nerdy cleevey

Ok everything is working fine thank you very much for your help

Everything seems to be working fine now thank you I attached the kaspersky log KasReport.txt

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS kernel: MBR read successfully user & kernel MBR OK

Quick thing do you prefer me to just copy logs into the forum or a zipped upload? I did both this time 2010/10/18 13:42:21.0953 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59 2010/10/18 13:42:21.0953 ================================================================================ 2010/10/18 13:42:21.0953 SystemInfo: 2010/10/18 13:42:21.0953 2010/10/18 13:42:21.0953 OS Version: 5.1.2600 ServicePack: 3.0 2010/10/18 13:42:21.0953 Product type: Workstation 2010/10/18 13:42:21.0953 ComputerName: USER-3192482103 2010/10/18 13:42:21.0953 UserName: User 2010/10/18 13:42:21.0953 Windows directory: C:\WINDOWS 2010/10/18 13:42:21.0953 System windows directory: C:\WINDOWS 2010/10/18 13:42:21.0953 Processor architecture: Intel x86 2010/10/18 13:42:21.0953 Number of processors: 2 2010/10/18 13:42:21.0953 Page size: 0x1000 2010/10/18 13:42:21.0953 Boot type: Normal boot 2010/10/18 13:42:21.0953 ================================================================================ 2010/10/18 13:42:22.0328 Initialize success 2010/10/18 13:42:24.0453 ================================================================================ 2010/10/18 13:42:24.0453 Scan started 2010/10/18 13:42:24.0453 Mode: Manual; 2010/10/18 13:42:24.0453 ================================================================================ 2010/10/18 13:42:25.0765 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/10/18 13:42:25.0781 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/10/18 13:42:25.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/10/18 13:42:26.0000 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/10/18 13:42:26.0203 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/10/18 13:42:26.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/10/18 13:42:26.0296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/10/18 13:42:26.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/10/18 13:42:26.0453 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/10/18 13:42:26.0593 Cam5607 (69cb08c024e009fc033c2df03e9c5791) C:\WINDOWS\system32\Drivers\BisonC07.sys 2010/10/18 13:42:27.0000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/10/18 13:42:27.0031 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/10/18 13:42:27.0078 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/10/18 13:42:27.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/10/18 13:42:27.0421 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/10/18 13:42:27.0578 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys 2010/10/18 13:42:27.0765 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/10/18 13:42:27.0812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/10/18 13:42:27.0937 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/10/18 13:42:28.0000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/10/18 13:42:28.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/10/18 13:42:28.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/10/18 13:42:28.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/10/18 13:42:28.0281 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/10/18 13:42:28.0343 EMSCR (960d07fd8a543df9db892845dcb414d3) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys 2010/10/18 13:42:28.0531 ESDCR (7b3fe3c37fe7965b1b0edba4f13694eb) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys 2010/10/18 13:42:28.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/10/18 13:42:28.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/10/18 13:42:28.0843 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/10/18 13:42:28.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/10/18 13:42:28.0968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/10/18 13:42:29.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/10/18 13:42:29.0140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/10/18 13:42:29.0203 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/10/18 13:42:29.0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/10/18 13:42:29.0406 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/10/18 13:42:29.0468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/10/18 13:42:29.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/10/18 13:42:29.0656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/10/18 13:42:29.0750 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/10/18 13:42:30.0031 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/10/18 13:42:30.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/10/18 13:42:30.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/10/18 13:42:30.0250 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/10/18 13:42:30.0265 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/10/18 13:42:30.0312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/10/18 13:42:30.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/10/18 13:42:30.0484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/10/18 13:42:30.0515 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/10/18 13:42:30.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/10/18 13:42:30.0734 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/10/18 13:42:30.0812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/10/18 13:42:30.0953 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys 2010/10/18 13:42:31.0093 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys 2010/10/18 13:42:31.0218 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys 2010/10/18 13:42:31.0312 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys 2010/10/18 13:42:31.0421 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys 2010/10/18 13:42:31.0500 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2010/10/18 13:42:31.0562 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2010/10/18 13:42:31.0640 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys 2010/10/18 13:42:31.0703 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys 2010/10/18 13:42:31.0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/10/18 13:42:31.0843 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/10/18 13:42:31.0875 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/10/18 13:42:32.0015 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/10/18 13:42:32.0062 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/10/18 13:42:32.0140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/10/18 13:42:32.0218 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/10/18 13:42:32.0312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/10/18 13:42:32.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/10/18 13:42:32.0390 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/10/18 13:42:32.0406 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/10/18 13:42:32.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/10/18 13:42:32.0500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/10/18 13:42:32.0546 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/10/18 13:42:32.0656 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/10/18 13:42:32.0765 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/10/18 13:42:32.0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/10/18 13:42:32.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/10/18 13:42:32.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/10/18 13:42:32.0984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/10/18 13:42:33.0015 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/10/18 13:42:33.0062 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/10/18 13:42:33.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/10/18 13:42:33.0203 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/10/18 13:42:33.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/10/18 13:42:33.0406 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/10/18 13:42:33.0671 nv (0e392f36d76560ac321e56714bef3aab) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/10/18 13:42:34.0062 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/10/18 13:42:34.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/10/18 13:42:34.0125 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2010/10/18 13:42:34.0187 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/10/18 13:42:34.0234 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/10/18 13:42:34.0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/10/18 13:42:34.0421 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/10/18 13:42:34.0468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/10/18 13:42:34.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/10/18 13:42:34.0656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/10/18 13:42:34.0687 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/10/18 13:42:34.0734 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/10/18 13:42:34.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/10/18 13:42:35.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/10/18 13:42:35.0031 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/10/18 13:42:35.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/10/18 13:42:35.0109 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/10/18 13:42:35.0156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/10/18 13:42:35.0218 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/10/18 13:42:35.0343 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/10/18 13:42:35.0437 RTL8187B (b8a68977ab5c05990696fc0237fda96a) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys 2010/10/18 13:42:35.0640 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2010/10/18 13:42:35.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/10/18 13:42:35.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2010/10/18 13:42:35.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/10/18 13:42:35.0906 SiSGbeXP (441b5b4f9f4a3c5d61af9c872d7b65b1) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys 2010/10/18 13:42:36.0000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/10/18 13:42:36.0125 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\WINDOWS\system32\DRIVERS\smserial.sys 2010/10/18 13:42:36.0281 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/10/18 13:42:36.0421 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/10/18 13:42:36.0671 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/10/18 13:42:36.0812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/10/18 13:42:36.0859 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/10/18 13:42:36.0921 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/10/18 13:42:37.0046 SynTP (bb9df7d1d39033b61ae5c431ea0003ea) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2010/10/18 13:42:37.0171 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/10/18 13:42:37.0281 Tcpip (4afb3b0919649f95c1964aa1fad27d73) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/10/18 13:42:37.0437 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/10/18 13:42:37.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/10/18 13:42:37.0546 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/10/18 13:42:37.0609 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/10/18 13:42:37.0671 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/10/18 13:42:37.0781 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2010/10/18 13:42:37.0890 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/10/18 13:42:37.0921 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/10/18 13:42:37.0953 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/10/18 13:42:37.0968 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/10/18 13:42:38.0031 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/10/18 13:42:38.0109 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/10/18 13:42:38.0156 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2010/10/18 13:42:38.0218 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/10/18 13:42:38.0281 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/10/18 13:42:38.0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/10/18 13:42:38.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/10/18 13:42:38.0484 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/10/18 13:42:38.0531 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/10/18 13:42:38.0562 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/10/18 13:42:38.0609 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/10/18 13:42:38.0687 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/10/18 13:42:38.0703 ================================================================================ 2010/10/18 13:42:38.0703 Scan finished 2010/10/18 13:42:38.0703 ================================================================================ 2010/10/18 13:42:38.0703 Detected object count: 1 2010/10/18 13:42:51.0578 \HardDisk0\MBR - will be cured after reboot 2010/10/18 13:42:51.0578 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure 2010/10/18 13:42:54.0312 Deinitialize success TDSSKiller.2.4.4.0_18.10.2010_13.42.21_log.zip

Combofix log ComboFix 10-10-17.03 - User 18/10/2010 10:52:41.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3069.2572 [GMT 1:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Resident AV is active . /wow section - STAGE 32A ((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 ))))))))))))))))))))))))))))))) . 2010-10-17 12:29 . 2010-10-17 12:29 -------- d-----w- c:\program files\Trend Micro 2010-10-16 11:34 . 2010-10-17 12:29 -------- d-----w- c:\program files\Common Files\Java 2010-10-16 11:34 . 2010-10-16 11:33 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-10-15 16:13 . 2010-10-17 12:29 -------- d-----w- c:\program files\Windows Live Safety Center 2010-10-15 13:18 . 2010-10-15 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-10-15 13:15 . 2010-10-15 13:15 -------- d-----w- c:\program files\SpywareBlaster 2010-10-15 13:15 . 2010-01-10 18:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2010-10-15 13:07 . 2010-10-15 13:07 -------- d-----w- c:\documents and settings\User\Application Data\Safer Networking 2010-10-15 13:06 . 2010-10-15 13:06 -------- d-----w- c:\program files\Safer Networking 2010-10-15 11:57 . 2010-10-15 11:57 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes 2010-10-15 11:57 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-15 11:57 . 2010-10-15 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-15 11:57 . 2010-10-17 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-15 11:57 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-14 17:17 . 2010-10-14 17:17 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-10-13 16:29 . 2010-10-13 16:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-10-11 22:53 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-10-11 22:53 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-10-11 22:53 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-10-11 22:53 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-10-11 22:47 . 2010-10-11 22:48 -------- d-----w- c:\documents and settings\User\Application Data\.minecraft 2010-10-11 19:01 . 2010-10-11 19:01 -------- d-----w- c:\documents and settings\User\Application Data\NetMedia Providers 2010-10-09 20:23 . 2010-10-09 20:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2010-10-07 19:56 . 2010-10-07 19:59 -------- d-----w- c:\program files\VirtualDJ 2010-10-06 17:43 . 2010-10-06 17:43 -------- d-----w- c:\documents and settings\User\Application Data\FlashGet 2010-10-04 18:07 . 2010-10-04 18:07 -------- d-----w- c:\windows\Sun 2010-10-01 14:24 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-10-01 14:24 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-10-01 14:24 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-10-01 14:24 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-10-01 11:41 . 2010-10-01 11:41 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-10-01 11:41 . 2010-10-01 11:41 138056 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys 2010-10-01 11:41 . 2010-10-01 11:41 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-10-01 11:41 . 2010-10-01 11:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-10-01 11:41 . 2010-10-01 11:41 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe 2010-10-01 11:36 . 2010-10-01 11:36 -------- d-----w- c:\program files\EA Games 2010-10-01 01:10 . 2010-10-01 01:10 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Identities 2010-09-30 02:00 . 2010-09-30 02:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache 2010-09-29 15:24 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-09-29 15:24 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-09-29 15:23 . 2010-09-29 15:23 -------- d-----w- c:\program files\iPod 2010-09-29 15:23 . 2010-09-29 15:24 -------- d-----w- c:\program files\iTunes 2010-09-29 15:23 . 2010-09-29 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-09-29 15:23 . 2010-09-29 15:23 -------- d-----w- c:\program files\Apple Software Update 2010-09-29 15:22 . 2010-04-19 19:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-09-29 15:22 . 2010-04-19 19:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-09-29 15:22 . 2010-09-29 15:22 -------- d-----w- c:\program files\Bonjour 2010-09-26 22:48 . 2010-09-26 22:48 -------- d-----w- c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers 2010-09-26 22:48 . 2010-09-26 22:48 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2010-09-26 22:48 . 2010-09-26 22:48 -------- d-----w- c:\program files\DVDVideoSoft 2010-09-26 14:43 . 2010-10-05 23:09 -------- d-----w- c:\documents and settings\User\Application Data\skypePM 2010-09-26 14:42 . 2010-10-05 23:23 -------- d-----w- c:\documents and settings\User\Application Data\Skype 2010-09-26 14:42 . 2010-09-26 14:42 -------- d-----w- c:\program files\Common Files\Skype 2010-09-26 14:42 . 2010-09-26 14:42 -------- d-----r- c:\program files\Skype 2010-09-26 14:42 . 2010-09-26 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-09-25 23:34 . 2010-09-29 15:23 -------- d-----w- c:\program files\Common Files\Apple 2010-09-25 23:34 . 2010-10-01 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-09-25 10:08 . 2010-09-25 10:08 -------- d-----w- c:\program files\MSECache 2010-09-23 13:42 . 2010-09-23 13:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-24 13:57 . 2010-09-08 19:03 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ------- Sigcheck ------- [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-28 13529088] "nwiz"="nwiz.exe" [2008-03-28 1626112] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400] "BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824] "DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HotKeyDriver.lnk - c:\program files\HotKey_Driver\HotKeyDriver.exe [2010-9-7 3641344] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [08/09/2010 20:03 84072] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [08/09/2010 20:03 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [08/09/2010 20:03 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [08/09/2010 20:03 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [08/09/2010 20:03 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [08/09/2010 20:03 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [08/09/2010 20:03 55840] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [08/09/2010 20:03 312904] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [08/09/2010 20:03 88544] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [08/09/2010 20:03 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [08/09/2010 20:03 84264] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [07/09/2010 13:59 288000] --- Other Services/Drivers In Memory --- *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder 2010-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\81r47x83.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2714965&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p= FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\81r47x83.default\extensions\{6458d48c-71d9-403f-933c-102eecb38b20}\components\FFExternalAlert.dll FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\81r47x83.default\extensions\{6458d48c-71d9-403f-933c-102eecb38b20}\components\RadioWMPCore.dll FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\81r47x83.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA94446]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28 \Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8 \Driver\atapi -> atapi.sys @ 0xb9f37852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: SiS191 Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9de6bb0 PacketIndicateHandler -> NDIS.sys @ 0xb9df3a21 SendHandler -> NDIS.sys @ 0xb9dd187b user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1020) c:\windows\system32\WININET.dll - - - - - - - > 'lsass.exe'(1080) c:\windows\system32\WININET.dll . Completion time: 2010-10-18 11:05:02 ComboFix-quarantined-files.txt 2010-10-18 10:05 ComboFix2.txt 2010-10-17 19:45 Pre-Run: 206,786,686,976 bytes free Post-Run: 206,836,535,296 bytes free - - End Of File - - 3EBBEF7EF3A61D9D97D7F60A268C5923

Hello so I managed to infect my laptop with something and it wont budge As the title says i get redirected to various sites when I search sometimes on google! google.com/webhp being one of them! Also if I leave my laptop on for awhile win32 crashes and then I have to restart as like sound goes and some programs dont work! I also had a problem where firefox would not open but I think that has been fixed! I have run combofix altho sites say not too as I fixed a problem this way before so I thought i would try it. Below is the dds log, I would give you the Gmer log but everytime I try it I either get a BSOD and it crashes or my laptop just locks up and I have to turn it off! Is there anything else I could try or a way to stop this happening! I look foreward to your help DDS (Ver_10-10-10.03) - NTFSx86 Run by User at 21:12:21.26 on 17/10/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3069.2586 [GMT 1:00] AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\User\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100916185020.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [RTHDCPL] RTHDCPL.EXE mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [bisonHK] c:\windows\bisoncam\BisonHK.exe mRun: [DeLay] c:\windows\bisoncam\DeLay.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotkey~1.lnk - c:\program files\hotkey_driver\HotKeyDriver.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\81r47x83.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2714965&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p= FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\81r47x83.default\extensions\{6458d48c-71d9-403f-933c-102eecb38b20}\components\FFExternalAlert.dll FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\81r47x83.default\extensions\{6458d48c-71d9-403f-933c-102eecb38b20}\components\RadioWMPCore.dll FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\81r47x83.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); ============= SERVICES / DRIVERS =============== R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-8 386712] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-8 84072] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-8 271480] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-8 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-8 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-8 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-8 171168] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-8 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-8 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-8 55840] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-8 152992] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-8 312904] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-8 88544] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-9-7 288000] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-8 52104] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-8 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-8 84264] =============== Created Last 30 ================ 2010-10-17 12:51:35 -------- d-sha-r- C:\cmdcons 2010-10-17 12:29:26 -------- d-----w- c:\program files\Trend Micro 2010-10-16 11:34:19 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-10-15 13:18:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-10-15 13:15:16 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL 2010-10-15 13:15:16 -------- d-----w- c:\program files\SpywareBlaster 2010-10-15 13:07:07 -------- d-----w- c:\docume~1\user\applic~1\Safer Networking 2010-10-15 13:06:58 -------- d-----w- c:\program files\Safer Networking 2010-10-15 11:57:51 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes 2010-10-15 11:57:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-15 11:57:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-10-15 11:57:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-15 11:57:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-14 17:17:29 388096 ----a-r- c:\docume~1\user\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2010-10-13 11:06:36 -------- d-----w- c:\windows\pss 2010-10-11 22:53:06 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-10-11 22:53:06 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-10-11 22:53:01 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-10-11 22:53:01 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-10-11 22:47:55 -------- d-----w- c:\docume~1\user\applic~1\.minecraft 2010-10-11 19:01:08 -------- d-----w- c:\docume~1\user\applic~1\NetMedia Providers 2010-10-07 19:56:18 -------- d-----w- c:\program files\VirtualDJ 2010-10-06 17:43:52 -------- d-----w- c:\docume~1\user\applic~1\FlashGet 2010-10-01 14:24:34 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-10-01 14:24:33 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-10-01 14:24:33 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-10-01 14:24:33 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-10-01 11:41:30 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-10-01 11:41:29 138056 ----a-w- c:\docume~1\user\applic~1\PnkBstrK.sys 2010-10-01 11:41:09 189248 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-10-01 11:41:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-10-01 11:41:08 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe 2010-10-01 11:36:22 -------- d-----w- c:\program files\EA Games 2010-10-01 01:10:42 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Identities 2010-09-29 15:24:36 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-09-29 15:24:36 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-09-29 15:23:44 -------- d-----w- c:\program files\iPod 2010-09-29 15:23:41 -------- d-----w- c:\program files\iTunes 2010-09-29 15:23:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-09-29 15:22:57 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-09-29 15:22:57 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-09-29 15:22:35 -------- d-----w- c:\program files\Bonjour 2010-09-26 22:48:56 -------- d-----w- c:\docume~1\user\applic~1\DVDVideoSoftIEHelpers 2010-09-26 22:48:41 -------- d-----w- c:\program files\DVDVideoSoft 2010-09-26 22:48:41 -------- d-----w- c:\program files\common files\DVDVideoSoft 2010-09-26 14:42:09 -------- d-----r- c:\program files\Skype 2010-09-25 10:08:08 -------- d-----w- c:\program files\MSECache 2010-09-23 13:42:24 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll ==================== Find3M ==================== 2010-10-16 11:33:58 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-07 12:52:13 315392 ----a-w- c:\windows\HideWin.exe 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-12 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-08-12 04:07:46 133616 ------w- c:\windows\system32\pxafs.dll 2010-08-12 04:07:46 126448 ------w- c:\windows\system32\pxinsi64.exe 2010-08-12 04:07:46 123888 ------w- c:\windows\system32\pxcpyi64.exe 2010-07-27 17:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-07-27 17:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll 2010-07-27 17:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-07-27 17:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll ============= FINISH: 21:13:48.07 =============== Attach.zip