TechSpot

What now?

By medni
Apr 26, 2011
  1. hi new member here .my dell laptop with vista business has recently been having multiple weird problems.
    windows update not updating
    update now not switching on
    searches being directed elsewhere
    vista theme changing automatically
    messages about explorer etc not being able to start up etc...
    i have tried the 8 point but now i cant get most off the software to start up either ...
    any ideas, internet etc is working fine
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! Hopefully before you start your next thread, you will have learned to make the subject a bit more descriptive! "What now" isn't very descriptive!

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    If you had a problem with any of these steps, then you need to let me know which program isn't 'working' and specifically what the problem was when you try to either download it or run the scan. IF your searches are being redirected, you probably have malware. IF you better describe how the Vista theme is 'changing', I can probably guide you with that.

    You have contradicted yourself here:
    Please tell me specifically which of the steps isn't working and how it isn't working.
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. medni

    medni TS Rookie Topic Starter Posts: 24

    thanks for the reply ,
    i did the scans and here are the logs
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6452

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    27/04/2011 02:53:29
    mbam-log-2011-04-27 (02-53-29).txt

    Scan type: Quick scan
    Objects scanned: 162448
    Time elapsed: 11 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-27 03:01:16
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST9320320AS rev.DE06
    Running: mlzbp8q8.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldrpow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST9320320AS_____________________________DE06____#5&38cc63f4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Administrator at 3:03:07.43 on 27/04/2011
    Internet Explorer: 8.0.6001.19019
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3070.1976 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\AERTSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\DRIVERS\o2flash.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\OEM13Mon.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Common Files\Teleca Shared\logger.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Users\Administrator\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsl2fab3a17;MpKsl2fab3a17;c:\programdata\microsoft\microsoft antimalware\definition updates\{36c34658-6de7-4901-8fc3-e50437752fc6}\MpKsl2fab3a17.sys [2011-4-27 28752]
    R1 MpKsl38c184ad;MpKsl38c184ad;c:\programdata\microsoft\microsoft antimalware\definition updates\{36c34658-6de7-4901-8fc3-e50437752fc6}\MpKsl38c184ad.sys [2011-4-26 28752]
    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2010-7-31 77824]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-26 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-26 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-26 61960]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-29 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 235840]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-8-28 114688]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-8-28 105856]
    .
    =============== Created Last 30 ================
    .
    2011-04-27 01:41:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-27 01:41:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-27 01:36:33 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{36c34658-6de7-4901-8fc3-e50437752fc6}\MpKsl2fab3a17.sys
    2011-04-26 23:31:46 -------- d-----w- c:\users\admini~1\appdata\local\Adobe
    2011-04-26 23:00:48 -------- d-----w- c:\users\admini~1\appdata\roaming\Avira
    2011-04-26 22:47:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-26 22:47:28 -------- d-----w- c:\program files\Avira
    2011-04-26 22:47:28 -------- d-----w- c:\progra~2\Avira
    2011-04-26 11:42:34 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{36c34658-6de7-4901-8fc3-e50437752fc6}\MpKsl38c184ad.sys
    2011-04-26 11:42:16 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{36c34658-6de7-4901-8fc3-e50437752fc6}\mpengine.dll
    2011-04-26 02:18:57 -------- d-----w- c:\program files\ESET
    2011-04-26 01:00:03 -------- d-s---w- C:\ComboFix
    2011-04-25 23:15:14 98816 ----a-w- c:\windows\sed.exe
    2011-04-25 23:15:14 89088 ----a-w- c:\windows\MBR.exe
    2011-04-25 23:15:14 256512 ----a-w- c:\windows\PEV.exe
    2011-04-25 23:15:14 161792 ----a-w- c:\windows\SWREG.exe
    2011-04-22 01:12:44 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-04-20 22:42:24 -------- d-----w- c:\program files\common files\DivX Shared
    2011-04-19 00:16:34 -------- d-----w- c:\program files\Microsoft ATS
    2011-04-19 00:01:33 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-04-19 00:01:32 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-04-19 00:01:31 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-04-18 03:25:35 -------- d-----w- C:\ab26ce1d3b121af7df7fc04e
    2011-04-18 03:22:59 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-04-18 03:22:58 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-04-18 03:22:58 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-04-18 03:22:57 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-04-18 03:22:57 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-04-18 03:22:56 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-18 03:22:56 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-04-18 03:22:56 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-04-18 02:31:53 -------- d-----w- c:\users\admini~1\appdata\roaming\Sammsoft
    2011-04-18 02:19:01 -------- d-----w- c:\windows\$regcmp$
    2011-04-18 02:11:05 -------- d-----w- c:\users\admini~1\appdata\roaming\SmartPCTools
    2011-04-14 15:46:47 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{88999d78-2f69-4109-9574-2f1cbc1e0d68}\gapaengine.dll
    2011-04-14 15:40:32 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-13 00:24:33 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
    2011-04-12 22:58:51 -------- d-----w- c:\progra~2\Malwarebytes
    2011-04-12 22:58:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST9320320AS rev.DE06 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x867A7439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x867ad7d0]; MOV EAX, [0x867ad84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82480912] -> \Device\Harddisk0\DR0[0x85B7A200]
    3 CLASSPNP[0x8ABAB8B3] -> ntkrnlpa!IofCallDriver[0x82480912] -> [0x84B96598]
    \Driver\atapi[0x86517F38] -> IRP_MJ_CREATE -> 0x867A7439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST9320320AS_____________________________DE06____#5&38cc63f4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 625142446 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 3:04:23.15 ===============
     
  4. medni

    medni TS Rookie Topic Starter Posts: 24

    the theme has been changing from the vista to the xp version ie.the round start icon has been changing to the square one .my microsoft update has been switching off on its own and wont let me auto matically update without manuaaly doing so from the microsoft website..my microsoft essential is also not updating.
    also every now and again my preference ie desktop has been unable to start..what i meant by internet working is that surfing hasnt been a problem
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Hold off on the updates for now. You have a rootkit on the MBR:

    Please download MBRCheck and save to your desktop
    • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      [o] Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      [o] Found non-standard or infected MBR.
      [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Paste this log to your next message.
    =======================================
    It also appears that you have no home page or search page set up.
     
  6. medni

    medni TS Rookie Topic Starter Posts: 24

    thanks for your reply




    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Business Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Vostro1510
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 169):
    0x82414000 \SystemRoot\system32\ntkrnlpa.exe
    0x827CE000 \SystemRoot\system32\hal.dll
    0x86A9E000 \SystemRoot\system32\kdcom.dll
    0x80603000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80673000 \SystemRoot\system32\PSHED.dll
    0x80684000 \SystemRoot\system32\BOOTVID.dll
    0x8068C000 \SystemRoot\system32\CLFS.SYS
    0x806CD000 \SystemRoot\system32\CI.dll
    0x82A09000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x82A85000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x82A92000 \SystemRoot\system32\drivers\acpi.sys
    0x82AD8000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x82AE1000 \SystemRoot\system32\drivers\msisadrv.sys
    0x82AE9000 \SystemRoot\system32\drivers\pci.sys
    0x82B10000 \SystemRoot\System32\drivers\partmgr.sys
    0x82B1F000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x82B22000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x82B2C000 \SystemRoot\system32\drivers\volmgr.sys
    0x82B3B000 \SystemRoot\System32\drivers\volmgrx.sys
    0x82B85000 \SystemRoot\system32\drivers\intelide.sys
    0x82B8C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x82B9A000 \SystemRoot\System32\drivers\mountmgr.sys
    0x82BAA000 \SystemRoot\system32\drivers\atapi.sys
    0x82BB2000 \SystemRoot\system32\drivers\ataport.SYS
    0x82BD0000 \SystemRoot\system32\drivers\msahci.sys
    0x807AD000 \SystemRoot\system32\drivers\fltmgr.sys
    0x82BDA000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82BEA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
    0x807DF000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
    0x82BEC000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x8A600000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8A671000 \SystemRoot\system32\drivers\ndis.sys
    0x8A77C000 \SystemRoot\system32\drivers\msrpc.sys
    0x8A7A7000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8A804000 \SystemRoot\System32\drivers\tcpip.sys
    0x8A8F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8AA09000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8AB19000 \SystemRoot\system32\drivers\volsnap.sys
    0x8AB52000 \SystemRoot\System32\Drivers\spldr.sys
    0x8AB5A000 \SystemRoot\System32\Drivers\mup.sys
    0x8AB69000 \SystemRoot\System32\drivers\ecache.sys
    0x8AB90000 \SystemRoot\system32\drivers\disk.sys
    0x8ABA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8ABC2000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8ABED000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8AA00000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8A90C000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8A91B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8EC02000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8F553000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8F555000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8A924000 \SystemRoot\System32\drivers\watchdog.sys
    0x8F5F5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8A930000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8A96E000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8F602000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8F68F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8F7B9000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0x8A97D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8A98D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8A99B000 \SystemRoot\system32\DRIVERS\o2sd.sys
    0x8A9A5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x8A9CB000 \SystemRoot\system32\DRIVERS\o2media.sys
    0x8F7FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8A9D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8A9EA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8F800000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8F832000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8F834000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8F83F000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8F857000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8F85D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8F88C000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8F8CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8F8D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8F8EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8F8FA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8F91D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8F92C000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8F940000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8F955000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0x8F9DE000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8F9EE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8FA0D000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8FA37000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8FA41000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8FA4E000 \SystemRoot\System32\drivers\vga.sys
    0x8FA5A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8FA7B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8FAB0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x92A00000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8FAC1000 \SystemRoot\system32\drivers\portcls.sys
    0x8FAEE000 \SystemRoot\system32\drivers\drmk.sys
    0x8FB13000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x8FB22000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x92BF5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8FB49000 \SystemRoot\System32\Drivers\Null.SYS
    0x8FB50000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8FB57000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
    0x8FB5D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8FB65000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8FB6D000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8FB78000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8FB86000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8FB8F000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8FBA5000 \SystemRoot\system32\DRIVERS\smb.sys
    0x92C0C000 \SystemRoot\system32\drivers\afd.sys
    0x92C54000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x92C86000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x92C9C000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x92CAA000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x92CBD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x92CC3000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x92CFF000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x92D09000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A0E20E9-3EE7-4793-8432-F8004A13169C}\MpKsl8b55d171.sys
    0x92D0F000 \SystemRoot\system32\drivers\csc.sys
    0x92D6A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x92D81000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x92DA7000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x92DB4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x92DBF000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x92DC9000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x9960E000 \SystemRoot\System32\Drivers\bthport.sys
    0x9968E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x996A5000 \SystemRoot\system32\DRIVERS\OEM13Vid.sys
    0x996DF000 \SystemRoot\system32\DRIVERS\OEM13Vfx.sys
    0x996E1000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x9970A000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x99714000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x9A4E0000 \SystemRoot\System32\win32k.sys
    0x9972E000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9A700000 \SystemRoot\System32\TSDDD.dll
    0x9A720000 \SystemRoot\System32\cdd.dll
    0x99738000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x9974D000 \SystemRoot\system32\drivers\luafv.sys
    0x99768000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
    0x99773000 \SystemRoot\System32\Drivers\DLADResM.SYS
    0x99774000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
    0x9978D000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
    0x99793000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
    0x99796000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
    0x9979E000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
    0x997A5000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
    0x997BB000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
    0x9EC0E000 \SystemRoot\system32\drivers\spsys.sys
    0x9ECBE000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9ECCE000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9ECF8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9ED02000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9ED15000 \SystemRoot\system32\drivers\HTTP.sys
    0x9ED82000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9ED9F000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9EDB8000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9EDCD000 \SystemRoot\system32\drivers\mrxdav.sys
    0x997D2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x8FBB9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x92DD6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA0808000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA0830000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0xA083A000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA08A0000 \SystemRoot\system32\drivers\peauth.sys
    0xA097E000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA0988000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xA09B0000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA09BC000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    0xA09C8000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A0E20E9-3EE7-4793-8432-F8004A13169C}\MpKsl347c2339.sys
    0xA09CE000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0xA09E4000 \SystemRoot\system32\drivers\BCM42RLY.sys
    0x76E90000 \Windows\System32\ntdll.dll

    Processes (total 78):
    0 System Idle Process
    4 System
    492 C:\Windows\System32\smss.exe
    600 csrss.exe
    640 C:\Windows\System32\wininit.exe
    648 csrss.exe
    684 C:\Windows\System32\services.exe
    704 C:\Windows\System32\lsass.exe
    712 C:\Windows\System32\lsm.exe
    784 C:\Windows\System32\winlogon.exe
    896 C:\Windows\System32\svchost.exe
    936 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    960 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1100 C:\Windows\System32\nvvsvc.exe
    1136 C:\Windows\System32\svchost.exe
    1192 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    1312 C:\Windows\System32\svchost.exe
    1356 C:\Windows\System32\svchost.exe
    1408 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\audiodg.exe
    1548 C:\Windows\System32\svchost.exe
    1564 C:\Windows\System32\SLsvc.exe
    1584 C:\Windows\System32\svchost.exe
    1728 C:\Windows\System32\nvvsvc.exe
    1808 C:\Windows\System32\svchost.exe
    1936 C:\Windows\System32\WLTRYSVC.EXE
    1948 C:\Windows\System32\BCMWLTRY.EXE
    2028 C:\Windows\System32\spoolsv.exe
    2036 C:\Windows\System32\wlanext.exe
    368 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    320 C:\Windows\System32\svchost.exe
    1824 C:\Windows\System32\AERTSrv.exe
    2084 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2124 C:\Program Files\Bonjour\mDNSResponder.exe
    2136 C:\Windows\System32\svchost.exe
    2188 C:\Windows\System32\drivers\o2flash.exe
    2228 C:\Windows\System32\svchost.exe
    2316 C:\Windows\System32\svchost.exe
    2368 C:\Windows\System32\svchost.exe
    2388 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2708 C:\Windows\System32\SearchIndexer.exe
    2756 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2868 C:\Windows\System32\dwm.exe
    2904 C:\Windows\explorer.exe
    2912 C:\Windows\System32\taskeng.exe
    3104 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    3152 C:\Windows\System32\taskeng.exe
    3812 C:\Windows\RtHDVCpl.exe
    3868 C:\Windows\System32\WLTRAY.EXE
    3888 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3960 C:\Windows\OEM13Mon.exe
    3980 C:\Windows\System32\rundll32.exe
    4024 C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    4044 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4052 C:\Program Files\Microsoft Security Client\msseces.exe
    4088 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    2108 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2404 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1620 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    1492 C:\Program Files\Internet Explorer\iexplore.exe
    3304 C:\Program Files\Internet Explorer\iexplore.exe
    2064 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    4180 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4236 C:\Program Files\Internet Explorer\iexplore.exe
    4640 C:\Windows\System32\svchost.exe
    5056 C:\Program Files\Common Files\Teleca Shared\Generic.exe
    5188 C:\Program Files\Common Files\Teleca Shared\logger.exe
    5220 C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    5432 C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    5484 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    5940 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
    4568 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    4808 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    5092 WmiPrvSE.exe
    5892 C:\Windows\System32\SearchProtocolHost.exe
    5904 C:\Windows\System32\SearchFilterHost.exe
    5356 C:\Windows\System32\SearchProtocolHost.exe
    4468 C:\Users\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS)

    PhysicalDrive0 Model Number: ST9320320AS, Rev: DE06

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Good for that. But let's run this also:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result. Please paste log in next reply.
    • A reboot is required after disinfection.
     
  8. medni

    medni TS Rookie Topic Starter Posts: 24

    2011/04/28 21:42:57.0881 1744 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/28 21:42:58.0232 1744 ================================================================================
    2011/04/28 21:42:58.0233 1744 SystemInfo:
    2011/04/28 21:42:58.0233 1744
    2011/04/28 21:42:58.0233 1744 OS Version: 6.0.6002 ServicePack: 2.0
    2011/04/28 21:42:58.0233 1744 Product type: Workstation
    2011/04/28 21:42:58.0233 1744 ComputerName: ABU
    2011/04/28 21:42:58.0234 1744 UserName: Administrator
    2011/04/28 21:42:58.0234 1744 Windows directory: C:\Windows
    2011/04/28 21:42:58.0234 1744 System windows directory: C:\Windows
    2011/04/28 21:42:58.0234 1744 Processor architecture: Intel x86
    2011/04/28 21:42:58.0234 1744 Number of processors: 2
    2011/04/28 21:42:58.0234 1744 Page size: 0x1000
    2011/04/28 21:42:58.0234 1744 Boot type: Normal boot
    2011/04/28 21:42:58.0234 1744 ================================================================================
    2011/04/28 21:43:00.0782 1744 Initialize success
    2011/04/28 21:43:15.0643 5036 ================================================================================
    2011/04/28 21:43:15.0643 5036 Scan started
    2011/04/28 21:43:15.0643 5036 Mode: Manual;
    2011/04/28 21:43:15.0643 5036 ================================================================================
    2011/04/28 21:43:17.0225 5036 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/04/28 21:43:17.0331 5036 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    2011/04/28 21:43:17.0415 5036 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    2011/04/28 21:43:17.0530 5036 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    2011/04/28 21:43:17.0579 5036 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    2011/04/28 21:43:17.0796 5036 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/04/28 21:43:17.0902 5036 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    2011/04/28 21:43:17.0995 5036 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/04/28 21:43:18.0085 5036 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    2011/04/28 21:43:18.0155 5036 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    2011/04/28 21:43:18.0209 5036 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    2011/04/28 21:43:18.0276 5036 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    2011/04/28 21:43:18.0330 5036 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    2011/04/28 21:43:18.0752 5036 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    2011/04/28 21:43:18.0924 5036 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    2011/04/28 21:43:19.0001 5036 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/28 21:43:19.0066 5036 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/04/28 21:43:19.0168 5036 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/04/28 21:43:19.0274 5036 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/04/28 21:43:19.0432 5036 BCM42RLY (31a7cf8b26035fcf58bd1dbf36b1e69a) C:\Windows\system32\drivers\BCM42RLY.sys
    2011/04/28 21:43:19.0573 5036 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
    2011/04/28 21:43:19.0968 5036 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/04/28 21:43:20.0193 5036 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    2011/04/28 21:43:20.0647 5036 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/28 21:43:20.0760 5036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/04/28 21:43:20.0812 5036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/04/28 21:43:20.0890 5036 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/04/28 21:43:20.0956 5036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/04/28 21:43:21.0018 5036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/04/28 21:43:21.0059 5036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/04/28 21:43:21.0238 5036 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/04/28 21:43:21.0323 5036 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/04/28 21:43:21.0404 5036 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/04/28 21:43:21.0471 5036 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
    2011/04/28 21:43:21.0597 5036 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/04/28 21:43:22.0085 5036 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/28 21:43:22.0196 5036 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/28 21:43:22.0277 5036 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    2011/04/28 21:43:22.0344 5036 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/04/28 21:43:22.0474 5036 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/28 21:43:22.0646 5036 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    2011/04/28 21:43:22.0720 5036 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/28 21:43:22.0780 5036 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    2011/04/28 21:43:22.0847 5036 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    2011/04/28 21:43:23.0038 5036 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
    2011/04/28 21:43:23.0247 5036 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/28 21:43:23.0392 5036 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/04/28 21:43:23.0458 5036 DLABMFSM (a0500678a33802d8954153839301d539) C:\Windows\system32\Drivers\DLABMFSM.SYS
    2011/04/28 21:43:23.0531 5036 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\Windows\system32\Drivers\DLABOIOM.SYS
    2011/04/28 21:43:23.0703 5036 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\Windows\system32\Drivers\DLACDBHM.SYS
    2011/04/28 21:43:23.0761 5036 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\Windows\system32\Drivers\DLADResM.SYS
    2011/04/28 21:43:23.0855 5036 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\Windows\system32\Drivers\DLAIFS_M.SYS
    2011/04/28 21:43:23.0912 5036 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\Windows\system32\Drivers\DLAOPIOM.SYS
    2011/04/28 21:43:23.0963 5036 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\Windows\system32\Drivers\DLAPoolM.SYS
    2011/04/28 21:43:24.0016 5036 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\Windows\system32\Drivers\DLARTL_M.SYS
    2011/04/28 21:43:24.0067 5036 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\Windows\system32\Drivers\DLAUDFAM.SYS
    2011/04/28 21:43:24.0112 5036 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\Windows\system32\Drivers\DLAUDF_M.SYS
    2011/04/28 21:43:24.0285 5036 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/28 21:43:24.0349 5036 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\Windows\system32\Drivers\DRVMCDB.SYS
    2011/04/28 21:43:24.0391 5036 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\Windows\system32\Drivers\DRVNDDM.SYS
    2011/04/28 21:43:24.0481 5036 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/28 21:43:24.0794 5036 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/04/28 21:43:25.0064 5036 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/04/28 21:43:25.0181 5036 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    2011/04/28 21:43:25.0469 5036 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    2011/04/28 21:43:25.0693 5036 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/04/28 21:43:25.0795 5036 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/04/28 21:43:25.0924 5036 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/28 21:43:25.0996 5036 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/28 21:43:26.0056 5036 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/04/28 21:43:26.0163 5036 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/28 21:43:26.0244 5036 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/28 21:43:26.0367 5036 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/28 21:43:26.0412 5036 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/04/28 21:43:26.0488 5036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/04/28 21:43:26.0814 5036 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/28 21:43:27.0068 5036 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/04/28 21:43:27.0266 5036 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/04/28 21:43:27.0346 5036 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/04/28 21:43:27.0417 5036 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    2011/04/28 21:43:27.0477 5036 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    2011/04/28 21:43:27.0576 5036 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    2011/04/28 21:43:27.0662 5036 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/04/28 21:43:27.0818 5036 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    2011/04/28 21:43:27.0891 5036 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/04/28 21:43:27.0969 5036 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    2011/04/28 21:43:28.0138 5036 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/04/28 21:43:28.0313 5036 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/04/28 21:43:28.0610 5036 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    2011/04/28 21:43:28.0771 5036 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/28 21:43:28.0865 5036 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/28 21:43:28.0969 5036 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    2011/04/28 21:43:29.0032 5036 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/04/28 21:43:29.0105 5036 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/04/28 21:43:29.0194 5036 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    2011/04/28 21:43:29.0272 5036 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/04/28 21:43:29.0308 5036 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/04/28 21:43:29.0368 5036 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/04/28 21:43:29.0431 5036 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/28 21:43:29.0687 5036 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    2011/04/28 21:43:29.0871 5036 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/28 21:43:30.0130 5036 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/28 21:43:30.0223 5036 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    2011/04/28 21:43:30.0300 5036 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    2011/04/28 21:43:30.0358 5036 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/04/28 21:43:30.0420 5036 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/04/28 21:43:30.0472 5036 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    2011/04/28 21:43:30.0548 5036 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    2011/04/28 21:43:30.0633 5036 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/04/28 21:43:30.0723 5036 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/28 21:43:30.0780 5036 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/28 21:43:30.0848 5036 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
    2011/04/28 21:43:30.0909 5036 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/28 21:43:31.0020 5036 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/04/28 21:43:31.0083 5036 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    2011/04/28 21:43:31.0880 5036 MpKsl347c2339 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A0E20E9-3EE7-4793-8432-F8004A13169C}\MpKsl347c2339.sys
    2011/04/28 21:43:32.0831 5036 MpKsl8b55d171 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A0E20E9-3EE7-4793-8432-F8004A13169C}\MpKsl8b55d171.sys
    2011/04/28 21:43:33.0648 5036 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/04/28 21:43:33.0746 5036 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/28 21:43:33.0893 5036 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/04/28 21:43:34.0000 5036 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/28 21:43:34.0094 5036 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/28 21:43:34.0139 5036 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/28 21:43:34.0229 5036 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/28 21:43:34.0333 5036 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    2011/04/28 21:43:34.0406 5036 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    2011/04/28 21:43:34.0523 5036 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/04/28 21:43:34.0585 5036 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/28 21:43:34.0676 5036 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/28 21:43:34.0872 5036 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/28 21:43:34.0931 5036 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/28 21:43:34.0995 5036 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/28 21:43:35.0088 5036 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/04/28 21:43:35.0169 5036 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/28 21:43:35.0239 5036 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/04/28 21:43:35.0365 5036 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/28 21:43:35.0474 5036 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/04/28 21:43:35.0597 5036 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/28 21:43:35.0765 5036 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/28 21:43:35.0844 5036 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/28 21:43:35.0903 5036 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/28 21:43:35.0967 5036 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/28 21:43:36.0044 5036 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/28 21:43:36.0168 5036 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/04/28 21:43:36.0351 5036 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/04/28 21:43:36.0443 5036 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/04/28 21:43:36.0561 5036 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/28 21:43:36.0735 5036 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/28 21:43:36.0939 5036 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/04/28 21:43:37.0223 5036 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/04/28 21:43:37.0689 5036 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/04/28 21:43:38.0309 5036 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    2011/04/28 21:43:38.0378 5036 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    2011/04/28 21:43:38.0449 5036 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    2011/04/28 21:43:38.0642 5036 O2MDRDR (305e0ec480ebc7a24d4b691da76e008c) C:\Windows\system32\DRIVERS\o2media.sys
    2011/04/28 21:43:38.0701 5036 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys
    2011/04/28 21:43:38.0813 5036 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM13Vfx.sys
    2011/04/28 21:43:38.0942 5036 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\Windows\system32\DRIVERS\OEM13Vid.sys
    2011/04/28 21:43:39.0080 5036 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/04/28 21:43:39.0314 5036 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/04/28 21:43:39.0413 5036 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/04/28 21:43:39.0468 5036 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/04/28 21:43:39.0573 5036 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/04/28 21:43:39.0653 5036 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    2011/04/28 21:43:39.0743 5036 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/04/28 21:43:39.0856 5036 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/04/28 21:43:40.0182 5036 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/28 21:43:40.0249 5036 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    2011/04/28 21:43:40.0365 5036 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/28 21:43:40.0492 5036 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/04/28 21:43:40.0704 5036 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    2011/04/28 21:43:40.0914 5036 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/04/28 21:43:41.0016 5036 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/28 21:43:41.0101 5036 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/28 21:43:41.0198 5036 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/28 21:43:41.0294 5036 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/28 21:43:41.0384 5036 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/28 21:43:41.0496 5036 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/28 21:43:41.0639 5036 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/28 21:43:41.0851 5036 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
    2011/04/28 21:43:41.0930 5036 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/28 21:43:42.0053 5036 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/28 21:43:42.0312 5036 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/04/28 21:43:42.0563 5036 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    2011/04/28 21:43:42.0880 5036 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    2011/04/28 21:43:42.0969 5036 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/28 21:43:43.0137 5036 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    2011/04/28 21:43:43.0256 5036 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/28 21:43:43.0363 5036 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/04/28 21:43:43.0444 5036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/04/28 21:43:43.0543 5036 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/04/28 21:43:43.0655 5036 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/04/28 21:43:43.0835 5036 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/04/28 21:43:43.0951 5036 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    2011/04/28 21:43:44.0026 5036 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/28 21:43:44.0079 5036 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    2011/04/28 21:43:44.0139 5036 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/04/28 21:43:44.0228 5036 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    2011/04/28 21:43:44.0278 5036 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    2011/04/28 21:43:44.0349 5036 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    2011/04/28 21:43:44.0453 5036 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/28 21:43:44.0553 5036 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/04/28 21:43:44.0652 5036 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/28 21:43:44.0718 5036 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/28 21:43:44.0784 5036 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/28 21:43:44.0937 5036 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/04/28 21:43:45.0030 5036 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/04/28 21:43:45.0119 5036 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/04/28 21:43:45.0176 5036 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/04/28 21:43:45.0225 5036 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/04/28 21:43:45.0340 5036 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/04/28 21:43:45.0523 5036 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
    2011/04/28 21:43:45.0660 5036 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/28 21:43:45.0758 5036 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/28 21:43:45.0853 5036 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/28 21:43:45.0934 5036 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/28 21:43:46.0024 5036 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/28 21:43:46.0116 5036 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/04/28 21:43:46.0266 5036 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/28 21:43:46.0323 5036 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    2011/04/28 21:43:46.0387 5036 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/28 21:43:46.0450 5036 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    2011/04/28 21:43:46.0531 5036 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/28 21:43:46.0622 5036 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/28 21:43:46.0689 5036 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    2011/04/28 21:43:46.0765 5036 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/04/28 21:43:46.0893 5036 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/04/28 21:43:46.0958 5036 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/04/28 21:43:47.0288 5036 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
    2011/04/28 21:43:47.0370 5036 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/28 21:43:47.0455 5036 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/04/28 21:43:47.0543 5036 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/28 21:43:47.0605 5036 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/04/28 21:43:47.0696 5036 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/04/28 21:43:47.0748 5036 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    2011/04/28 21:43:47.0829 5036 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/28 21:43:47.0900 5036 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/28 21:43:48.0084 5036 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/04/28 21:43:48.0191 5036 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/28 21:43:48.0245 5036 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/04/28 21:43:48.0402 5036 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    2011/04/28 21:43:48.0483 5036 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    2011/04/28 21:43:48.0642 5036 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/04/28 21:43:48.0731 5036 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/04/28 21:43:48.0880 5036 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/28 21:43:48.0969 5036 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/04/28 21:43:49.0053 5036 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    2011/04/28 21:43:49.0152 5036 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/04/28 21:43:49.0210 5036 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/28 21:43:49.0248 5036 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/28 21:43:49.0368 5036 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    2011/04/28 21:43:49.0485 5036 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/28 21:43:49.0876 5036 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/04/28 21:43:50.0004 5036 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/04/28 21:43:50.0106 5036 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/28 21:43:50.0307 5036 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/28 21:43:50.0401 5036 ZTEusbmdm6k (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
    2011/04/28 21:43:50.0466 5036 ZTEusbnet (453a60f8dc22fc296bc482cbf3eff213) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
    2011/04/28 21:43:50.0544 5036 ZTEusbnmea (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
    2011/04/28 21:43:50.0778 5036 ZTEusbser6k (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
    2011/04/28 21:43:50.0872 5036 ZTEusbvoice (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
    2011/04/28 21:43:50.0991 5036 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/04/28 21:43:51.0042 5036 ================================================================================
    2011/04/28 21:43:51.0042 5036 Scan finished
    2011/04/28 21:43:51.0042 5036 ================================================================================
    2011/04/28 21:43:51.0072 3880 Detected object count: 1
    2011/04/28 21:44:07.0672 3880 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/28 21:44:07.0672 3880 \HardDisk0 - ok
    2011/04/28 21:44:07.0675 3880 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/28 21:44:13.0138 2876 Deinitialize success

    still getting messages such as bonjour not starting up at start up ,also extremely slow internet explorer and searches still being directed to ebay scour etc
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I wasn't expecting those programs to solve all the problems. In this forum, we take one step at time:
    ==============================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Please Uncheck "Remove found threats" (I will remove them, if any, in a programs that will also remove related files)
    7. Check "Scan unwanted applications"
    8. Click Scan
    9. Wait for the scan to finish
    10. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    11. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    12. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ===========================================
    Please note: If you have Combofix on the desktop already, please uninstall it. If not, just go to the Combofix download:
    Uninstall ComboFix:
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ======================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  10. medni

    medni TS Rookie Topic Starter Posts: 24

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=682fb83aff219146a231349a29ade0ac
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-04-30 02:35:47
    # local_time=2011-04-30 03:35:47 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=9
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=1797 16775165 100 94 174519 40705182 170869 0
    # compatibility_mode=5892 16776574 100 95 19847607 141701335 0 0
    # compatibility_mode=8192 67108863 100 0 384296 384296 0 0
    # scanned=117042
    # found=0
    # cleaned=0
    # scan_time=5514
     
  11. medni

    medni TS Rookie Topic Starter Posts: 24

    ComboFix 11-04-30.02 - Administrator 30/04/2011 23:01:35.3.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3070.1523 [GMT 1:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    .
    c:\windows\system32\userinit.exe . . . is infected!!
    .
    .
    \\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-30 22:12 . 2011-04-30 22:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-04-30 22:12 . 2011-04-30 22:12 -------- d-----w- c:\users\shahbaz\AppData\Local\temp
    2011-04-30 22:12 . 2011-04-30 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-30 12:59 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC0FD859-51D2-4A2E-AF7E-E83D68F471A0}\mpengine.dll
    2011-04-30 12:44 . 2011-04-30 21:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
    2011-04-28 21:10 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-28 21:09 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-28 21:09 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-28 21:09 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-28 21:09 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-04-28 21:09 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-27 14:12 . 2011-04-27 14:12 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
    2011-04-27 13:02 . 2011-04-27 13:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Template
    2011-04-27 01:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-27 01:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-26 23:31 . 2011-04-26 23:32 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
    2011-04-26 23:00 . 2011-04-26 23:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\Avira
    2011-04-26 22:47 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-04-26 22:47 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-26 22:47 . 2011-04-26 22:47 -------- d-----w- c:\programdata\Avira
    2011-04-26 22:47 . 2011-04-26 22:47 -------- d-----w- c:\program files\Avira
    2011-04-26 02:18 . 2011-04-26 02:18 -------- d-----w- c:\program files\ESET
    2011-04-22 01:12 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-04-20 22:46 . 2011-04-20 22:46 -------- d-----w- c:\users\shahbaz\AppData\Local\DDMSettings
    2011-04-20 22:42 . 2011-04-20 22:42 -------- d-----w- c:\program files\Common Files\DivX Shared
    2011-04-20 01:46 . 2011-04-20 01:46 -------- d-----w- c:\users\shahbaz\AppData\Local\Mozilla
    2011-04-19 00:18 . 2011-04-19 00:26 -------- d-----w- c:\users\shahbaz\AppData\Local\ElevatedDiagnostics
    2011-04-19 00:16 . 2011-04-19 00:16 -------- d-----w- c:\program files\Microsoft ATS
    2011-04-19 00:01 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-04-19 00:01 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-04-19 00:01 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-04-18 03:25 . 2011-04-18 03:25 -------- d-----w- C:\ab26ce1d3b121af7df7fc04e
    2011-04-18 03:22 . 2011-01-20 14:14 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-04-18 03:22 . 2011-01-20 16:06 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-04-18 03:22 . 2011-01-20 14:14 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-04-18 03:22 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-04-18 03:22 . 2011-01-20 14:24 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-04-18 03:22 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-04-18 03:22 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-04-18 02:31 . 2011-04-18 02:45 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sammsoft
    2011-04-18 02:19 . 2011-04-18 02:23 -------- d-----w- c:\windows\$regcmp$
    2011-04-18 02:11 . 2011-04-18 02:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\SmartPCTools
    2011-04-14 15:46 . 2010-11-30 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88999D78-2F69-4109-9574-2F1CBC1E0D68}\gapaengine.dll
    2011-04-14 15:40 . 2011-04-14 15:40 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-14 15:36 . 2011-04-14 15:36 -------- d-----w- c:\program files\Common Files\Java
    2011-04-13 00:24 . 2011-04-13 00:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2011-04-12 22:58 . 2011-04-12 22:58 -------- d-----w- c:\users\shahbaz\AppData\Roaming\Malwarebytes
    2011-04-12 22:58 . 2011-04-12 22:58 -------- d-----w- c:\programdata\Malwarebytes
    2011-04-12 22:58 . 2011-04-27 01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-12 16:23 . 2011-04-14 23:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
    2011-04-03 19:31 . 2011-04-03 19:31 -------- d-----w- c:\windows\Sun
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-13 09:29 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-03 15:40 . 2011-04-28 21:09 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-28 21:10 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-28 21:09 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-28 21:10 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-02 20:40 . 2010-12-11 10:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 17:11 . 2010-07-31 18:40 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-03-18 17:57 . 2011-04-20 01:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-11 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-02-04 4907008]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-20 3563520]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-21 274608]
    "OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-01 21:45 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2009-03-20 06:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    R1 MpKsl059d5ba4;MpKsl059d5ba4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76296B95-034E-4BAE-A588-0DE38E2F6B16}\MpKsl059d5ba4.sys [x]
    R1 MpKsl0e35e201;MpKsl0e35e201;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A85744DD-B436-4AB7-8489-4D1A3B7688D7}\MpKsl0e35e201.sys [x]
    R1 MpKsl15edd4fa;MpKsl15edd4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA842E7F-5CD8-499D-B1BB-F651C57B27C7}\MpKsl15edd4fa.sys [x]
    R1 MpKsl1f027bd5;MpKsl1f027bd5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl1f027bd5.sys [x]
    R1 MpKsl22aec72c;MpKsl22aec72c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EC21DDF-7B61-4B01-A09A-E26A6FF3C704}\MpKsl22aec72c.sys [x]
    R1 MpKsl23a942af;MpKsl23a942af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E3C33-B3FD-4172-B144-F862A50482C4}\MpKsl23a942af.sys [x]
    R1 MpKsl29d4e984;MpKsl29d4e984;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl29d4e984.sys [x]
    R1 MpKsl2a36455e;MpKsl2a36455e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E3C33-B3FD-4172-B144-F862A50482C4}\MpKsl2a36455e.sys [x]
    R1 MpKsl34671c43;MpKsl34671c43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EAF9E39-A26E-4194-BB06-875C25C84E36}\MpKsl34671c43.sys [x]
    R1 MpKsl3a1516e5;MpKsl3a1516e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl3a1516e5.sys [x]
    R1 MpKsl4453f55b;MpKsl4453f55b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl4453f55b.sys [x]
    R1 MpKsl44854048;MpKsl44854048;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10315178-3E52-4EA6-9F81-502D87DA1D0C}\MpKsl44854048.sys [x]
    R1 MpKsl46ed0474;MpKsl46ed0474;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8428D-5B32-4D0C-A5E0-AD52CD52045E}\MpKsl46ed0474.sys [x]
    R1 MpKsl4d2e1481;MpKsl4d2e1481;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DE79C12-1E64-4677-95E0-0460E8116E5B}\MpKsl4d2e1481.sys [x]
    R1 MpKsl616f29e3;MpKsl616f29e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27231138-BED7-4FE5-A0F1-0BFAEF9B3D56}\MpKsl616f29e3.sys [x]
    R1 MpKsl65298408;MpKsl65298408;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl65298408.sys [x]
    R1 MpKsl665c5764;MpKsl665c5764;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3218C03F-DC73-40E4-BA08-42B2034453B5}\MpKsl665c5764.sys [x]
    R1 MpKsl6b835e7f;MpKsl6b835e7f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKsl6b835e7f.sys [x]
    R1 MpKsl6cdd9eac;MpKsl6cdd9eac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF7D0B90-47E9-4D1C-842E-94449A68701C}\MpKsl6cdd9eac.sys [x]
    R1 MpKsl7249b573;MpKsl7249b573;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65337EDC-4DA4-4855-BCF4-B93189FA9039}\MpKsl7249b573.sys [x]
    R1 MpKsl76d86933;MpKsl76d86933;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2ED53EF-BD8B-4552-87CF-5807AF008D62}\MpKsl76d86933.sys [x]
    R1 MpKsl79002210;MpKsl79002210;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8428D-5B32-4D0C-A5E0-AD52CD52045E}\MpKsl79002210.sys [x]
    R1 MpKsl8a07f1d3;MpKsl8a07f1d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390D937C-AA4C-4EF7-ADA3-EE04546D1F9E}\MpKsl8a07f1d3.sys [x]
    R1 MpKsl9078bbe0;MpKsl9078bbe0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C85C945-F51D-4568-98DB-BB67477F4506}\MpKsl9078bbe0.sys [x]
    R1 MpKsl9890e981;MpKsl9890e981;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl9890e981.sys [x]
    R1 MpKsl9efac3e3;MpKsl9efac3e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKsl9efac3e3.sys [x]
    R1 MpKsla120204d;MpKsla120204d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF7D0B90-47E9-4D1C-842E-94449A68701C}\MpKsla120204d.sys [x]
    R1 MpKsla19e334d;MpKsla19e334d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{349A63F7-8208-4980-BD37-4D83F8649B29}\MpKsla19e334d.sys [x]
    R1 MpKsla4df3f62;MpKsla4df3f62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1912C3F-972A-4137-A817-8B464CDA0F7C}\MpKsla4df3f62.sys [x]
    R1 MpKslaa083dd1;MpKslaa083dd1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKslaa083dd1.sys [x]
    R1 MpKslbf9e0f08;MpKslbf9e0f08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKslbf9e0f08.sys [x]
    R1 MpKsldcb01bf3;MpKsldcb01bf3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E1A6555-A1F4-4FD3-9DFC-052D36C7C23B}\MpKsldcb01bf3.sys [x]
    R1 MpKslf3776eca;MpKslf3776eca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AA07AC5-7517-4FF9-BE8D-DB62C1CCAC79}\MpKslf3776eca.sys [x]
    R1 MpKslfd10cd6c;MpKslfd10cd6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DE79C12-1E64-4677-95E0-0460E8116E5B}\MpKslfd10cd6c.sys [x]
    R1 MpKslfea62f1e;MpKslfea62f1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2ED53EF-BD8B-4552-87CF-5807AF008D62}\MpKslfea62f1e.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 136176]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-03-25 114688]
    R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 105856]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-04 77824]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
    S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
    S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-30 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-07-31 10:14]
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 13:12]
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 13:12]
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345154763-3622116426-816371545-1000Core.job
    - c:\users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 16:44]
    .
    2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345154763-3622116426-816371545-1000UA.job
    - c:\users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 16:44]
    .
    2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3345154763-3622116426-816371545-1000.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bbc.co.uk/
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\igk5pcsv.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-30 23:20
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,3d,1b,b6,e9,9c,d5,40,93,f9,48,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,3d,1b,b6,e9,9c,d5,40,93,f9,48,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2792)
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Synaptics\SynTP\SynToshiba.exe
    c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
    c:\program files\Common Files\Teleca Shared\logger.exe
    c:\program files\Common Files\Teleca Shared\Generic.exe
    c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
    c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-30 23:27:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-30 22:27
    .
    Pre-Run: 232,206,077,952 bytes free
    Post-Run: 232,242,683,904 bytes free
    .
    - - End Of File - - 719B9C83E1618DD303E54506A0AF99F4
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There is another log from DDS- it's named Attach.txt Please find that in your system and paste it in your next reply. There are some app data that go to variable processes. Without that log, I can't refer to what you have installed.
    ====================================================
    You are running 2 antivirus programs. You should only have 1. Multiple AV make the system more vulnerable, no less. Please uninstall one of them. Here are some tools that will help: For Vista:
    For Microsoft Security Essentials
    1. Click[​IMG]
    2. In the Search programs and files text box, type Appwiz.cpl, and then press ENTER.
    3. Right-click Microsoft Security Essentials> click Uninstall.
    4. Restart the computer.
    For Avira
    1. Click[​IMG]
    2. Uninstall a program
    3. Wait for the list of installed programs to load, then click the name of the Avira program.
    4. Click Remove in the menu above the list (Windows Vista / 7).
    5. Press Yes, to confirm the removal and then OK.
    6. Click Next until Finish. The software is removed.
    =============================================
    It looks like you tried downloading programs to try and fix the system, but most are questionable Registry cleaners found on questionable sites.. Please don't update or use whatever you got from Sammsoft or SmartPCTools on 4/18/2011.
     
  13. medni

    medni TS Rookie Topic Starter Posts: 24

    hi ive uninstalled avira i cant find any other dds file
     
  14. medni

    medni TS Rookie Topic Starter Posts: 24

    would you like me to run the dds again
     
  15. medni

    medni TS Rookie Topic Starter Posts: 24

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Administrator at 1:12:09.44 on 01/05/2011
    Internet Explorer: 8.0.6001.19048
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3070.1992 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\AERTSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\DRIVERS\o2flash.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\OEM13Mon.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Teleca Shared\logger.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Administrator\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bbc.co.uk/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\igk5pcsv.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsld95a66b3;MpKsld95a66b3;c:\programdata\microsoft\microsoft antimalware\definition updates\{cd96ac2c-de4a-45b2-bff6-31f847e59be2}\MpKsld95a66b3.sys [2011-5-1 28752]
    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2010-7-31 77824]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-29 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 235840]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-8-28 114688]
    S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-8-28 105856]
    .
    =============== Created Last 30 ================
    .
    2011-04-30 23:58:26 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{cd96ac2c-de4a-45b2-bff6-31f847e59be2}\MpKsld95a66b3.sys
    2011-04-30 22:29:31 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{cd96ac2c-de4a-45b2-bff6-31f847e59be2}\mpengine.dll
    2011-04-30 22:17:34 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-04-28 21:10:58 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-28 21:09:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-28 21:09:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-28 21:09:45 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-28 21:09:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-04-28 21:09:34 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-27 14:12:51 -------- d-----w- c:\users\admini~1\appdata\local\Mozilla
    2011-04-27 01:41:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-27 01:41:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-26 23:31:46 -------- d-----w- c:\users\admini~1\appdata\local\Adobe
    2011-04-26 02:18:57 -------- d-----w- c:\program files\ESET
    2011-04-25 23:15:14 98816 ----a-w- c:\windows\sed.exe
    2011-04-25 23:15:14 89088 ----a-w- c:\windows\MBR.exe
    2011-04-25 23:15:14 256512 ----a-w- c:\windows\PEV.exe
    2011-04-25 23:15:14 161792 ----a-w- c:\windows\SWREG.exe
    2011-04-22 01:12:44 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-04-20 22:42:24 -------- d-----w- c:\program files\common files\DivX Shared
    2011-04-19 00:16:34 -------- d-----w- c:\program files\Microsoft ATS
    2011-04-19 00:01:33 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-04-19 00:01:32 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-04-19 00:01:31 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-04-18 03:25:35 -------- d-----w- C:\ab26ce1d3b121af7df7fc04e
    2011-04-18 03:22:59 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-04-18 03:22:58 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-04-18 03:22:58 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-04-18 03:22:57 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-04-18 03:22:57 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-04-18 03:22:56 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-04-18 03:22:56 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-04-18 02:31:53 -------- d-----w- c:\users\admini~1\appdata\roaming\Sammsoft
    2011-04-18 02:19:01 -------- d-----w- c:\windows\$regcmp$
    2011-04-18 02:11:05 -------- d-----w- c:\users\admini~1\appdata\roaming\SmartPCTools
    2011-04-14 15:46:47 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{88999d78-2f69-4109-9574-2f1cbc1e0d68}\gapaengine.dll
    2011-04-14 15:40:32 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-13 00:24:33 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
    2011-04-12 22:58:51 -------- d-----w- c:\progra~2\Malwarebytes
    2011-04-12 22:58:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
    2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 1:13:04.67 ===============
     
  16. medni

    medni TS Rookie Topic Starter Posts: 24

    it did not give me attach last time but this time it has..
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume2
    Install Date: 31/07/2010 18:09:47
    System Uptime: 01/05/2011 00:57:19 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0G914C
    Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 800/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 216.383 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3.3
    Adobe Reader Extended Language Support Font Pack
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Auslogics Disk Defrag
    AviSynth 2.5
    BitTorrent
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    D3DX10
    Dell Resource CD
    Dell Wireless WLAN Card Utility
    DivX Setup
    ESET Online Scanner v3
    ffdshow [rev 2583] [2009-01-05]
    Glary Utilities 2.26.0.956
    Google Toolbar for Internet Explorer
    Google Update Helper
    Haali Media Splitter
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HTC Driver Installer
    HTC Sync
    Initio USB Default Controller Driver 32-bit
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Laptop Integrated Webcam Driver (1.01.01.0529)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox 4.0 (x86 en-GB)
    NVIDIA Drivers
    O2Micro Flash Memory Card Reader Driver (x86)
    OGA Notifier 2.0.0048.0
    Photo Story 3 for Windows
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Segoe UI
    Skype Toolbars
    Skype™ 5.1
    Sonic CinePlayer Decoder Pack
    Sothink Movie DVD Maker
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    UrduPlugin
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.2
    WD Software Upgrader
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    .
    ==== End Of File ===========================
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There is a file on the system that needs to be further identified:

    Please go to VirSCAN.org FREE on-line scan service:
    If busy, you can use one of the following: ( you only need one)
    VirusTotal
    Jotti

    • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

      Code:
        [b]c:\windows\system32\userinit.exe
      
          c:\windows\explorer.exe
      
          c:\window\system32\svchost.exe[/b]
      
      
      [2]. At the upload site, click once inside the window next to Browse.
      [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
      [4]. Click on the Upload button.
      This will perform a scan across multiple different virus scanning engines.
      Your file will possibly be entered into a queue which normally takes less than a minute to clear.
      Important: Wait for all of the scanning engines to complete- if there is a notice that there is a later version, please click to get that.
      [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
      [6]. Paste the contents of the Clipboard in your next reply.
    ==================================
    About this program: Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan:
    Uninstall ComboFix: (if needed)
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ----------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  18. medni

    medni TS Rookie Topic Starter Posts: 24

    hi two things to report
    1. although i have combofix on my desktop i keep getting the message windows cannot find combofix
    2. the copy and paste function in the browse box is not working it will not even allow me to type it in
     
  19. medni

    medni TS Rookie Topic Starter Posts: 24

    i can do them individually...
    VirSCAN.org Scanned Report :
    Scanned time : 2011/03/27 16:39:30 (BST)
    Scanner results: Scanners did not find malware!
    File Name : userinit.exe
    File Size : 25088 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 0e135526e9785d085bcd9aede6fbcbf9
    SHA1 : d15244d41efddbab08d53fe032aedff39091d3af
    Online report : http://virscan.org/report/f8b01790746ae6ccfdbf508cbad8baab.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110327010737 2011-03-27 15.50 -
    AhnLab V3 2011.03.27.01 2011.03.27 2011-03-27 1.76 -
    AntiVir 8.2.4.192 7.11.5.80 2011-03-27 0.27 -
    Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
    Arcavir 2010 201103240801 2011-03-24 0.00 -
    Authentium 5.1.1 201103271446 2011-03-27 1.57 -
    AVAST! 4.7.4 110327-0 2011-03-27 0.01 -
    AVG 8.5.850 271.1.1/3516 2011-03-19 0.24 -
    BitDefender 7.90123.7001104 7.36817 2011-03-27 6.48 -
    ClamAV 0.96.5 12911 2011-03-26 0.01 -
    Comodo 4.0 8126 2011-03-27 1.30 -
    CP Secure 1.3.0.5 2011.03.27 2011-03-27 0.04 -
    Dr.Web 5.0.2.3300 2011.03.27 2011-03-27 11.30 -
    F-Prot 4.4.4.56 20110326 2011-03-26 1.56 -
    F-Secure 7.02.73807 2011.03.27.01 2011-03-27 0.07 -
    Fortinet 4.2.254 13.48 2011-03-26 0.33 -
    GData 21.2141/21.773 20110327 2011-03-27 10.93 -
    ViRobot 20110326 2011.03.26 2011-03-26 0.94 -
    Ikarus T3.1.32.20.0 2011.03.27.78032 2011-03-27 4.88 -
    JiangMin 13.0.900 2011.03.27 2011-03-27 2.16 -
    Kaspersky 5.5.10 2011.03.27 2011-03-27 0.10 -
    KingSoft 2009.2.5.15 2011.3.27.9 2011-03-27 1.09 -
    McAfee 5400.1158 6297 2011-03-26 9.12 -
    Microsoft 1.6702 2011.03.27 2011-03-27 35.72 -
    NOD32 3.0.21 5988 2011-03-26 0.32 -
    Norman 6.07.03 6.07.00 2011-03-26 16.07 -
    Panda 9.05.01 2011.03.27 2011-03-27 2.09 -
    Trend Micro 9.200-1012 7.930.07 2011-03-27 0.04 -
    Quick Heal 11.00 2011.03.26 2011-03-26 0.96 -
    Rising 20.0 23.50.05.05 2011-03-26 2.52 -
    Sophos 3.16.1 4.62 2011-03-27 3.06 -
    Sunbelt 3.9.2486.2 8831 2011-03-26 0.77 -
    Symantec 1.3.0.24 20110326.002 2011-03-26 0.06 -
    nProtect 20110326.01 3275801 2011-03-26 15.61 -
    The Hacker 6.7.0.1 v00159 2011-03-26 1.26 -
    VBA32 3.12.14.3 20110325.1219 2011-03-25 3.68 -
    VirusBuster 5.2.0.28 13.6.272.0/48565992011-03-27 0.00 -
     
  20. medni

    medni TS Rookie Topic Starter Posts: 24

    File Name : explorer.exe
    File Size : 2926592 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : d07d4c3038f3578ffce1c0237f2a1253
    SHA1 : 4b3bd605b63749ff255e048ca6f27aff95aec24a
    Scanner results
    Scanner results : Scanners did not find malware!
    Time : 2011/04/20 07:31:20 (BST)
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    a-squared 5.1.0.2 20110420015251 2011-04-20 - 5.213
    AhnLab V3 2011.04.20.00 2011.04.20 2011-04-20 - 1.972
    AntiVir 8.2.4.208 7.11.6.207 2011-04-20 - 0.286
    Antiy 2.0.18 20110205.7694535 2011-02-05 - 0.122
    Arcavir 2011 201103241627 2011-03-24 - 0.057
    Authentium 5.1.1 201104192156 2011-04-19 - 1.497
    AVAST! 4.7.4 110419-1 2011-04-19 - 0.139
    AVG 8.5.850 271.1.1/3584 2011-04-20 - 0.247
    BitDefender 7.90123.7136443 7.37167 2011-04-20 - 6.550
    ClamAV 0.96.5 12998 2011-04-20 - 0.381
    Comodo 4.0 8407 2011-04-20 - 1.151
    CP Secure 1.3.0.5 2011.04.20 2011-04-20 - 0.479
    Dr.Web 5.0.2.3300 2011.04.20 2011-04-20 - 12.568
    F-Prot 4.4.4.56 20110419 2011-04-19 - 1.496
    F-Secure 7.02.73807 2011.04.20.02 2011-04-20 - 13.124
    Fortinet 4.2.257 13.130 2011-04-19 - 0.252
    GData 22.118/22.48 20110420 2011-04-20 - 15.962
    Ikarus T3.1.32.20.0 2011.04.20.78206 2011-04-20 - 4.672
    JiangMin 13.0.900 2011.04.19 2011-04-19 - 2.704
    Kaspersky 5.5.10 2011.04.19 2011-04-19 - 0.102
    KingSoft 2009.2.5.15 2011.4.20.9 2011-04-20 - 0.887
    McAfee 5400.1158 6320 2011-04-18 - 10.004
    Microsoft 1.6802 2011.04.19 2011-04-19 - 7.059
    NOD32 3.0.21 6054 2011-04-19 - 0.008
    Norman 6.07.08 6.07.00 2011-04-19 - 30.044
    nProtect 20110419.01 3374362 2011-04-19 - 31.659
    Panda 9.05.01 2011.04.19 2011-04-19 - 10.241
    Quick Heal 11.00 2011.04.17 2011-04-17 - 7.771
    Rising 20.0 23.54.01.06 2011-04-19 - 7.352
    Sophos 3.18.0 4.64 2011-04-20 - 4.052
    Sunbelt 3.9.2490.2 9065 2011-04-19 - 10.878
    Symantec 1.3.0.24 20110419.003 2011-04-19 - 0.004
    The Hacker 6.7.0.1 v00176 2011-04-18 - 1.355
    Trend Micro 9.200-1012 7.990.07 2011-04-19 - 0.037
    VBA32 3.12.16.0 20110419.0922 2011-04-19 - 4.407
    ViRobot 20110419 2011.04.19 2011-04-19 - 3.456
    VirusBuster 5.2.0.28 13.6.312.2/4996616 2011-04-19 - 0.002
     
  21. medni

    medni TS Rookie Topic Starter Posts: 24

    File Name : svchost.exe
    File Size : 21504 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 3794b461c45882e06856f282eef025af
    SHA1 : bf15549a7ec01ac505ccac036aba5b9bae688135
    Scanner results
    Scanner results : Scanners did not find malware!
    Time : 2011/04/22 16:07:06 (BST)
    Scanner Engine Ver Sig Ver Sig Date Scan result Time
    a-squared 5.1.0.2 20110422015551 2011-04-22 - 0.078
    AhnLab V3 2011.04.21.01 2011.04.21 2011-04-21 - 0.077
    AntiVir 8.2.4.214 7.11.6.251 2011-04-22 - 0.335
    Antiy 2.0.18 20110205.7694535 2011-02-05 - 0.157
    Arcavir 2011 201103241627 2011-03-24 - 0.029
    Authentium 5.1.1 201104220624 2011-04-22 - 1.509
    AVAST! 4.7.4 110422-0 2011-04-22 - 0.009
    AVG 8.5.850 271.1.1/3589 2011-04-22 - 0.242
    BitDefender 7.90123.7146338 7.37194 2011-04-22 - 6.493
    ClamAV 0.96.5 13003 2011-04-21 - 0.003
    Comodo 4.0 8434 2011-04-22 - 0.078
    CP Secure 1.3.0.5 2011.04.22 2011-04-22 - 0.051
    Dr.Web 5.0.2.3300 2011.04.22 2011-04-22 - 11.429
    F-Prot 4.4.4.56 20110420 2011-04-20 - 1.510
    F-Secure 7.02.73807 2011.04.22.02 2011-04-22 - 12.535
    Fortinet 4.2.257 13.137 2011-04-21 - 0.078
    GData 22.141/22.52 20110422 2011-04-22 - 0.078
    Ikarus T3.1.32.20.0 2011.04.22.78224 2011-04-22 - 4.684
    JiangMin 13.0.900 2011.04.21 2011-04-21 - 0.083
    Kaspersky 5.5.10 2011.04.22 2011-04-22 - 0.096
    KingSoft 2009.2.5.15 2011.4.22.16 2011-04-22 - 0.078
    McAfee 5400.1158 6320 2011-04-18 - 5.736
    Microsoft 1.6802 2011.04.22 2011-04-22 - 0.081
    NOD32 3.0.21 6061 2011-04-21 - 0.011
    Norman 6.07.08 6.07.00 2011-04-21 - 10.170
    nProtect 20110422.01 3390140 2011-04-22 - 0.090
    Panda 9.05.01 2011.04.22 2011-04-22 - 0.083
    Quick Heal 11.00 2011.04.21 2011-04-21 - 0.086
    Rising 20.0 23.54.03.06 2011-04-21 - 0.087
    Sophos 3.18.0 4.64 2011-04-22 - 3.928
    Sunbelt 3.9.2490.2 9085 2011-04-22 - 0.080
    Symantec 1.3.0.24 20110421.002 2011-04-21 - 112.074
    The Hacker 6.7.0.1 v00176 2011-04-18 - 0.127
    Trend Micro 9.200-1012 8.112.05 2011-04-22 - 0.037
    VBA32 3.12.16.0 20110421.2047 2011-04-21 - 7.100
    ViRobot 20110422 2011.04.22 2011-04-22 - 0.080
    VirusBuster 5.2.0.28 13.6.316.0/5016476 2011-04-22 - 0.015
     
  22. medni

    medni TS Rookie Topic Starter Posts: 24

    ComboFix 11-05-01.01 - Administrator 02/05/2011 2:19.3.2 - x86
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3070.1816 [GMT 1:00]
    Running from: c:\users\Administrator\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-02 01:29 . 2011-05-02 01:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-05-02 01:29 . 2011-05-02 01:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2011-05-02 01:29 . 2011-05-02 01:29 -------- d-----w- c:\users\shahbaz\AppData\Local\temp
    2011-05-02 01:29 . 2011-05-02 01:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-02 00:49 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46A3DE2-6E06-4A25-ADD8-EB0D4E907C58}\mpengine.dll
    2011-04-30 12:44 . 2011-04-30 21:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
    2011-04-28 21:10 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-04-28 21:09 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-04-28 21:09 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-04-28 21:09 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-28 21:09 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-04-28 21:09 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-27 14:12 . 2011-04-27 14:12 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
    2011-04-27 13:02 . 2011-04-27 13:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Template
    2011-04-27 01:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-27 01:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-26 23:31 . 2011-04-26 23:32 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
    2011-04-26 02:18 . 2011-04-26 02:18 -------- d-----w- c:\program files\ESET
    2011-04-22 01:12 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-04-20 22:46 . 2011-04-20 22:46 -------- d-----w- c:\users\shahbaz\AppData\Local\DDMSettings
    2011-04-20 22:42 . 2011-04-20 22:42 -------- d-----w- c:\program files\Common Files\DivX Shared
    2011-04-20 01:46 . 2011-04-20 01:46 -------- d-----w- c:\users\shahbaz\AppData\Local\Mozilla
    2011-04-19 00:18 . 2011-04-19 00:26 -------- d-----w- c:\users\shahbaz\AppData\Local\ElevatedDiagnostics
    2011-04-19 00:16 . 2011-04-19 00:16 -------- d-----w- c:\program files\Microsoft ATS
    2011-04-19 00:01 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-04-19 00:01 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
    2011-04-19 00:01 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-04-18 03:25 . 2011-04-18 03:25 -------- d-----w- C:\ab26ce1d3b121af7df7fc04e
    2011-04-18 03:22 . 2011-01-20 14:14 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-04-18 03:22 . 2011-01-20 16:06 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-04-18 03:22 . 2011-01-20 14:14 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-04-18 03:22 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-04-18 03:22 . 2011-01-20 14:24 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-04-18 03:22 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-04-18 03:22 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-04-18 02:31 . 2011-04-18 02:45 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sammsoft
    2011-04-18 02:19 . 2011-04-18 02:23 -------- d-----w- c:\windows\$regcmp$
    2011-04-18 02:11 . 2011-04-18 02:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\SmartPCTools
    2011-04-14 15:46 . 2010-11-30 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88999D78-2F69-4109-9574-2F1CBC1E0D68}\gapaengine.dll
    2011-04-14 15:40 . 2011-04-14 15:40 -------- d-----w- c:\program files\Microsoft Security Client
    2011-04-14 15:36 . 2011-04-14 15:36 -------- d-----w- c:\program files\Common Files\Java
    2011-04-13 00:24 . 2011-04-13 00:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
    2011-04-12 22:58 . 2011-04-12 22:58 -------- d-----w- c:\users\shahbaz\AppData\Roaming\Malwarebytes
    2011-04-12 22:58 . 2011-04-12 22:58 -------- d-----w- c:\programdata\Malwarebytes
    2011-04-12 22:58 . 2011-04-27 01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-12 16:23 . 2011-04-14 23:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
    2011-04-03 19:31 . 2011-04-03 19:31 -------- d-----w- c:\windows\Sun
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-13 09:29 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-03 15:40 . 2011-04-28 21:09 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2011-03-03 15:40 . 2011-04-28 21:10 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2011-03-03 15:40 . 2011-04-28 21:09 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2011-03-03 15:40 . 2011-04-28 21:10 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-02-02 20:40 . 2010-12-11 10:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 17:11 . 2010-07-31 18:40 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-03-18 17:57 . 2011-04-20 01:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-11 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-02-04 4907008]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-20 3563520]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-21 274608]
    "OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-03-01 21:45 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2009-03-20 06:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    R1 MpKsl059d5ba4;MpKsl059d5ba4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76296B95-034E-4BAE-A588-0DE38E2F6B16}\MpKsl059d5ba4.sys [x]
    R1 MpKsl0e35e201;MpKsl0e35e201;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A85744DD-B436-4AB7-8489-4D1A3B7688D7}\MpKsl0e35e201.sys [x]
    R1 MpKsl15edd4fa;MpKsl15edd4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA842E7F-5CD8-499D-B1BB-F651C57B27C7}\MpKsl15edd4fa.sys [x]
    R1 MpKsl1f027bd5;MpKsl1f027bd5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl1f027bd5.sys [x]
    R1 MpKsl22aec72c;MpKsl22aec72c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EC21DDF-7B61-4B01-A09A-E26A6FF3C704}\MpKsl22aec72c.sys [x]
    R1 MpKsl23a942af;MpKsl23a942af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E3C33-B3FD-4172-B144-F862A50482C4}\MpKsl23a942af.sys [x]
    R1 MpKsl29d4e984;MpKsl29d4e984;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl29d4e984.sys [x]
    R1 MpKsl2a36455e;MpKsl2a36455e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E3C33-B3FD-4172-B144-F862A50482C4}\MpKsl2a36455e.sys [x]
    R1 MpKsl34671c43;MpKsl34671c43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EAF9E39-A26E-4194-BB06-875C25C84E36}\MpKsl34671c43.sys [x]
    R1 MpKsl3a1516e5;MpKsl3a1516e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl3a1516e5.sys [x]
    R1 MpKsl4453f55b;MpKsl4453f55b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl4453f55b.sys [x]
    R1 MpKsl44854048;MpKsl44854048;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10315178-3E52-4EA6-9F81-502D87DA1D0C}\MpKsl44854048.sys [x]
    R1 MpKsl46ed0474;MpKsl46ed0474;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8428D-5B32-4D0C-A5E0-AD52CD52045E}\MpKsl46ed0474.sys [x]
    R1 MpKsl4d2e1481;MpKsl4d2e1481;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DE79C12-1E64-4677-95E0-0460E8116E5B}\MpKsl4d2e1481.sys [x]
    R1 MpKsl616f29e3;MpKsl616f29e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27231138-BED7-4FE5-A0F1-0BFAEF9B3D56}\MpKsl616f29e3.sys [x]
    R1 MpKsl65298408;MpKsl65298408;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl65298408.sys [x]
    R1 MpKsl665c5764;MpKsl665c5764;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3218C03F-DC73-40E4-BA08-42B2034453B5}\MpKsl665c5764.sys [x]
    R1 MpKsl6b835e7f;MpKsl6b835e7f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKsl6b835e7f.sys [x]
    R1 MpKsl6cdd9eac;MpKsl6cdd9eac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF7D0B90-47E9-4D1C-842E-94449A68701C}\MpKsl6cdd9eac.sys [x]
    R1 MpKsl7249b573;MpKsl7249b573;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65337EDC-4DA4-4855-BCF4-B93189FA9039}\MpKsl7249b573.sys [x]
    R1 MpKsl76d86933;MpKsl76d86933;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2ED53EF-BD8B-4552-87CF-5807AF008D62}\MpKsl76d86933.sys [x]
    R1 MpKsl79002210;MpKsl79002210;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8428D-5B32-4D0C-A5E0-AD52CD52045E}\MpKsl79002210.sys [x]
    R1 MpKsl8a07f1d3;MpKsl8a07f1d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390D937C-AA4C-4EF7-ADA3-EE04546D1F9E}\MpKsl8a07f1d3.sys [x]
    R1 MpKsl9078bbe0;MpKsl9078bbe0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C85C945-F51D-4568-98DB-BB67477F4506}\MpKsl9078bbe0.sys [x]
    R1 MpKsl9890e981;MpKsl9890e981;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl9890e981.sys [x]
    R1 MpKsl9efac3e3;MpKsl9efac3e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKsl9efac3e3.sys [x]
    R1 MpKsla120204d;MpKsla120204d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF7D0B90-47E9-4D1C-842E-94449A68701C}\MpKsla120204d.sys [x]
    R1 MpKsla19e334d;MpKsla19e334d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{349A63F7-8208-4980-BD37-4D83F8649B29}\MpKsla19e334d.sys [x]
    R1 MpKsla4df3f62;MpKsla4df3f62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1912C3F-972A-4137-A817-8B464CDA0F7C}\MpKsla4df3f62.sys [x]
    R1 MpKslaa083dd1;MpKslaa083dd1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKslaa083dd1.sys [x]
    R1 MpKslbf9e0f08;MpKslbf9e0f08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKslbf9e0f08.sys [x]
    R1 MpKsldcb01bf3;MpKsldcb01bf3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E1A6555-A1F4-4FD3-9DFC-052D36C7C23B}\MpKsldcb01bf3.sys [x]
    R1 MpKslf3776eca;MpKslf3776eca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AA07AC5-7517-4FF9-BE8D-DB62C1CCAC79}\MpKslf3776eca.sys [x]
    R1 MpKslfd10cd6c;MpKslfd10cd6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DE79C12-1E64-4677-95E0-0460E8116E5B}\MpKslfd10cd6c.sys [x]
    R1 MpKslfea62f1e;MpKslfea62f1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2ED53EF-BD8B-4552-87CF-5807AF008D62}\MpKslfea62f1e.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 136176]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 136176]
    R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-03-25 114688]
    R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 105856]
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-04 77824]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288]
    S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
    S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
    S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-02 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2010-07-31 10:14]
    .
    2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 13:12]
    .
    2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 13:12]
    .
    2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345154763-3622116426-816371545-1000Core.job
    - c:\users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 16:44]
    .
    2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345154763-3622116426-816371545-1000UA.job
    - c:\users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 16:44]
    .
    2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3345154763-3622116426-816371545-1000.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.bbc.co.uk/
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\igk5pcsv.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-02 02:32
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,3d,1b,b6,e9,9c,d5,40,93,f9,48,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,3d,1b,b6,e9,9c,d5,40,93,f9,48,\
    .
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.HTM"
    .
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2852)
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\windows\system32\nvvsvc.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\DRIVERS\o2flash.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Common Files\Teleca Shared\Generic.exe
    c:\program files\Common Files\Teleca Shared\logger.exe
    c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
    c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
    c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-02 02:42:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-02 01:42
    ComboFix2.txt 2011-04-30 22:27
    .
    Pre-Run: 233,197,764,608 bytes free
    Post-Run: 233,528,967,168 bytes free
    .
    - - End Of File - - B6C51E41C89F568C17F39DB77912C8EC
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    A question please: Is this something you have set up?
    2011-04-20 22:46 -------- d-----w- c:\users\shahbaz\AppData\Local\DDMSettings> In iSeries Navigator, navigate to the DDM settings: Network->Servers->TCP/IP
    TCP/IP communication support concepts for DDM
    There are several concepts that pertain specifically to the TCP/IP communications support used by DRDA® and DDM. These concepts are described here in detail.
    http://en.wikipedia.org/wiki/IBM_System_i
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Folder::
    c:\users\Administrator\AppData\Local\temp
    c:\windows\system32\config\systemprofile\AppData\Local\temp
    c:\users\shahbaz\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\Administrator\AppData\Roaming\SmartPCTools
    c:\windows\$regcmp$
    c:\users\Administrator\AppData\Roaming\Sammsof
    RegLock::
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Internet Explorer\User Preferences]
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserCh oice].
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserC hoice]
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserCh oice].
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\User Choice]
    [HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserCh oice]
    DirLook::
    C:\ab26ce1d3b121af7df7fc04e
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================

    1. 2011-04-20 22:46 c:\users\shahbaz\AppData\Local\DDMSettings. FYI:In iSeries Navigator, navigate to the DDM settings: Network->Servers->TCP/IP
    TCP/IP communication support concepts for DDM
    There are several concepts that pertain specifically to the TCP/IP communications support used by DRDA® and DDM. These concepts are described HERE. in detail. http://en.wikipedia.org/wiki/IBM_System_i

    The following are all from 4/18/2011.
    2. The regcmp command compiles the patterns in File and places output in a File.i file, or a File.c file when the - option is specified.
    Looks like a programming tool for IBM. http://publib.boulder.ibm.com/infoc...m.ibm.aix.basetechref/doc/basetrf2/regcmp.htm
    3. SmartPCTools has not created a publisher profile> Registry Repair Wizard/Version 2011 build 6.60Scan, repair, and restore your Registry.
    4. Sammsof Appears to be another registry cleaner.Please Note: Searching for #2,3,4 brought up more unsafe sites to download that safe sites accoring to the Web of Trust. We do not recommend anyone using a Registry cleaner. Benefdits are negligible and risks are high.
    =============================================
    I notice you have an addon Active X for Eset online:
    hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
    Are you aware that this for testing new versions and not the usual free online virus scanner?
     
  25. medni

    medni TS Rookie Topic Starter Posts: 24

    in reply to ur question it is not something i am aware of i have not set up
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...