 . 2010-09-18 14:15 -------- d-----w- c:\program files\Auslogics
2010-09-15 08:43 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-08 09:46 . 2010-09-08 09:45 103312 ----a-w- C:\bootsect.exe
2010-09-08 09:27 . 2010-09-08 09:27 119808 ----a-r- c:\users\Michael\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2010-09-08 09:27 . 2010-09-08 09:27 -------- d-----w- c:\users\Michael\AppData\Local\Apps
2010-09-08 07:52 . 2010-09-08 09:45 -------- d-----w- C:\Windows install

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 14:31 . 2010-02-28 08:49 -------- d-----w- c:\users\Michael\AppData\Roaming\vlc
2010-10-05 03:50 . 2010-03-14 00:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 14:26 . 2009-09-11 18:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-01 12:23 . 2009-12-30 07:46 113912 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-30 05:26 . 2009-09-11 18:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\21649\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\21649\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\21649\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\21649\AcrobatUpdater.exe
2010-09-16 04:13 . 2009-09-11 19:32 -------- d-----w- c:\programdata\Microsoft Help
2010-09-11 15:32 . 2010-02-23 04:35 -------- d-----w- c:\users\Michael\AppData\Roaming\NPresenter
2010-09-10 03:00 . 2010-01-01 14:01 -------- d-----w- c:\programdata\NOS
2010-09-08 13:45 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-09-08 13:39 . 2010-08-14 11:32 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-08 13:38 . 2010-08-14 11:30 -------- d-----w- c:\programdata\DivX
2010-08-28 10:46 . 2010-08-28 10:46 -------- d--h--r- c:\users\Michael\AppData\Roaming\SecuROM
2010-08-16 10:48 . 2010-08-16 10:47 -------- d-----w- c:\users\Michael\AppData\Roaming\FreeFLVConverter
2010-08-01 05:41 . 2010-08-01 05:42 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-01 05:41 . 2010-03-09 13:16 38784 ----a-w- c:\users\Michael\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-29 06:30 . 2010-08-12 03:34 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 03:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-22 16:37 . 2010-08-16 10:47 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-07-16 03:54 . 2010-01-17 15:06 2380712 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
2010-07-16 03:51 . 2010-07-16 03:51 14904 ----a-w- c:\windows\help\OEM\Scripts\LaunchHPForums.exe
2010-07-08 18:00 . 2010-07-13 00:59 516784 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb47ED.tmp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-30 39408]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-02 1549608]
"HPCam_Menu "= "c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"SmartMenu "= "c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 567864]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut "= "c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2010-04-02 495708]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-11-28 13826664]

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2010-9-30 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2010-9-30 77824]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2010-9-30 102400]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 795936]
Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-2-3 429096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle "= 2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-17 29472]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-23 4232192]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2010-06-18 23928]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-06-18 22536]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-06-18 121848]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [2010-04-02 81920]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-06-18 104488]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-18 93736]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 116136]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-04-10 66592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-04-02 230400]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 14:47]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-08 14:47]

2010-10-05 c:\windows\Tasks\Scheduled scan.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-06-18 05:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_AU&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-AU\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\bp7q6tam.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83010000]<< >>UNKNOWN [0x8BE18000]<< >>UNKNOWN [0x8CB8B000]<< >>UNKNOWN [0x8CB50000]<< >>UNKNOWN [0x83420000]<< >>UNKNOWN [0x8BF20000]<< >>UNKNOWN [0x83077966]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x861ce7b8
QueryNameProcedure -> 0x861ce948
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-11435735-3056468348-2357536009-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:7a,60,5f,98,4e,b4,bc,d5,34,4f,65,55,31,f5,2c,c5,ae,7e,57,a2,2c,eb,62,
f0,0a,4c,d0,a4,e9,61,80,07,9b,f1,22,c6,aa,43,5b,90,21,74,6e,ef,53,a3,2a,d0,\
"?? "=hex:34,f4,1a,25,7d,3c,13,03,c8,ee,89,3f,79,ea,ac,db

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2420)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-10-06 16:07:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 05:07
ComboFix2.txt 2010-10-05 11:57
ComboFix3.txt 2010-10-01 15:29
ComboFix4.txt 2010-10-01 15:02
ComboFix5.txt 2010-10-06 04:10

Pre-Run: 379,483,844,608 bytes free
Post-Run: 378,382,630,912 bytes free

- - End Of File - - 87638A22786B6DA64AEB9B8321809A23