Solved What now?

M

medni

Posts: 24   +0
hi new member here .my dell laptop with vista business has recently been having multiple weird problems.
windows update not updating
update now not switching on
searches being directed elsewhere
vista theme changing automatically
messages about explorer etc not being able to start up etc...
i have tried the 8 point but now i cant get most off the software to start up either ...
any ideas, internet etc is working fine
 
Welcome to TechSpot! Hopefully before you start your next thread, you will have learned to make the subject a bit more descriptive! "What now" isn't very descriptive!

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

If you had a problem with any of these steps, then you need to let me know which program isn't 'working' and specifically what the problem was when you try to either download it or run the scan. IF your searches are being redirected, you probably have malware. IF you better describe how the Vista theme is 'changing', I can probably guide you with that.

You have contradicted yourself here:
has recently been having multiple weird problems.
Click to expand...
internet etc is working fine
Click to expand...

Please tell me specifically which of the steps isn't working and how it isn't working.
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
thanks for the reply ,
i did the scans and here are the logs
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6452

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

27/04/2011 02:53:29
mbam-log-2011-04-27 (02-53-29).txt

Scan type: Quick scan
Objects scanned: 162448
Time elapsed: 11 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-27 03:01:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST9320320AS rev.DE06
Running: mlzbp8q8.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldrpow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST9320320AS_____________________________DE06____#5&38cc63f4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 3:03:07.43 on 27/04/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3070.1976 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM13Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl2fab3a17;MpKsl2fab3a17;c:\programdata\microsoft\microsoft antimalware\definition updates\{36c34658-6de7-4901-8fc3-e50437752fc6}\MpKsl2fab3a17.sys [2011-4-27 28752]
R1 MpKsl38c184ad;MpKsl38c184ad;c:\programdata\microsoft\microsoft antimalware\definition updates\{36c34658-6de7-4901-8fc3-e50437752fc6}\MpKsl38c184ad.sys [2011-4-26 28752]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2010-7-31 77824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-26 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-26 61960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-29 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 235840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-8-28 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-8-28 105856]
.
=============== Created Last 30 ================
.
2011-04-27 01:41:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 01:41:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 01:36:33 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{36c34658-6de7-4901-8fc3-e50437752fc6}\MpKsl2fab3a17.sys
2011-04-26 23:31:46 -------- d-----w- c:\users\admini~1\appdata\local\Adobe
2011-04-26 23:00:48 -------- d-----w- c:\users\admini~1\appdata\roaming\Avira
2011-04-26 22:47:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-26 22:47:28 -------- d-----w- c:\program files\Avira
2011-04-26 22:47:28 -------- d-----w- c:\progra~2\Avira
2011-04-26 11:42:34 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{36c34658-6de7-4901-8fc3-e50437752fc6}\MpKsl38c184ad.sys
2011-04-26 11:42:16 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{36c34658-6de7-4901-8fc3-e50437752fc6}\mpengine.dll
2011-04-26 02:18:57 -------- d-----w- c:\program files\ESET
2011-04-26 01:00:03 -------- d-s---w- C:\ComboFix
2011-04-25 23:15:14 98816 ----a-w- c:\windows\sed.exe
2011-04-25 23:15:14 89088 ----a-w- c:\windows\MBR.exe
2011-04-25 23:15:14 256512 ----a-w- c:\windows\PEV.exe
2011-04-25 23:15:14 161792 ----a-w- c:\windows\SWREG.exe
2011-04-22 01:12:44 6792528 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-20 22:42:24 -------- d-----w- c:\program files\common files\DivX Shared
2011-04-19 00:16:34 -------- d-----w- c:\program files\Microsoft ATS
2011-04-19 00:01:33 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-19 00:01:32 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-19 00:01:31 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-04-18 03:25:35 -------- d-----w- C:\ab26ce1d3b121af7df7fc04e
2011-04-18 03:22:59 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-04-18 03:22:58 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-04-18 03:22:58 2873344 ----a-w- c:\windows\system32\mf.dll
2011-04-18 03:22:57 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-18 03:22:57 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-04-18 03:22:56 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-18 03:22:56 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-04-18 03:22:56 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-04-18 02:31:53 -------- d-----w- c:\users\admini~1\appdata\roaming\Sammsoft
2011-04-18 02:19:01 -------- d-----w- c:\windows\$regcmp$
2011-04-18 02:11:05 -------- d-----w- c:\users\admini~1\appdata\roaming\SmartPCTools
2011-04-14 15:46:47 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{88999d78-2f69-4109-9574-2f1cbc1e0d68}\gapaengine.dll
2011-04-14 15:40:32 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-13 00:24:33 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2011-04-12 22:58:51 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-12 22:58:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST9320320AS rev.DE06 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x867A7439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x867ad7d0]; MOV EAX, [0x867ad84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82480912] -> \Device\Harddisk0\DR0[0x85B7A200]
3 CLASSPNP[0x8ABAB8B3] -> ntkrnlpa!IofCallDriver[0x82480912] -> [0x84B96598]
\Driver\atapi[0x86517F38] -> IRP_MJ_CREATE -> 0x867A7439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskST9320320AS_____________________________DE06____#5&38cc63f4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 3:04:23.15 ===============
 
the theme has been changing from the vista to the xp version ie.the round start icon has been changing to the square one .my microsoft update has been switching off on its own and wont let me auto matically update without manuaaly doing so from the microsoft website..my microsoft essential is also not updating.
also every now and again my preference ie desktop has been unable to start..what i meant by internet working is that surfing hasnt been a problem
 
Hold off on the updates for now. You have a rootkit on the MBR:

Please download MBRCheck and save to your desktop
  • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
  • It will show a Black screen with some information that will contain either the below line if no problem is found:
    [o] Done! Press ENTER to exit...
  • Or you will see more information like below if a problem is found:
    [o] Found non-standard or infected MBR.
    [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
  • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
  • Paste this log to your next message.
=======================================
It also appears that you have no home page or search page set up.
 
thanks for your reply




MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Vostro1510
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 169):
0x82414000 \SystemRoot\system32\ntkrnlpa.exe
0x827CE000 \SystemRoot\system32\hal.dll
0x86A9E000 \SystemRoot\system32\kdcom.dll
0x80603000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80673000 \SystemRoot\system32\PSHED.dll
0x80684000 \SystemRoot\system32\BOOTVID.dll
0x8068C000 \SystemRoot\system32\CLFS.SYS
0x806CD000 \SystemRoot\system32\CI.dll
0x82A09000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A85000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A92000 \SystemRoot\system32\drivers\acpi.sys
0x82AD8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82AE1000 \SystemRoot\system32\drivers\msisadrv.sys
0x82AE9000 \SystemRoot\system32\drivers\pci.sys
0x82B10000 \SystemRoot\System32\drivers\partmgr.sys
0x82B1F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82B22000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82B2C000 \SystemRoot\system32\drivers\volmgr.sys
0x82B3B000 \SystemRoot\System32\drivers\volmgrx.sys
0x82B85000 \SystemRoot\system32\drivers\intelide.sys
0x82B8C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B9A000 \SystemRoot\System32\drivers\mountmgr.sys
0x82BAA000 \SystemRoot\system32\drivers\atapi.sys
0x82BB2000 \SystemRoot\system32\drivers\ataport.SYS
0x82BD0000 \SystemRoot\system32\drivers\msahci.sys
0x807AD000 \SystemRoot\system32\drivers\fltmgr.sys
0x82BDA000 \SystemRoot\system32\drivers\fileinfo.sys
0x82BEA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x807DF000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x82BEC000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A600000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A671000 \SystemRoot\system32\drivers\ndis.sys
0x8A77C000 \SystemRoot\system32\drivers\msrpc.sys
0x8A7A7000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A804000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB19000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB52000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB5A000 \SystemRoot\System32\Drivers\mup.sys
0x8AB69000 \SystemRoot\System32\drivers\ecache.sys
0x8AB90000 \SystemRoot\system32\drivers\disk.sys
0x8ABA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABC2000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AA00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A90C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A91B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EC02000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F553000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8F555000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A924000 \SystemRoot\System32\drivers\watchdog.sys
0x8F5F5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A930000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A96E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F602000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F68F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8F7B9000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8A97D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8A98D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8A99B000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x8A9A5000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8A9CB000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8F7FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A9D7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A9EA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F800000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F832000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F834000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F83F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F857000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F85D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F88C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F8CD000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F8D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F8EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F8FA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F91D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F92C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F940000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F955000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8F9DE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F9EE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FA0D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FA37000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FA41000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FA4E000 \SystemRoot\System32\drivers\vga.sys
0x8FA5A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FA7B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FAB0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92A00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8FAC1000 \SystemRoot\system32\drivers\portcls.sys
0x8FAEE000 \SystemRoot\system32\drivers\drmk.sys
0x8FB13000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8FB22000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x92BF5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FB49000 \SystemRoot\System32\Drivers\Null.SYS
0x8FB50000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FB57000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8FB5D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FB65000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FB6D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FB78000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FB86000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FB8F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FBA5000 \SystemRoot\system32\DRIVERS\smb.sys
0x92C0C000 \SystemRoot\system32\drivers\afd.sys
0x92C54000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92C86000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92C9C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x92CAA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92CBD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x92CC3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92CFF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92D09000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A0E20E9-3EE7-4793-8432-F8004A13169C}\MpKsl8b55d171.sys
0x92D0F000 \SystemRoot\system32\drivers\csc.sys
0x92D6A000 \SystemRoot\System32\Drivers\dfsc.sys
0x92D81000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x92DA7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92DB4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x92DBF000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x92DC9000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9960E000 \SystemRoot\System32\Drivers\bthport.sys
0x9968E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x996A5000 \SystemRoot\system32\DRIVERS\OEM13Vid.sys
0x996DF000 \SystemRoot\system32\DRIVERS\OEM13Vfx.sys
0x996E1000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x9970A000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x99714000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9A4E0000 \SystemRoot\System32\win32k.sys
0x9972E000 \SystemRoot\System32\drivers\Dxapi.sys
0x9A700000 \SystemRoot\System32\TSDDD.dll
0x9A720000 \SystemRoot\System32\cdd.dll
0x99738000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9974D000 \SystemRoot\system32\drivers\luafv.sys
0x99768000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x99773000 \SystemRoot\System32\Drivers\DLADResM.SYS
0x99774000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0x9978D000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0x99793000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0x99796000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0x9979E000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0x997A5000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0x997BB000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0x9EC0E000 \SystemRoot\system32\drivers\spsys.sys
0x9ECBE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9ECCE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9ECF8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9ED02000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9ED15000 \SystemRoot\system32\drivers\HTTP.sys
0x9ED82000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9ED9F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9EDB8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9EDCD000 \SystemRoot\system32\drivers\mrxdav.sys
0x997D2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8FBB9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x92DD6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0808000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0830000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xA083A000 \SystemRoot\System32\DRIVERS\srv.sys
0xA08A0000 \SystemRoot\system32\drivers\peauth.sys
0xA097E000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0988000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA09B0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA09BC000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xA09C8000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A0E20E9-3EE7-4793-8432-F8004A13169C}\MpKsl347c2339.sys
0xA09CE000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA09E4000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x76E90000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
492 C:\Windows\System32\smss.exe
600 csrss.exe
640 C:\Windows\System32\wininit.exe
648 csrss.exe
684 C:\Windows\System32\services.exe
704 C:\Windows\System32\lsass.exe
712 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\winlogon.exe
896 C:\Windows\System32\svchost.exe
936 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
960 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1100 C:\Windows\System32\nvvsvc.exe
1136 C:\Windows\System32\svchost.exe
1192 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1312 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\audiodg.exe
1548 C:\Windows\System32\svchost.exe
1564 C:\Windows\System32\SLsvc.exe
1584 C:\Windows\System32\svchost.exe
1728 C:\Windows\System32\nvvsvc.exe
1808 C:\Windows\System32\svchost.exe
1936 C:\Windows\System32\WLTRYSVC.EXE
1948 C:\Windows\System32\BCMWLTRY.EXE
2028 C:\Windows\System32\spoolsv.exe
2036 C:\Windows\System32\wlanext.exe
368 C:\Program Files\Avira\AntiVir Desktop\sched.exe
320 C:\Windows\System32\svchost.exe
1824 C:\Windows\System32\AERTSrv.exe
2084 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2124 C:\Program Files\Bonjour\mDNSResponder.exe
2136 C:\Windows\System32\svchost.exe
2188 C:\Windows\System32\drivers\o2flash.exe
2228 C:\Windows\System32\svchost.exe
2316 C:\Windows\System32\svchost.exe
2368 C:\Windows\System32\svchost.exe
2388 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2708 C:\Windows\System32\SearchIndexer.exe
2756 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2868 C:\Windows\System32\dwm.exe
2904 C:\Windows\explorer.exe
2912 C:\Windows\System32\taskeng.exe
3104 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3152 C:\Windows\System32\taskeng.exe
3812 C:\Windows\RtHDVCpl.exe
3868 C:\Windows\System32\WLTRAY.EXE
3888 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3960 C:\Windows\OEM13Mon.exe
3980 C:\Windows\System32\rundll32.exe
4024 C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
4044 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4052 C:\Program Files\Microsoft Security Client\msseces.exe
4088 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2108 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2404 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1620 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
1492 C:\Program Files\Internet Explorer\iexplore.exe
3304 C:\Program Files\Internet Explorer\iexplore.exe
2064 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
4180 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4236 C:\Program Files\Internet Explorer\iexplore.exe
4640 C:\Windows\System32\svchost.exe
5056 C:\Program Files\Common Files\Teleca Shared\Generic.exe
5188 C:\Program Files\Common Files\Teleca Shared\logger.exe
5220 C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
5432 C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
5484 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
5940 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
4568 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
4808 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
5092 WmiPrvSE.exe
5892 C:\Windows\System32\SearchProtocolHost.exe
5904 C:\Windows\System32\SearchFilterHost.exe
5356 C:\Windows\System32\SearchProtocolHost.exe
4468 C:\Users\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS)

PhysicalDrive0 Model Number: ST9320320AS, Rev: DE06

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
Good for that. But let's run this also:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result. Please paste log in next reply.
  • A reboot is required after disinfection.
 
2011/04/28 21:42:57.0881 1744 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/28 21:42:58.0232 1744 ================================================================================
2011/04/28 21:42:58.0233 1744 SystemInfo:
2011/04/28 21:42:58.0233 1744
2011/04/28 21:42:58.0233 1744 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/28 21:42:58.0233 1744 Product type: Workstation
2011/04/28 21:42:58.0233 1744 ComputerName: ABU
2011/04/28 21:42:58.0234 1744 UserName: Administrator
2011/04/28 21:42:58.0234 1744 Windows directory: C:\Windows
2011/04/28 21:42:58.0234 1744 System windows directory: C:\Windows
2011/04/28 21:42:58.0234 1744 Processor architecture: Intel x86
2011/04/28 21:42:58.0234 1744 Number of processors: 2
2011/04/28 21:42:58.0234 1744 Page size: 0x1000
2011/04/28 21:42:58.0234 1744 Boot type: Normal boot
2011/04/28 21:42:58.0234 1744 ================================================================================
2011/04/28 21:43:00.0782 1744 Initialize success
2011/04/28 21:43:15.0643 5036 ================================================================================
2011/04/28 21:43:15.0643 5036 Scan started
2011/04/28 21:43:15.0643 5036 Mode: Manual;
2011/04/28 21:43:15.0643 5036 ================================================================================
2011/04/28 21:43:17.0225 5036 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/28 21:43:17.0331 5036 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/28 21:43:17.0415 5036 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/28 21:43:17.0530 5036 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/28 21:43:17.0579 5036 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/28 21:43:17.0796 5036 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/28 21:43:17.0902 5036 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/28 21:43:17.0995 5036 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/28 21:43:18.0085 5036 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/28 21:43:18.0155 5036 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/28 21:43:18.0209 5036 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/28 21:43:18.0276 5036 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/28 21:43:18.0330 5036 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/28 21:43:18.0752 5036 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/28 21:43:18.0924 5036 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/28 21:43:19.0001 5036 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/28 21:43:19.0066 5036 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/28 21:43:19.0168 5036 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/28 21:43:19.0274 5036 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/28 21:43:19.0432 5036 BCM42RLY (31a7cf8b26035fcf58bd1dbf36b1e69a) C:\Windows\system32\drivers\BCM42RLY.sys
2011/04/28 21:43:19.0573 5036 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/28 21:43:19.0968 5036 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/28 21:43:20.0193 5036 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/28 21:43:20.0647 5036 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/28 21:43:20.0760 5036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/28 21:43:20.0812 5036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/28 21:43:20.0890 5036 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/28 21:43:20.0956 5036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/28 21:43:21.0018 5036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/28 21:43:21.0059 5036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/28 21:43:21.0238 5036 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/28 21:43:21.0323 5036 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/28 21:43:21.0404 5036 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/28 21:43:21.0471 5036 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/28 21:43:21.0597 5036 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/28 21:43:22.0085 5036 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/28 21:43:22.0196 5036 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/28 21:43:22.0277 5036 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/28 21:43:22.0344 5036 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/28 21:43:22.0474 5036 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/28 21:43:22.0646 5036 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/28 21:43:22.0720 5036 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/28 21:43:22.0780 5036 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/28 21:43:22.0847 5036 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/28 21:43:23.0038 5036 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
2011/04/28 21:43:23.0247 5036 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/28 21:43:23.0392 5036 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/28 21:43:23.0458 5036 DLABMFSM (a0500678a33802d8954153839301d539) C:\Windows\system32\Drivers\DLABMFSM.SYS
2011/04/28 21:43:23.0531 5036 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\Windows\system32\Drivers\DLABOIOM.SYS
2011/04/28 21:43:23.0703 5036 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/04/28 21:43:23.0761 5036 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\Windows\system32\Drivers\DLADResM.SYS
2011/04/28 21:43:23.0855 5036 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\Windows\system32\Drivers\DLAIFS_M.SYS
2011/04/28 21:43:23.0912 5036 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\Windows\system32\Drivers\DLAOPIOM.SYS
2011/04/28 21:43:23.0963 5036 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\Windows\system32\Drivers\DLAPoolM.SYS
2011/04/28 21:43:24.0016 5036 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/04/28 21:43:24.0067 5036 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\Windows\system32\Drivers\DLAUDFAM.SYS
2011/04/28 21:43:24.0112 5036 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\Windows\system32\Drivers\DLAUDF_M.SYS
2011/04/28 21:43:24.0285 5036 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/28 21:43:24.0349 5036 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/04/28 21:43:24.0391 5036 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/04/28 21:43:24.0481 5036 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/28 21:43:24.0794 5036 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/28 21:43:25.0064 5036 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/28 21:43:25.0181 5036 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/28 21:43:25.0469 5036 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/28 21:43:25.0693 5036 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/28 21:43:25.0795 5036 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/28 21:43:25.0924 5036 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/28 21:43:25.0996 5036 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/28 21:43:26.0056 5036 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/28 21:43:26.0163 5036 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/28 21:43:26.0244 5036 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/28 21:43:26.0367 5036 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/28 21:43:26.0412 5036 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/28 21:43:26.0488 5036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/28 21:43:26.0814 5036 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/28 21:43:27.0068 5036 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/28 21:43:27.0266 5036 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/28 21:43:27.0346 5036 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/28 21:43:27.0417 5036 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/04/28 21:43:27.0477 5036 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/28 21:43:27.0576 5036 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/04/28 21:43:27.0662 5036 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/28 21:43:27.0818 5036 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/28 21:43:27.0891 5036 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/28 21:43:27.0969 5036 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/28 21:43:28.0138 5036 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/28 21:43:28.0313 5036 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/28 21:43:28.0610 5036 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/28 21:43:28.0771 5036 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/28 21:43:28.0865 5036 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/28 21:43:28.0969 5036 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/28 21:43:29.0032 5036 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/28 21:43:29.0105 5036 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/28 21:43:29.0194 5036 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/28 21:43:29.0272 5036 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/28 21:43:29.0308 5036 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/28 21:43:29.0368 5036 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/28 21:43:29.0431 5036 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/28 21:43:29.0687 5036 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/04/28 21:43:29.0871 5036 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/28 21:43:30.0130 5036 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/28 21:43:30.0223 5036 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/28 21:43:30.0300 5036 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/28 21:43:30.0358 5036 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/28 21:43:30.0420 5036 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/28 21:43:30.0472 5036 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/28 21:43:30.0548 5036 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/28 21:43:30.0633 5036 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/28 21:43:30.0723 5036 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/28 21:43:30.0780 5036 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/28 21:43:30.0848 5036 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/04/28 21:43:30.0909 5036 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/28 21:43:31.0020 5036 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/28 21:43:31.0083 5036 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/28 21:43:31.0880 5036 MpKsl347c2339 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A0E20E9-3EE7-4793-8432-F8004A13169C}\MpKsl347c2339.sys
2011/04/28 21:43:32.0831 5036 MpKsl8b55d171 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A0E20E9-3EE7-4793-8432-F8004A13169C}\MpKsl8b55d171.sys
2011/04/28 21:43:33.0648 5036 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/28 21:43:33.0746 5036 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/28 21:43:33.0893 5036 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/28 21:43:34.0000 5036 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/28 21:43:34.0094 5036 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/28 21:43:34.0139 5036 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/28 21:43:34.0229 5036 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/28 21:43:34.0333 5036 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/04/28 21:43:34.0406 5036 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/28 21:43:34.0523 5036 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/28 21:43:34.0585 5036 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/28 21:43:34.0676 5036 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/28 21:43:34.0872 5036 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/28 21:43:34.0931 5036 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/28 21:43:34.0995 5036 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/28 21:43:35.0088 5036 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/28 21:43:35.0169 5036 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/28 21:43:35.0239 5036 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/28 21:43:35.0365 5036 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/28 21:43:35.0474 5036 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/28 21:43:35.0597 5036 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/28 21:43:35.0765 5036 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/28 21:43:35.0844 5036 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/28 21:43:35.0903 5036 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/28 21:43:35.0967 5036 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/28 21:43:36.0044 5036 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/28 21:43:36.0168 5036 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/28 21:43:36.0351 5036 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/28 21:43:36.0443 5036 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/28 21:43:36.0561 5036 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/28 21:43:36.0735 5036 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/28 21:43:36.0939 5036 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/28 21:43:37.0223 5036 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/28 21:43:37.0689 5036 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/28 21:43:38.0309 5036 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/28 21:43:38.0378 5036 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/28 21:43:38.0449 5036 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/28 21:43:38.0642 5036 O2MDRDR (305e0ec480ebc7a24d4b691da76e008c) C:\Windows\system32\DRIVERS\o2media.sys
2011/04/28 21:43:38.0701 5036 O2SDRDR (6e590c91f97ae5e3408453c8ae9a3000) C:\Windows\system32\DRIVERS\o2sd.sys
2011/04/28 21:43:38.0813 5036 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM13Vfx.sys
2011/04/28 21:43:38.0942 5036 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\Windows\system32\DRIVERS\OEM13Vid.sys
2011/04/28 21:43:39.0080 5036 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/28 21:43:39.0314 5036 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/28 21:43:39.0413 5036 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/28 21:43:39.0468 5036 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/28 21:43:39.0573 5036 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/28 21:43:39.0653 5036 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/28 21:43:39.0743 5036 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/28 21:43:39.0856 5036 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/28 21:43:40.0182 5036 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/28 21:43:40.0249 5036 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/28 21:43:40.0365 5036 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/28 21:43:40.0492 5036 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/28 21:43:40.0704 5036 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/28 21:43:40.0914 5036 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/28 21:43:41.0016 5036 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/28 21:43:41.0101 5036 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/28 21:43:41.0198 5036 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/28 21:43:41.0294 5036 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/28 21:43:41.0384 5036 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/28 21:43:41.0496 5036 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/28 21:43:41.0639 5036 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/28 21:43:41.0851 5036 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/04/28 21:43:41.0930 5036 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/28 21:43:42.0053 5036 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/28 21:43:42.0312 5036 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/28 21:43:42.0563 5036 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/04/28 21:43:42.0880 5036 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/28 21:43:42.0969 5036 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/28 21:43:43.0137 5036 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/28 21:43:43.0256 5036 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/28 21:43:43.0363 5036 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/28 21:43:43.0444 5036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/28 21:43:43.0543 5036 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/28 21:43:43.0655 5036 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/28 21:43:43.0835 5036 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/28 21:43:43.0951 5036 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/28 21:43:44.0026 5036 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/28 21:43:44.0079 5036 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/28 21:43:44.0139 5036 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/28 21:43:44.0228 5036 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/28 21:43:44.0278 5036 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/28 21:43:44.0349 5036 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/28 21:43:44.0453 5036 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/28 21:43:44.0553 5036 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/28 21:43:44.0652 5036 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/28 21:43:44.0718 5036 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/28 21:43:44.0784 5036 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/28 21:43:44.0937 5036 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/28 21:43:45.0030 5036 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/28 21:43:45.0119 5036 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/28 21:43:45.0176 5036 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/28 21:43:45.0225 5036 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/28 21:43:45.0340 5036 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/28 21:43:45.0523 5036 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/28 21:43:45.0660 5036 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/28 21:43:45.0758 5036 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/28 21:43:45.0853 5036 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/28 21:43:45.0934 5036 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/28 21:43:46.0024 5036 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/28 21:43:46.0116 5036 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/28 21:43:46.0266 5036 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/28 21:43:46.0323 5036 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/28 21:43:46.0387 5036 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/28 21:43:46.0450 5036 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/28 21:43:46.0531 5036 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/28 21:43:46.0622 5036 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/28 21:43:46.0689 5036 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/28 21:43:46.0765 5036 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/28 21:43:46.0893 5036 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/28 21:43:46.0958 5036 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/28 21:43:47.0288 5036 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/28 21:43:47.0370 5036 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/28 21:43:47.0455 5036 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/28 21:43:47.0543 5036 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/28 21:43:47.0605 5036 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/28 21:43:47.0696 5036 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/28 21:43:47.0748 5036 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/04/28 21:43:47.0829 5036 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/28 21:43:47.0900 5036 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/28 21:43:48.0084 5036 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/28 21:43:48.0191 5036 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/28 21:43:48.0245 5036 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/28 21:43:48.0402 5036 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/28 21:43:48.0483 5036 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/28 21:43:48.0642 5036 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/28 21:43:48.0731 5036 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/28 21:43:48.0880 5036 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/28 21:43:48.0969 5036 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/28 21:43:49.0053 5036 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/28 21:43:49.0152 5036 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/28 21:43:49.0210 5036 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 21:43:49.0248 5036 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/28 21:43:49.0368 5036 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/28 21:43:49.0485 5036 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/28 21:43:49.0876 5036 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/28 21:43:50.0004 5036 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/28 21:43:50.0106 5036 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/28 21:43:50.0307 5036 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/28 21:43:50.0401 5036 ZTEusbmdm6k (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/04/28 21:43:50.0466 5036 ZTEusbnet (453a60f8dc22fc296bc482cbf3eff213) C:\Windows\system32\DRIVERS\ZTEusbnet.sys
2011/04/28 21:43:50.0544 5036 ZTEusbnmea (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/04/28 21:43:50.0778 5036 ZTEusbser6k (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/04/28 21:43:50.0872 5036 ZTEusbvoice (2a6f72d2b6a549b1fc6a6522bc204159) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
2011/04/28 21:43:50.0991 5036 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/28 21:43:51.0042 5036 ================================================================================
2011/04/28 21:43:51.0042 5036 Scan finished
2011/04/28 21:43:51.0042 5036 ================================================================================
2011/04/28 21:43:51.0072 3880 Detected object count: 1
2011/04/28 21:44:07.0672 3880 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/28 21:44:07.0672 3880 \HardDisk0 - ok
2011/04/28 21:44:07.0675 3880 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/28 21:44:13.0138 2876 Deinitialize success

still getting messages such as bonjour not starting up at start up ,also extremely slow internet explorer and searches still being directed to ebay scour etc
 
I wasn't expecting those programs to solve all the problems. In this forum, we take one step at time:
==============================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Please Uncheck "Remove found threats" (I will remove them, if any, in a programs that will also remove related files)
  7. Check "Scan unwanted applications"
  8. Click Scan
  9. Wait for the scan to finish
  10. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  11. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  12. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
===========================================
Please note: If you have Combofix on the desktop already, please uninstall it. If not, just go to the Combofix download:
Uninstall ComboFix:
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
======================
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=682fb83aff219146a231349a29ade0ac
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-30 02:35:47
# local_time=2011-04-30 03:35:47 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 174519 40705182 170869 0
# compatibility_mode=5892 16776574 100 95 19847607 141701335 0 0
# compatibility_mode=8192 67108863 100 0 384296 384296 0 0
# scanned=117042
# found=0
# cleaned=0
# scan_time=5514
 
ComboFix 11-04-30.02 - Administrator 30/04/2011 23:01:35.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3070.1523 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
c:\windows\system32\userinit.exe . . . is infected!!
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-30 22:12 . 2011-04-30 22:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-04-30 22:12 . 2011-04-30 22:12 -------- d-----w- c:\users\shahbaz\AppData\Local\temp
2011-04-30 22:12 . 2011-04-30 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-30 12:59 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC0FD859-51D2-4A2E-AF7E-E83D68F471A0}\mpengine.dll
2011-04-30 12:44 . 2011-04-30 21:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2011-04-28 21:10 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-28 21:09 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 21:09 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 21:09 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 21:09 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-28 21:09 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-27 14:12 . 2011-04-27 14:12 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2011-04-27 13:02 . 2011-04-27 13:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Template
2011-04-27 01:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 01:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 23:31 . 2011-04-26 23:32 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2011-04-26 23:00 . 2011-04-26 23:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\Avira
2011-04-26 22:47 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-26 22:47 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-26 22:47 . 2011-04-26 22:47 -------- d-----w- c:\programdata\Avira
2011-04-26 22:47 . 2011-04-26 22:47 -------- d-----w- c:\program files\Avira
2011-04-26 02:18 . 2011-04-26 02:18 -------- d-----w- c:\program files\ESET
2011-04-22 01:12 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 22:46 . 2011-04-20 22:46 -------- d-----w- c:\users\shahbaz\AppData\Local\DDMSettings
2011-04-20 22:42 . 2011-04-20 22:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-04-20 01:46 . 2011-04-20 01:46 -------- d-----w- c:\users\shahbaz\AppData\Local\Mozilla
2011-04-19 00:18 . 2011-04-19 00:26 -------- d-----w- c:\users\shahbaz\AppData\Local\ElevatedDiagnostics
2011-04-19 00:16 . 2011-04-19 00:16 -------- d-----w- c:\program files\Microsoft ATS
2011-04-19 00:01 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-19 00:01 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-19 00:01 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-04-18 03:25 . 2011-04-18 03:25 -------- d-----w- C:\ab26ce1d3b121af7df7fc04e
2011-04-18 03:22 . 2011-01-20 14:14 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-04-18 03:22 . 2011-01-20 16:06 2873344 ----a-w- c:\windows\system32\mf.dll
2011-04-18 03:22 . 2011-01-20 14:14 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-04-18 03:22 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-04-18 03:22 . 2011-01-20 14:24 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-18 03:22 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-04-18 03:22 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-04-18 02:31 . 2011-04-18 02:45 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sammsoft
2011-04-18 02:19 . 2011-04-18 02:23 -------- d-----w- c:\windows\$regcmp$
2011-04-18 02:11 . 2011-04-18 02:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\SmartPCTools
2011-04-14 15:46 . 2010-11-30 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88999D78-2F69-4109-9574-2F1CBC1E0D68}\gapaengine.dll
2011-04-14 15:40 . 2011-04-14 15:40 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-14 15:36 . 2011-04-14 15:36 -------- d-----w- c:\program files\Common Files\Java
2011-04-13 00:24 . 2011-04-13 00:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2011-04-12 22:58 . 2011-04-12 22:58 -------- d-----w- c:\users\shahbaz\AppData\Roaming\Malwarebytes
2011-04-12 22:58 . 2011-04-12 22:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-12 22:58 . 2011-04-27 01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 16:23 . 2011-04-14 23:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-04-03 19:31 . 2011-04-03 19:31 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 09:29 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-04-28 21:09 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 21:10 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 21:09 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 21:10 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-12-11 10:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2010-07-31 18:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:57 . 2011-04-20 01:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-04 4907008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-20 3563520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-21 274608]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-01 21:45 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 06:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R1 MpKsl059d5ba4;MpKsl059d5ba4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76296B95-034E-4BAE-A588-0DE38E2F6B16}\MpKsl059d5ba4.sys [x]
R1 MpKsl0e35e201;MpKsl0e35e201;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A85744DD-B436-4AB7-8489-4D1A3B7688D7}\MpKsl0e35e201.sys [x]
R1 MpKsl15edd4fa;MpKsl15edd4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA842E7F-5CD8-499D-B1BB-F651C57B27C7}\MpKsl15edd4fa.sys [x]
R1 MpKsl1f027bd5;MpKsl1f027bd5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl1f027bd5.sys [x]
R1 MpKsl22aec72c;MpKsl22aec72c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EC21DDF-7B61-4B01-A09A-E26A6FF3C704}\MpKsl22aec72c.sys [x]
R1 MpKsl23a942af;MpKsl23a942af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E3C33-B3FD-4172-B144-F862A50482C4}\MpKsl23a942af.sys [x]
R1 MpKsl29d4e984;MpKsl29d4e984;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl29d4e984.sys [x]
R1 MpKsl2a36455e;MpKsl2a36455e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E3C33-B3FD-4172-B144-F862A50482C4}\MpKsl2a36455e.sys [x]
R1 MpKsl34671c43;MpKsl34671c43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EAF9E39-A26E-4194-BB06-875C25C84E36}\MpKsl34671c43.sys [x]
R1 MpKsl3a1516e5;MpKsl3a1516e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl3a1516e5.sys [x]
R1 MpKsl4453f55b;MpKsl4453f55b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl4453f55b.sys [x]
R1 MpKsl44854048;MpKsl44854048;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10315178-3E52-4EA6-9F81-502D87DA1D0C}\MpKsl44854048.sys [x]
R1 MpKsl46ed0474;MpKsl46ed0474;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8428D-5B32-4D0C-A5E0-AD52CD52045E}\MpKsl46ed0474.sys [x]
R1 MpKsl4d2e1481;MpKsl4d2e1481;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DE79C12-1E64-4677-95E0-0460E8116E5B}\MpKsl4d2e1481.sys [x]
R1 MpKsl616f29e3;MpKsl616f29e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27231138-BED7-4FE5-A0F1-0BFAEF9B3D56}\MpKsl616f29e3.sys [x]
R1 MpKsl65298408;MpKsl65298408;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl65298408.sys [x]
R1 MpKsl665c5764;MpKsl665c5764;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3218C03F-DC73-40E4-BA08-42B2034453B5}\MpKsl665c5764.sys [x]
R1 MpKsl6b835e7f;MpKsl6b835e7f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKsl6b835e7f.sys [x]
R1 MpKsl6cdd9eac;MpKsl6cdd9eac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF7D0B90-47E9-4D1C-842E-94449A68701C}\MpKsl6cdd9eac.sys [x]
R1 MpKsl7249b573;MpKsl7249b573;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65337EDC-4DA4-4855-BCF4-B93189FA9039}\MpKsl7249b573.sys [x]
R1 MpKsl76d86933;MpKsl76d86933;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2ED53EF-BD8B-4552-87CF-5807AF008D62}\MpKsl76d86933.sys [x]
R1 MpKsl79002210;MpKsl79002210;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8428D-5B32-4D0C-A5E0-AD52CD52045E}\MpKsl79002210.sys [x]
R1 MpKsl8a07f1d3;MpKsl8a07f1d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390D937C-AA4C-4EF7-ADA3-EE04546D1F9E}\MpKsl8a07f1d3.sys [x]
R1 MpKsl9078bbe0;MpKsl9078bbe0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C85C945-F51D-4568-98DB-BB67477F4506}\MpKsl9078bbe0.sys [x]
R1 MpKsl9890e981;MpKsl9890e981;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl9890e981.sys [x]
R1 MpKsl9efac3e3;MpKsl9efac3e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKsl9efac3e3.sys [x]
R1 MpKsla120204d;MpKsla120204d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF7D0B90-47E9-4D1C-842E-94449A68701C}\MpKsla120204d.sys [x]
R1 MpKsla19e334d;MpKsla19e334d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{349A63F7-8208-4980-BD37-4D83F8649B29}\MpKsla19e334d.sys [x]
R1 MpKsla4df3f62;MpKsla4df3f62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1912C3F-972A-4137-A817-8B464CDA0F7C}\MpKsla4df3f62.sys [x]
R1 MpKslaa083dd1;MpKslaa083dd1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKslaa083dd1.sys [x]
R1 MpKslbf9e0f08;MpKslbf9e0f08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKslbf9e0f08.sys [x]
R1 MpKsldcb01bf3;MpKsldcb01bf3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E1A6555-A1F4-4FD3-9DFC-052D36C7C23B}\MpKsldcb01bf3.sys [x]
R1 MpKslf3776eca;MpKslf3776eca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AA07AC5-7517-4FF9-BE8D-DB62C1CCAC79}\MpKslf3776eca.sys [x]
R1 MpKslfd10cd6c;MpKslfd10cd6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DE79C12-1E64-4677-95E0-0460E8116E5B}\MpKslfd10cd6c.sys [x]
R1 MpKslfea62f1e;MpKslfea62f1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2ED53EF-BD8B-4552-87CF-5807AF008D62}\MpKslfea62f1e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 136176]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-03-25 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 105856]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-04 77824]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-31 10:14]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 13:12]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 13:12]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345154763-3622116426-816371545-1000Core.job
- c:\users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 16:44]
.
2011-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345154763-3622116426-816371545-1000UA.job
- c:\users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 16:44]
.
2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3345154763-3622116426-816371545-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\igk5pcsv.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-30 23:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,3d,1b,b6,e9,9c,d5,40,93,f9,48,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,3d,1b,b6,e9,9c,d5,40,93,f9,48,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2792)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-04-30 23:27:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-30 22:27
.
Pre-Run: 232,206,077,952 bytes free
Post-Run: 232,242,683,904 bytes free
.
- - End Of File - - 719B9C83E1618DD303E54506A0AF99F4
 
There is another log from DDS- it's named Attach.txt Please find that in your system and paste it in your next reply. There are some app data that go to variable processes. Without that log, I can't refer to what you have installed.
====================================================
You are running 2 antivirus programs. You should only have 1. Multiple AV make the system more vulnerable, no less. Please uninstall one of them. Here are some tools that will help: For Vista:
For Microsoft Security Essentials
  1. Click
    2441486.jpg
  2. In the Search programs and files text box, type Appwiz.cpl, and then press ENTER.
  3. Right-click Microsoft Security Essentials> click Uninstall.
  4. Restart the computer.
For Avira
  1. Click
    2441486.jpg
  2. Uninstall a program
  3. Wait for the list of installed programs to load, then click the name of the Avira program.
  4. Click Remove in the menu above the list (Windows Vista / 7).
  5. Press Yes, to confirm the removal and then OK.
  6. Click Next until Finish. The software is removed.
=============================================
It looks like you tried downloading programs to try and fix the system, but most are questionable Registry cleaners found on questionable sites.. Please don't update or use whatever you got from Sammsoft or SmartPCTools on 4/18/2011.
 
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 1:12:09.44 on 01/05/2011
Internet Explorer: 8.0.6001.19048
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3070.1992 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM13Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\igk5pcsv.default\
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsld95a66b3;MpKsld95a66b3;c:\programdata\microsoft\microsoft antimalware\definition updates\{cd96ac2c-de4a-45b2-bff6-31f847e59be2}\MpKsld95a66b3.sys [2011-5-1 28752]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2010-7-31 77824]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-29 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 235840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-11 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-8-28 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-8-28 105856]
.
=============== Created Last 30 ================
.
2011-04-30 23:58:26 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{cd96ac2c-de4a-45b2-bff6-31f847e59be2}\MpKsld95a66b3.sys
2011-04-30 22:29:31 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{cd96ac2c-de4a-45b2-bff6-31f847e59be2}\mpengine.dll
2011-04-30 22:17:34 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-28 21:10:58 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-28 21:09:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 21:09:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 21:09:45 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 21:09:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-28 21:09:34 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-27 14:12:51 -------- d-----w- c:\users\admini~1\appdata\local\Mozilla
2011-04-27 01:41:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 01:41:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 23:31:46 -------- d-----w- c:\users\admini~1\appdata\local\Adobe
2011-04-26 02:18:57 -------- d-----w- c:\program files\ESET
2011-04-25 23:15:14 98816 ----a-w- c:\windows\sed.exe
2011-04-25 23:15:14 89088 ----a-w- c:\windows\MBR.exe
2011-04-25 23:15:14 256512 ----a-w- c:\windows\PEV.exe
2011-04-25 23:15:14 161792 ----a-w- c:\windows\SWREG.exe
2011-04-22 01:12:44 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-20 22:42:24 -------- d-----w- c:\program files\common files\DivX Shared
2011-04-19 00:16:34 -------- d-----w- c:\program files\Microsoft ATS
2011-04-19 00:01:33 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-19 00:01:32 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-19 00:01:31 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-04-18 03:25:35 -------- d-----w- C:\ab26ce1d3b121af7df7fc04e
2011-04-18 03:22:59 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-04-18 03:22:58 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-04-18 03:22:58 2873344 ----a-w- c:\windows\system32\mf.dll
2011-04-18 03:22:57 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-18 03:22:57 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-04-18 03:22:56 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-04-18 03:22:56 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-04-18 02:31:53 -------- d-----w- c:\users\admini~1\appdata\roaming\Sammsoft
2011-04-18 02:19:01 -------- d-----w- c:\windows\$regcmp$
2011-04-18 02:11:05 -------- d-----w- c:\users\admini~1\appdata\roaming\SmartPCTools
2011-04-14 15:46:47 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{88999d78-2f69-4109-9574-2f1cbc1e0d68}\gapaengine.dll
2011-04-14 15:40:32 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-13 00:24:33 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
2011-04-12 22:58:51 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-12 22:58:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 1:13:04.67 ===============
 
it did not give me attach last time but this time it has..
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 31/07/2010 18:09:47
System Uptime: 01/05/2011 00:57:19 (1 hours ago)
.
Motherboard: Dell Inc. | | 0G914C
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 800/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 216.383 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Adobe Reader Extended Language Support Font Pack
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Disk Defrag
AviSynth 2.5
BitTorrent
Bonjour
Broadcom 440x 10/100 Integrated Controller
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
Dell Resource CD
Dell Wireless WLAN Card Utility
DivX Setup
ESET Online Scanner v3
ffdshow [rev 2583] [2009-01-05]
Glary Utilities 2.26.0.956
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC Driver Installer
HTC Sync
Initio USB Default Controller Driver 32-bit
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Laptop Integrated Webcam Driver (1.01.01.0529)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 4.0 (x86 en-GB)
NVIDIA Drivers
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
Photo Story 3 for Windows
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Segoe UI
Skype Toolbars
Skype™ 5.1
Sonic CinePlayer Decoder Pack
Sothink Movie DVD Maker
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
UrduPlugin
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.2
WD Software Upgrader
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
.
==== End Of File ===========================
 
There is a file on the system that needs to be further identified:

Please go to VirSCAN.org FREE on-line scan service:
If busy, you can use one of the following: ( you only need one)
VirusTotal
Jotti

  • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

    Code: 
      [b]c:\windows\system32\userinit.exe

    c:\windows\explorer.exe

    c:\window\system32\svchost.exe[/b]
    [2]. At the upload site, click once inside the window next to Browse.
    [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
    [4]. Click on the Upload button.
    This will perform a scan across multiple different virus scanning engines.
    Your file will possibly be entered into a queue which normally takes less than a minute to clear.
    Important: Wait for all of the scanning engines to complete- if there is a notice that there is a later version, please click to get that.
    [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
    [6]. Paste the contents of the Clipboard in your next reply.
==================================
About this program: Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan:
Uninstall ComboFix: (if needed)
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
----------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
hi two things to report
1. although i have combofix on my desktop i keep getting the message windows cannot find combofix
2. the copy and paste function in the browse box is not working it will not even allow me to type it in
 
i can do them individually...
VirSCAN.org Scanned Report :
Scanned time : 2011/03/27 16:39:30 (BST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 25088 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0e135526e9785d085bcd9aede6fbcbf9
SHA1 : d15244d41efddbab08d53fe032aedff39091d3af
Online report : http://virscan.org/report/f8b01790746ae6ccfdbf508cbad8baab.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110327010737 2011-03-27 15.50 -
AhnLab V3 2011.03.27.01 2011.03.27 2011-03-27 1.76 -
AntiVir 8.2.4.192 7.11.5.80 2011-03-27 0.27 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2010 201103240801 2011-03-24 0.00 -
Authentium 5.1.1 201103271446 2011-03-27 1.57 -
AVAST! 4.7.4 110327-0 2011-03-27 0.01 -
AVG 8.5.850 271.1.1/3516 2011-03-19 0.24 -
BitDefender 7.90123.7001104 7.36817 2011-03-27 6.48 -
ClamAV 0.96.5 12911 2011-03-26 0.01 -
Comodo 4.0 8126 2011-03-27 1.30 -
CP Secure 1.3.0.5 2011.03.27 2011-03-27 0.04 -
Dr.Web 5.0.2.3300 2011.03.27 2011-03-27 11.30 -
F-Prot 4.4.4.56 20110326 2011-03-26 1.56 -
F-Secure 7.02.73807 2011.03.27.01 2011-03-27 0.07 -
Fortinet 4.2.254 13.48 2011-03-26 0.33 -
GData 21.2141/21.773 20110327 2011-03-27 10.93 -
ViRobot 20110326 2011.03.26 2011-03-26 0.94 -
Ikarus T3.1.32.20.0 2011.03.27.78032 2011-03-27 4.88 -
JiangMin 13.0.900 2011.03.27 2011-03-27 2.16 -
Kaspersky 5.5.10 2011.03.27 2011-03-27 0.10 -
KingSoft 2009.2.5.15 2011.3.27.9 2011-03-27 1.09 -
McAfee 5400.1158 6297 2011-03-26 9.12 -
Microsoft 1.6702 2011.03.27 2011-03-27 35.72 -
NOD32 3.0.21 5988 2011-03-26 0.32 -
Norman 6.07.03 6.07.00 2011-03-26 16.07 -
Panda 9.05.01 2011.03.27 2011-03-27 2.09 -
Trend Micro 9.200-1012 7.930.07 2011-03-27 0.04 -
Quick Heal 11.00 2011.03.26 2011-03-26 0.96 -
Rising 20.0 23.50.05.05 2011-03-26 2.52 -
Sophos 3.16.1 4.62 2011-03-27 3.06 -
Sunbelt 3.9.2486.2 8831 2011-03-26 0.77 -
Symantec 1.3.0.24 20110326.002 2011-03-26 0.06 -
nProtect 20110326.01 3275801 2011-03-26 15.61 -
The Hacker 6.7.0.1 v00159 2011-03-26 1.26 -
VBA32 3.12.14.3 20110325.1219 2011-03-25 3.68 -
VirusBuster 5.2.0.28 13.6.272.0/48565992011-03-27 0.00 -
 
File Name : explorer.exe
File Size : 2926592 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : d07d4c3038f3578ffce1c0237f2a1253
SHA1 : 4b3bd605b63749ff255e048ca6f27aff95aec24a
Scanner results
Scanner results : Scanners did not find malware!
Time : 2011/04/20 07:31:20 (BST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 5.1.0.2 20110420015251 2011-04-20 - 5.213
AhnLab V3 2011.04.20.00 2011.04.20 2011-04-20 - 1.972
AntiVir 8.2.4.208 7.11.6.207 2011-04-20 - 0.286
Antiy 2.0.18 20110205.7694535 2011-02-05 - 0.122
Arcavir 2011 201103241627 2011-03-24 - 0.057
Authentium 5.1.1 201104192156 2011-04-19 - 1.497
AVAST! 4.7.4 110419-1 2011-04-19 - 0.139
AVG 8.5.850 271.1.1/3584 2011-04-20 - 0.247
BitDefender 7.90123.7136443 7.37167 2011-04-20 - 6.550
ClamAV 0.96.5 12998 2011-04-20 - 0.381
Comodo 4.0 8407 2011-04-20 - 1.151
CP Secure 1.3.0.5 2011.04.20 2011-04-20 - 0.479
Dr.Web 5.0.2.3300 2011.04.20 2011-04-20 - 12.568
F-Prot 4.4.4.56 20110419 2011-04-19 - 1.496
F-Secure 7.02.73807 2011.04.20.02 2011-04-20 - 13.124
Fortinet 4.2.257 13.130 2011-04-19 - 0.252
GData 22.118/22.48 20110420 2011-04-20 - 15.962
Ikarus T3.1.32.20.0 2011.04.20.78206 2011-04-20 - 4.672
JiangMin 13.0.900 2011.04.19 2011-04-19 - 2.704
Kaspersky 5.5.10 2011.04.19 2011-04-19 - 0.102
KingSoft 2009.2.5.15 2011.4.20.9 2011-04-20 - 0.887
McAfee 5400.1158 6320 2011-04-18 - 10.004
Microsoft 1.6802 2011.04.19 2011-04-19 - 7.059
NOD32 3.0.21 6054 2011-04-19 - 0.008
Norman 6.07.08 6.07.00 2011-04-19 - 30.044
nProtect 20110419.01 3374362 2011-04-19 - 31.659
Panda 9.05.01 2011.04.19 2011-04-19 - 10.241
Quick Heal 11.00 2011.04.17 2011-04-17 - 7.771
Rising 20.0 23.54.01.06 2011-04-19 - 7.352
Sophos 3.18.0 4.64 2011-04-20 - 4.052
Sunbelt 3.9.2490.2 9065 2011-04-19 - 10.878
Symantec 1.3.0.24 20110419.003 2011-04-19 - 0.004
The Hacker 6.7.0.1 v00176 2011-04-18 - 1.355
Trend Micro 9.200-1012 7.990.07 2011-04-19 - 0.037
VBA32 3.12.16.0 20110419.0922 2011-04-19 - 4.407
ViRobot 20110419 2011.04.19 2011-04-19 - 3.456
VirusBuster 5.2.0.28 13.6.312.2/4996616 2011-04-19 - 0.002
 
File Name : svchost.exe
File Size : 21504 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 3794b461c45882e06856f282eef025af
SHA1 : bf15549a7ec01ac505ccac036aba5b9bae688135
Scanner results
Scanner results : Scanners did not find malware!
Time : 2011/04/22 16:07:06 (BST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 5.1.0.2 20110422015551 2011-04-22 - 0.078
AhnLab V3 2011.04.21.01 2011.04.21 2011-04-21 - 0.077
AntiVir 8.2.4.214 7.11.6.251 2011-04-22 - 0.335
Antiy 2.0.18 20110205.7694535 2011-02-05 - 0.157
Arcavir 2011 201103241627 2011-03-24 - 0.029
Authentium 5.1.1 201104220624 2011-04-22 - 1.509
AVAST! 4.7.4 110422-0 2011-04-22 - 0.009
AVG 8.5.850 271.1.1/3589 2011-04-22 - 0.242
BitDefender 7.90123.7146338 7.37194 2011-04-22 - 6.493
ClamAV 0.96.5 13003 2011-04-21 - 0.003
Comodo 4.0 8434 2011-04-22 - 0.078
CP Secure 1.3.0.5 2011.04.22 2011-04-22 - 0.051
Dr.Web 5.0.2.3300 2011.04.22 2011-04-22 - 11.429
F-Prot 4.4.4.56 20110420 2011-04-20 - 1.510
F-Secure 7.02.73807 2011.04.22.02 2011-04-22 - 12.535
Fortinet 4.2.257 13.137 2011-04-21 - 0.078
GData 22.141/22.52 20110422 2011-04-22 - 0.078
Ikarus T3.1.32.20.0 2011.04.22.78224 2011-04-22 - 4.684
JiangMin 13.0.900 2011.04.21 2011-04-21 - 0.083
Kaspersky 5.5.10 2011.04.22 2011-04-22 - 0.096
KingSoft 2009.2.5.15 2011.4.22.16 2011-04-22 - 0.078
McAfee 5400.1158 6320 2011-04-18 - 5.736
Microsoft 1.6802 2011.04.22 2011-04-22 - 0.081
NOD32 3.0.21 6061 2011-04-21 - 0.011
Norman 6.07.08 6.07.00 2011-04-21 - 10.170
nProtect 20110422.01 3390140 2011-04-22 - 0.090
Panda 9.05.01 2011.04.22 2011-04-22 - 0.083
Quick Heal 11.00 2011.04.21 2011-04-21 - 0.086
Rising 20.0 23.54.03.06 2011-04-21 - 0.087
Sophos 3.18.0 4.64 2011-04-22 - 3.928
Sunbelt 3.9.2490.2 9085 2011-04-22 - 0.080
Symantec 1.3.0.24 20110421.002 2011-04-21 - 112.074
The Hacker 6.7.0.1 v00176 2011-04-18 - 0.127
Trend Micro 9.200-1012 8.112.05 2011-04-22 - 0.037
VBA32 3.12.16.0 20110421.2047 2011-04-21 - 7.100
ViRobot 20110422 2011.04.22 2011-04-22 - 0.080
VirusBuster 5.2.0.28 13.6.316.0/5016476 2011-04-22 - 0.015
 
ComboFix 11-05-01.01 - Administrator 02/05/2011 2:19.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3070.1816 [GMT 1:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 01:29 . 2011-05-02 01:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-05-02 01:29 . 2011-05-02 01:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-05-02 01:29 . 2011-05-02 01:29 -------- d-----w- c:\users\shahbaz\AppData\Local\temp
2011-05-02 01:29 . 2011-05-02 01:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-02 00:49 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46A3DE2-6E06-4A25-ADD8-EB0D4E907C58}\mpengine.dll
2011-04-30 12:44 . 2011-04-30 21:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2011-04-28 21:10 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-28 21:09 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 21:09 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 21:09 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 21:09 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-28 21:09 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-27 14:12 . 2011-04-27 14:12 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2011-04-27 13:02 . 2011-04-27 13:02 -------- d-----w- c:\users\Administrator\AppData\Roaming\Template
2011-04-27 01:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 01:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-26 23:31 . 2011-04-26 23:32 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2011-04-26 02:18 . 2011-04-26 02:18 -------- d-----w- c:\program files\ESET
2011-04-22 01:12 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-20 22:46 . 2011-04-20 22:46 -------- d-----w- c:\users\shahbaz\AppData\Local\DDMSettings
2011-04-20 22:42 . 2011-04-20 22:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-04-20 01:46 . 2011-04-20 01:46 -------- d-----w- c:\users\shahbaz\AppData\Local\Mozilla
2011-04-19 00:18 . 2011-04-19 00:26 -------- d-----w- c:\users\shahbaz\AppData\Local\ElevatedDiagnostics
2011-04-19 00:16 . 2011-04-19 00:16 -------- d-----w- c:\program files\Microsoft ATS
2011-04-19 00:01 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-19 00:01 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-19 00:01 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-04-18 03:25 . 2011-04-18 03:25 -------- d-----w- C:\ab26ce1d3b121af7df7fc04e
2011-04-18 03:22 . 2011-01-20 14:14 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-04-18 03:22 . 2011-01-20 16:06 2873344 ----a-w- c:\windows\system32\mf.dll
2011-04-18 03:22 . 2011-01-20 14:14 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-04-18 03:22 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-04-18 03:22 . 2011-01-20 14:24 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-04-18 03:22 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-04-18 03:22 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-04-18 02:31 . 2011-04-18 02:45 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sammsoft
2011-04-18 02:19 . 2011-04-18 02:23 -------- d-----w- c:\windows\$regcmp$
2011-04-18 02:11 . 2011-04-18 02:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\SmartPCTools
2011-04-14 15:46 . 2010-11-30 10:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88999D78-2F69-4109-9574-2F1CBC1E0D68}\gapaengine.dll
2011-04-14 15:40 . 2011-04-14 15:40 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-14 15:36 . 2011-04-14 15:36 -------- d-----w- c:\program files\Common Files\Java
2011-04-13 00:24 . 2011-04-13 00:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2011-04-12 22:58 . 2011-04-12 22:58 -------- d-----w- c:\users\shahbaz\AppData\Roaming\Malwarebytes
2011-04-12 22:58 . 2011-04-12 22:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-12 22:58 . 2011-04-27 01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 16:23 . 2011-04-14 23:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-04-03 19:31 . 2011-04-03 19:31 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-13 09:29 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-04-28 21:09 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 21:10 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 21:09 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 21:10 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-12-11 10:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2010-07-31 18:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:57 . 2011-04-20 01:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-04 4907008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-20 3563520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-21 274608]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-01 21:45 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-20 06:36 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R1 MpKsl059d5ba4;MpKsl059d5ba4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76296B95-034E-4BAE-A588-0DE38E2F6B16}\MpKsl059d5ba4.sys [x]
R1 MpKsl0e35e201;MpKsl0e35e201;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A85744DD-B436-4AB7-8489-4D1A3B7688D7}\MpKsl0e35e201.sys [x]
R1 MpKsl15edd4fa;MpKsl15edd4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA842E7F-5CD8-499D-B1BB-F651C57B27C7}\MpKsl15edd4fa.sys [x]
R1 MpKsl1f027bd5;MpKsl1f027bd5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl1f027bd5.sys [x]
R1 MpKsl22aec72c;MpKsl22aec72c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7EC21DDF-7B61-4B01-A09A-E26A6FF3C704}\MpKsl22aec72c.sys [x]
R1 MpKsl23a942af;MpKsl23a942af;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E3C33-B3FD-4172-B144-F862A50482C4}\MpKsl23a942af.sys [x]
R1 MpKsl29d4e984;MpKsl29d4e984;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl29d4e984.sys [x]
R1 MpKsl2a36455e;MpKsl2a36455e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D9E3C33-B3FD-4172-B144-F862A50482C4}\MpKsl2a36455e.sys [x]
R1 MpKsl34671c43;MpKsl34671c43;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EAF9E39-A26E-4194-BB06-875C25C84E36}\MpKsl34671c43.sys [x]
R1 MpKsl3a1516e5;MpKsl3a1516e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl3a1516e5.sys [x]
R1 MpKsl4453f55b;MpKsl4453f55b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl4453f55b.sys [x]
R1 MpKsl44854048;MpKsl44854048;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{10315178-3E52-4EA6-9F81-502D87DA1D0C}\MpKsl44854048.sys [x]
R1 MpKsl46ed0474;MpKsl46ed0474;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8428D-5B32-4D0C-A5E0-AD52CD52045E}\MpKsl46ed0474.sys [x]
R1 MpKsl4d2e1481;MpKsl4d2e1481;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DE79C12-1E64-4677-95E0-0460E8116E5B}\MpKsl4d2e1481.sys [x]
R1 MpKsl616f29e3;MpKsl616f29e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27231138-BED7-4FE5-A0F1-0BFAEF9B3D56}\MpKsl616f29e3.sys [x]
R1 MpKsl65298408;MpKsl65298408;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKsl65298408.sys [x]
R1 MpKsl665c5764;MpKsl665c5764;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3218C03F-DC73-40E4-BA08-42B2034453B5}\MpKsl665c5764.sys [x]
R1 MpKsl6b835e7f;MpKsl6b835e7f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKsl6b835e7f.sys [x]
R1 MpKsl6cdd9eac;MpKsl6cdd9eac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF7D0B90-47E9-4D1C-842E-94449A68701C}\MpKsl6cdd9eac.sys [x]
R1 MpKsl7249b573;MpKsl7249b573;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65337EDC-4DA4-4855-BCF4-B93189FA9039}\MpKsl7249b573.sys [x]
R1 MpKsl76d86933;MpKsl76d86933;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2ED53EF-BD8B-4552-87CF-5807AF008D62}\MpKsl76d86933.sys [x]
R1 MpKsl79002210;MpKsl79002210;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACD8428D-5B32-4D0C-A5E0-AD52CD52045E}\MpKsl79002210.sys [x]
R1 MpKsl8a07f1d3;MpKsl8a07f1d3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{390D937C-AA4C-4EF7-ADA3-EE04546D1F9E}\MpKsl8a07f1d3.sys [x]
R1 MpKsl9078bbe0;MpKsl9078bbe0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C85C945-F51D-4568-98DB-BB67477F4506}\MpKsl9078bbe0.sys [x]
R1 MpKsl9890e981;MpKsl9890e981;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64CA3EFD-5184-46E8-B3FF-AE04E123CCAF}\MpKsl9890e981.sys [x]
R1 MpKsl9efac3e3;MpKsl9efac3e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKsl9efac3e3.sys [x]
R1 MpKsla120204d;MpKsla120204d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF7D0B90-47E9-4D1C-842E-94449A68701C}\MpKsla120204d.sys [x]
R1 MpKsla19e334d;MpKsla19e334d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{349A63F7-8208-4980-BD37-4D83F8649B29}\MpKsla19e334d.sys [x]
R1 MpKsla4df3f62;MpKsla4df3f62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1912C3F-972A-4137-A817-8B464CDA0F7C}\MpKsla4df3f62.sys [x]
R1 MpKslaa083dd1;MpKslaa083dd1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCD4C0E-13FF-4980-BD74-FD104215BB45}\MpKslaa083dd1.sys [x]
R1 MpKslbf9e0f08;MpKslbf9e0f08;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E21B2C8-FEE0-40E3-BC97-FF41FDCC6F5A}\MpKslbf9e0f08.sys [x]
R1 MpKsldcb01bf3;MpKsldcb01bf3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E1A6555-A1F4-4FD3-9DFC-052D36C7C23B}\MpKsldcb01bf3.sys [x]
R1 MpKslf3776eca;MpKslf3776eca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AA07AC5-7517-4FF9-BE8D-DB62C1CCAC79}\MpKslf3776eca.sys [x]
R1 MpKslfd10cd6c;MpKslfd10cd6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DE79C12-1E64-4677-95E0-0460E8116E5B}\MpKslfd10cd6c.sys [x]
R1 MpKslfea62f1e;MpKslfea62f1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2ED53EF-BD8B-4552-87CF-5807AF008D62}\MpKslfea62f1e.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 136176]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-03-25 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 105856]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-02-04 77824]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608]
S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-31 10:14]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 13:12]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-11 13:12]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345154763-3622116426-816371545-1000Core.job
- c:\users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 16:44]
.
2011-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3345154763-3622116426-816371545-1000UA.job
- c:\users\shahbaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-29 16:44]
.
2011-04-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3345154763-3622116426-816371545-1000.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\igk5pcsv.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 02:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,3d,1b,b6,e9,9c,d5,40,93,f9,48,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,89,3d,1b,b6,e9,9c,d5,40,93,f9,48,\
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2852)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2011-05-02 02:42:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-02 01:42
ComboFix2.txt 2011-04-30 22:27
.
Pre-Run: 233,197,764,608 bytes free
Post-Run: 233,528,967,168 bytes free
.
- - End Of File - - B6C51E41C89F568C17F39DB77912C8EC
 
A question please: Is this something you have set up?
2011-04-20 22:46 -------- d-----w- c:\users\shahbaz\AppData\Local\DDMSettings> In iSeries Navigator, navigate to the DDM settings: Network->Servers->TCP/IP
TCP/IP communication support concepts for DDM
There are several concepts that pertain specifically to the TCP/IP communications support used by DRDA® and DDM. These concepts are described here in detail.
http://en.wikipedia.org/wiki/IBM_System_i
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
Folder::
c:\users\Administrator\AppData\Local\temp
c:\windows\system32\config\systemprofile\AppData\Local\temp
c:\users\shahbaz\AppData\Local\temp
c:\users\Default\AppData\Local\temp
c:\users\Administrator\AppData\Roaming\SmartPCTools
c:\windows\$regcmp$
c:\users\Administrator\AppData\Roaming\Sammsof
RegLock::
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserCh oice].
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserC hoice]
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserCh oice].
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\User Choice]
[HKEY_USERS\S-1-5-21-3345154763-3622116426-816371545-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserCh oice]
DirLook::
C:\ab26ce1d3b121af7df7fc04e
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

1. 2011-04-20 22:46 c:\users\shahbaz\AppData\Local\DDMSettings. FYI:In iSeries Navigator, navigate to the DDM settings: Network->Servers->TCP/IP
TCP/IP communication support concepts for DDM
There are several concepts that pertain specifically to the TCP/IP communications support used by DRDA® and DDM. These concepts are described HERE. in detail. http://en.wikipedia.org/wiki/IBM_System_i

The following are all from 4/18/2011.
2. The regcmp command compiles the patterns in File and places output in a File.i file, or a File.c file when the - option is specified.
Looks like a programming tool for IBM. http://publib.boulder.ibm.com/infoc...m.ibm.aix.basetechref/doc/basetrf2/regcmp.htm
3. SmartPCTools has not created a publisher profile> Registry Repair Wizard/Version 2011 build 6.60Scan, repair, and restore your Registry.
4. Sammsof Appears to be another registry cleaner.Please Note: Searching for #2,3,4 brought up more unsafe sites to download that safe sites accoring to the Web of Trust. We do not recommend anyone using a Registry cleaner. Benefdits are negligible and risks are high.
=============================================
I notice you have an addon Active X for Eset online:
hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
Are you aware that this for testing new versions and not the usual free online virus scanner?
 

Similar threads

midian182
Google's Gemini AI can now see your search history to offer "better" answers
Replies
6
Views
131
Cocojambo13
Cocojambo13
A
Valve is changing how Steam downloads game updates
Replies
11
Views
421
Gezzer
G
midian182
Microsoft confirms Outlook Classic bug that causes CPU spikes while typing, offers workaround
Replies
3
Views
98
Au Contraire
A

Latest posts

Back