SilverDwaggy

I ran a complete system scan with Avira and it picked up 8 infections. I then restarted my computer, but Google Chrome still was not working, so I decided to try MBAM and it picked up another 26 infections. I restarted again, and still Chrome isn't working. My computer has also bluescreened twice now since it's been infected. DDS.txt information to follow ------------------------------------------------------------------------------ DDS (Ver_10-12-12.02) - NTFSx86 Run by SilverDragon at 15:17:14.49 on Thu 01/13/2011 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.965 [GMT 2:00] AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Windows\system32\conhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\lxczcoms.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Tunngle\TnglCtrl.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\Razer\Diamondback 3G\razerhid.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\BitTorrent\bittorrent.exe Z:\Games\Steam\Steam.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Razer\Diamondback 3G\razertra.exe C:\Program Files\Razer\Diamondback 3G\razerofa.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Steam\SteamService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\system32\DllHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe C:\Users\SilverDragon\Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit=userinit.exe, BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll uRun: [bitTorrent] "c:\program files\bittorrent\bittorrent.exe" uRun: [steam] "z:\games\steam\steam.exe" -silent mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe" mRun: [Diamondback] c:\program files\razer\diamondback 3g\razerhid.exe mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\silverdragon\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202 IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: {4E7C0AB4-E824-47E2-9F03-446B0082F81D} = 196.28.182.20,196.28.182.19 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\silver~1\appdata\roaming\mozilla\firefox\profiles\hfumd9v7.default\ FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1970.7372\npCIDetect14.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\infinite interactive\sage game engine plugin\npsage.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\silverdragon\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-12 64288] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-16 218592] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-22 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-22 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-22 61960] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1402272] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-25 363344] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376] R2 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2010-11-24 716024] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-25 20952] R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2010-10-22 13225] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048] R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2010-11-24 27136] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-16 136176] S2 svajnag;sv_ajnag;c:\windows\system32\drivers\svajnager.exe --> c:\windows\system32\drivers\svajnager.exe [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;g:\gaming\installed\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-16 366840] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-16 1142224] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-24 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] =============== Created Last 30 ================ 2011-01-12 17:33:34 -------- d-----w- c:\users\silverdragon\dwhelper 2011-01-12 16:19:56 -------- d-----w- c:\users\silver~1\appdata\local\Mozilla 2011-01-12 16:19:17 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 8 2011-01-12 15:55:26 15880 ----a-w- c:\windows\system32\lsdelete.exe 2011-01-12 15:13:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-01-12 15:13:11 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-01-12 15:08:41 -------- d-----w- c:\users\silver~1\appdata\local\Sunbelt Software 2011-01-12 15:07:59 -------- dc-h--w- c:\progra~2\{2162CCC0-3A5F-4887-B51F-CE5F195B3620} 2011-01-12 15:06:47 -------- d-----w- c:\program files\Lavasoft 2011-01-11 13:04:20 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ada97913-9b51-48de-a00d-a72fa970e984}\mpengine.dll 2011-01-11 07:54:38 -------- d-----w- c:\program files\Winamp Detect 2011-01-11 07:54:25 -------- d-----w- c:\program files\common files\PX Storage Engine 2011-01-11 07:38:27 -------- d-----w- c:\users\silver~1\appdata\roaming\MusicBrainz 2011-01-11 06:59:55 -------- d-----w- c:\users\silver~1\appdata\local\Apple Computer 2011-01-11 06:59:37 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-01-11 06:59:37 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-01-11 06:59:01 -------- d-----w- c:\program files\iPod 2011-01-11 06:59:00 -------- d-----w- c:\program files\iTunes 2011-01-11 06:59:00 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-01-11 06:58:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-01-11 06:57:41 -------- d-----w- c:\users\silver~1\appdata\local\Apple 2011-01-11 06:57:07 -------- d-----w- c:\program files\Bonjour 2011-01-10 19:18:24 29504 ----a-w- c:\windows\system32\uxtuneup.dll 2011-01-10 19:18:24 21312 ----a-w- c:\windows\system32\authuitu.dll 2011-01-10 15:11:03 -------- d-----w- c:\users\silver~1\appdata\roaming\Zen of Sudoku 2011-01-10 12:27:00 -------- d-----w- c:\users\silver~1\appdata\local\Diagnostics 2011-01-10 08:28:19 -------- d-----w- c:\program files\common files\xing shared 2011-01-07 23:48:39 -------- d-----w- c:\users\silver~1\appdata\local\Turbine 2011-01-07 23:47:16 -------- d-----w- c:\users\silver~1\appdata\local\ApplicationHistory 2011-01-07 23:45:12 -------- d-----w- c:\windows\system32\URTTEMP 2011-01-05 18:41:25 -------- d-----w- c:\users\silver~1\appdata\local\PhoenixViewer 2011-01-03 17:53:07 -------- d-----w- c:\users\silver~1\appdata\roaming\dBpoweramp 2011-01-03 17:33:44 -------- d-----w- c:\users\silver~1\appdata\roaming\AccurateRip 2011-01-03 17:33:43 949992 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-01-03 17:33:37 -------- d-----w- c:\program files\Illustrate 2011-01-03 17:28:58 -------- d-----w- c:\windows\system32\appmgmt 2011-01-03 17:26:18 -------- d-----w- c:\program files\Search Settings 2011-01-03 17:26:02 -------- d-----w- c:\program files\Application Updater 2011-01-03 14:42:19 -------- d-----w- c:\users\silver~1\appdata\roaming\LeadMind 2011-01-02 16:14:28 -------- d-----w- c:\users\silver~1\appdata\roaming\LittleGamesCompany 2011-01-02 16:14:28 -------- d-----w- c:\progra~2\LittleGamesCompany 2011-01-01 23:58:44 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2011-01-01 19:28:16 -------- d-----w- c:\program files\StarCraft II 2011-01-01 12:17:45 -------- d-----w- c:\progra~2\SpinTop Games 2011-01-01 12:16:27 -------- d-----w- c:\windows\Zuma's Revenge! 2011-01-01 07:51:54 -------- d-----w- c:\users\silver~1\appdata\local\Namco 2010-12-26 21:59:41 -------- d-----w- c:\users\silver~1\appdata\roaming\runic games 2010-12-26 21:44:18 -------- d-----w- c:\users\silver~1\appdata\local\ElevatedDiagnostics 2010-12-22 23:11:31 -------- d-----w- c:\users\silver~1\appdata\roaming\Big Fish Games 2010-12-22 23:10:10 -------- d-----w- c:\windows\Drawn 2 Dark Flight Collector's Edition [updated] 2010-12-22 21:12:49 -------- d-----w- c:\progra~2\Screentime 2010-12-22 21:12:43 -------- d-----w- c:\users\silver~1\appdata\local\Screentime 2010-12-22 18:12:13 -------- d-----w- c:\users\silver~1\appdata\roaming\Mumble 2010-12-22 18:11:42 -------- d-----w- c:\program files\Mumble 2010-12-20 13:53:20 -------- d-----w- c:\users\silver~1\appdata\roaming\ERS Game Studios 2010-12-19 08:42:03 -------- d-----w- c:\users\silver~1\appdata\roaming\MA2 2010-12-18 12:29:37 -------- d-----w- c:\users\silver~1\appdata\roaming\Avira 2010-12-16 22:48:56 73728 ----a-w- c:\windows\system32\diamondback.cpl 2010-12-16 20:54:12 -------- d-----w- c:\users\silver~1\appdata\roaming\.minecraft 2010-12-15 11:31:13 516096 ----a-w- c:\program files\windows mail\wab.exe 2010-12-15 11:31:10 2048 ----a-w- c:\windows\system32\tzres.dll 2010-12-14 14:01:06 -------- d-----w- c:\users\silver~1\appdata\roaming\PrimoPDF 2010-12-14 13:58:33 176235 ----a-w- c:\windows\system32\Primomonnt.dll 2010-12-14 13:58:31 -------- d-----w- c:\program files\Nitro PDF ==================== Find3M ==================== 2011-01-10 08:27:58 499712 ----a-w- c:\windows\system32\msvcp71.dll 2011-01-10 08:27:58 348160 ----a-w- c:\windows\system32\msvcr71.dll 2011-01-01 23:59:18 22328 ----a-w- c:\users\silver~1\appdata\roaming\PnkBstrK.sys 2011-01-01 23:58:53 107832 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-01-01 23:58:46 107832 ----a-w- c:\windows\system32\PnkBstrB.ex0 2010-12-14 13:35:12 31552 ----a-w- c:\windows\system32\TURegOpt.exe 2010-12-02 16:00:48 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr 2010-11-29 15:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-11-29 15:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-11-26 15:24:16 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-11-23 10:48:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll 2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll 2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll 2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll 2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe 2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe 2010-10-31 22:24:20 409088 ----a-w- c:\windows\system32\systemcpl.dll 2010-10-31 22:24:20 13824 ----a-w- c:\windows\system32\slwga.dll 2010-10-31 22:24:19 811520 ----a-w- c:\windows\system32\user32.dll 2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll 2010-10-19 08:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll 2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll 2010-10-16 18:55:00 57960 ----a-w- c:\windows\system32\OpenCL.dll 2010-10-16 18:55:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll 2010-10-16 18:55:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll 2010-10-16 18:55:00 319080 ----a-w- c:\windows\system32\nvdecodemft.dll 2010-10-16 18:55:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll 2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll 2010-10-16 18:55:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll 2010-10-16 18:55:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll 2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll 2010-10-16 10:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe 2010-10-16 10:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-10-16 10:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll 2010-10-16 10:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll 2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe 2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: ST3250824A rev.3.AAE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85AF8446]<< c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85afe504]; MOV EAX, [0x85afe580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x82A8E458] -> \Device\Harddisk0\DR0[0x85AD7AC8] 3 CLASSPNP[0x88BC559E] -> ntkrnlpa!IofCallDriver[0x82A8E458] -> [0x85AD6408] 5 PCTCore[0x88A19EAE] -> ntkrnlpa!IofCallDriver[0x82A8E458] -> [0x859A1918] 7 ACPI[0x832C03B2] -> ntkrnlpa!IofCallDriver[0x82A8E458] -> \IdeDeviceP0T0L0-0[0x84CAB908] \Driver\atapi[0x85B0A2D8] -> IRP_MJ_CREATE -> 0x85AF8446 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3250824A______________________________3.AAE___#5&20f2915f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user != kernel MBR !!! sectors 488397166 (+255): user != kernel Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. ============= FINISH: 15:18:22.11 =============== Attach.zip

I just bought a license for MBAM, but I somehow got a virus that is screwing with my PC, and if MBAM can't get rid of it, I will need to format my PC. I was just wondering, if I use my key now and I do need to format, would I be able to use my key again to register MBAM after formatting?