Please let me know if there is anything I can do to get this thing removed.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 11:22:20.68 on Thu 03/03/2011
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2936.1668 [GMT -5:00]
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\M-Audio\USB MIDI Series\AudioDevMon.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Owner\Downloads\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslb157f8ed;MpKslb157f8ed;c:\programdata\microsoft\microsoft antimalware\definition updates\{20b8133d-c059-4812-bd24-dd7ec0efb859}\MpKslb157f8ed.sys [2011-3-2 28752]
R1 MpKslb6c72168;MpKslb6c72168;c:\programdata\microsoft\microsoft antimalware\definition updates\{20b8133d-c059-4812-bd24-dd7ec0efb859}\MpKslb6c72168.sys [2011-3-3 28752]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-2 363344]
R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files\m-audio\usb midi series\AudioDevMon.exe [2010-4-13 1636872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-2 20952]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-12-10 52128]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-11-11 42144]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-1-26 22072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\drivers\MAudioUSBMIDI.sys [2010-4-13 170248]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2011-1-29 19968]
=============== Created Last 30 ================
2011-03-03 15:19:03 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{20b8133d-c059-4812-bd24-dd7ec0efb859}\MpKslb6c72168.sys
2011-03-03 02:05:10 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{20b8133d-c059-4812-bd24-dd7ec0efb859}\MpKslb157f8ed.sys
2011-03-02 14:36:59 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2011-03-02 14:36:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-02 14:36:28 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-02 14:36:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-02 14:36:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-02 14:17:54 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{20b8133d-c059-4812-bd24-dd7ec0efb859}\mpengine.dll
2011-03-02 13:48:42 -------- d-----w- C:\VundoFix Backups
2011-02-28 22:21:15 -------- d-----w- c:\program files\common files\Digidesign
2011-02-28 22:05:22 -------- d-----w- c:\program files\common files\Native Instruments
2011-02-28 21:22:35 -------- d-----w- c:\users\owner\appdata\local\Native Instruments
2011-02-28 02:44:20 -------- d-----w- c:\program files\daHornet
2011-02-27 05:19:27 -------- d-----w- c:\program files\goodlogin
2011-02-27 00:51:32 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-02-27 00:50:21 -------- d-----w- c:\program files\MainConcept
2011-02-24 07:31:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 07:31:12 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 07:31:12 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 07:31:12 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 07:31:10 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 07:31:10 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-24 07:31:05 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-02-24 07:31:05 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-02-24 07:31:05 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-02-24 07:31:04 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-02-24 07:31:04 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-02-24 07:31:04 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-02-24 07:30:52 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-02-24 07:30:49 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-24 07:30:48 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-24 07:30:48 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-24 07:30:48 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-24 07:30:47 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-24 07:30:47 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-02-22 03:11:59 165376 ----a-w- c:\windows\system32\unrar.dll
2011-02-22 03:11:55 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-02-22 03:11:54 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-02-22 03:11:54 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-02-22 03:11:54 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-02-22 03:11:54 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-22 03:11:54 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-02-22 03:11:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-02-22 01:25:34 -------- d-----w- c:\users\owner\appdata\roaming\TypingMaster7
2011-02-22 01:25:21 -------- d-----r- c:\program files\TypingMaster
2011-02-22 00:53:26 -------- d-----w- c:\users\owner\.NewTek
2011-02-22 00:44:16 -------- d-----w- c:\program files\NewTek
2011-02-21 15:36:16 -------- d-----w- c:\program files\Windows Portable Devices
2011-02-21 06:07:42 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-02-21 06:07:41 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-02-21 06:07:41 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-02-21 06:07:18 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-02-21 06:07:16 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-02-21 06:07:15 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-02-21 06:07:15 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-02-21 06:07:15 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-02-21 06:07:15 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-02-21 06:07:14 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-02-21 06:05:51 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-02-21 06:05:50 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-02-21 06:05:50 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-02-21 03:45:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2011-02-21 03:45:56 -------- d-----w- c:\program files\CamStudio 2.6b
2011-02-21 02:00:58 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-02-20 23:08:42 -------- d-----w- c:\users\owner\appdata\local\Microsoft Games
2011-02-20 20:04:40 -------- d-----w- c:\windows\system32\eu-ES
2011-02-20 20:04:40 -------- d-----w- c:\windows\system32\ca-ES
2011-02-20 20:04:39 -------- d-----w- c:\windows\system32\vi-VN
2011-02-20 19:43:21 -------- d-----w- c:\program files\EpsonNet
2011-02-20 16:53:15 -------- d-----w- c:\windows\system32\EventProviders
2011-02-19 02:39:17 -------- d-----w- c:\program files\Dweep
2011-02-18 21:20:08 -------- d-----w- c:\program files\Vstplugins
2011-02-17 23:31:26 -------- d-----w- c:\users\owner\appdata\local\Skyshare Manager
2011-02-17 23:31:10 -------- d-----w- c:\users\owner\appdata\roaming\Skyshare Manager
2011-02-17 23:30:55 -------- d-----w- c:\program files\Skyshare Manager 2
2011-02-17 19:32:03 -------- d-----w- c:\users\owner\appdata\roaming\AudioMulch
2011-02-17 19:30:01 -------- d-----w- c:\program files\AudioMulch 2.1.1
2011-02-11 00:35:11 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-11 00:35:11 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-11 00:35:09 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-06 05:50:38 -------- d-----w- c:\users\owner\appdata\roaming\Mp3tag
2011-02-06 05:23:31 -------- d-----w- c:\program files\Mp3tag
2011-02-04 22:48:44 356352 ----a-w- c:\windows\system32\nvuninst.exe
2011-02-04 22:48:44 356352 ----a-w- c:\windows\system32\nvuhda.exe
2011-02-04 22:46:54 -------- d-----w- C:\cabs
2011-02-04 22:40:01 -------- d-----w- c:\users\owner\appdata\local\ElevatedDiagnostics
2011-02-04 22:35:29 -------- d-----w- c:\program files\Microsoft ATS
2011-02-02 03:07:43 -------- d-----w- c:\users\owner\appdata\local\Apple Computer
2011-02-02 03:03:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-02-02 03:03:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-02-02 03:03:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-02-02 03:03:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-02-02 03:03:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-02-02 03:03:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-02-02 03:03:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-02-02 03:01:38 -------- d-----w- c:\users\owner\appdata\local\Apple
==================== Find3M ====================
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 16:36:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:55:46 389632 ----a-w- c:\windows\system32\html.iec
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_HM321HI rev.2AJ10001 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8606D439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x860737b8]; MOV EAX, [0x86073834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E5D912] -> \Device\Harddisk0\DR0[0x859D0858]
3 CLASSPNP[0x89DA58B3] -> ntkrnlpa!IofCallDriver[0x81E5D912] -> [0x86053AE0]
\Driver\atapi[0x85AD36E8] -> IRP_MJ_CREATE -> 0x8606D439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskSAMSUNG_HM321HI_________________________2AJ10001#5&2657645f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 11:23:14.65 ===============
Thank you so much beforehand.
-Deniss