Hi there!
COMBOFIX LOG:
ComboFix 10-12-16.02 - nicole.dee 17/12/2010 20:20:40.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1978.1037 [GMT 10.5:30]
Running from: c:\users\nicole.dee\Desktop\Hello.exe
AV: BP Security Anti-Virus *Enabled/Updated* {2AE60669-4A4D-9072-52C3-AE6DC7FBA827}
FW: BP Security Firewall *Enabled* {12DD874C-0022-912A-799C-07583928EF5C}
SP: BP Security Anti-Spyware *Enabled/Updated* {EB7B86C7-56E4-8851-2533-24C5CA20ABFA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\nicole.dee\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.
2010-12-17 10:17 . 2010-12-17 10:23 -------- d-----w- c:\users\nicole.dee\AppData\Local\temp
2010-12-17 10:17 . 2010-12-17 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-15 04:41 . 2010-12-15 04:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-15 04:41 . 2010-12-15 04:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-12-15 02:40 . 2010-12-15 04:39 -------- d-----w- c:\program files\QuickTime
2010-12-15 02:05 . 2010-12-15 02:05 -------- d-----w- c:\users\nicole.dee\AppData\Roaming\Malwarebytes
2010-12-15 01:42 . 2010-11-29 07:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 01:42 . 2010-12-15 01:42 -------- d-----w- c:\programdata\Malwarebytes
2010-12-15 01:42 . 2010-11-29 07:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 01:42 . 2010-12-15 04:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 08:26 . 2010-02-04 22:48 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-06 08:26 . 2010-02-04 22:47 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-06 08:26 . 2010-03-10 01:06 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-06 08:26 . 2009-11-23 03:24 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-06 08:26 . 2010-02-04 22:55 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-06 08:25 . 2010-12-06 08:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-12-06 08:25 . 2010-12-07 11:46 -------- d-----w- c:\program files\Spyware Doctor
2010-12-06 08:25 . 2010-12-06 08:25 -------- d-----w- c:\users\nicole.dee\AppData\Roaming\PC Tools
2010-12-06 08:25 . 2010-12-06 08:25 -------- d-----w- c:\programdata\PC Tools
2010-11-17 10:55 . 2009-05-18 02:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-17 10:55 . 2008-04-17 01:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-17 10:52 . 2010-11-17 10:52 -------- d-----w- c:\program files\iPod
2010-11-17 10:51 . 2010-11-17 10:55 -------- d-----w- c:\program files\iTunes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 09:33 . 2009-03-17 06:26 47360 ----a-w- c:\users\nicole.dee\AppData\Roaming\pcouffin.sys
2010-09-28 05:14 . 2010-09-28 05:14 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 05:14 . 2010-09-28 05:14 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-26 09:30 . 2010-09-26 09:30 155648 --sha-r- c:\windows\system32\WGATrayj.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"ESP"="c:\program files\bigpond\security\app\start.exe" [2010-08-26 62952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-10 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 154136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-17 727592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^nicole.dee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\nicole.dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX9300F Series]
2007-03-23 06:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICFP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetDownload_upgrade]
2009-09-08 11:30 364544 ----a-w- c:\program files\VersalSoft\InternetDownload\InternetDownload.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 14:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 00:46 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoBackup]
2008-11-07 19:38 144608 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2008-11-06 18:20 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-24 06:51 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 01:47 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-21 10:55 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2134303352-1733512035-1346837893-1003]
"EnableNotificationsRef"=dword:00000002
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 iscFlash;iscFlash;c:\swsetup\sp43819\iscflash.sys [2009-02-02 11520]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-05-29 17408]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-07 717296]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2009-08-05 93872]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys [2010-08-02 132648]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys [2010-08-02 1123880]
S2 AuthElementsSvc;AuthElementsSvc;c:\program files\Bigpond\ESP Elements\AuthElementsSvc.exe [2010-08-13 242952]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2008-11-07 25824]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]
S2 SBAMSvc;Anti-Spyware;c:\program files\Common Files\Sunbelt\SBAMSvc.exe [2009-09-08 1012040]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2009-08-10 69936]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2010-08-02 96808]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2010-08-02 96808]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2010-08-02 137768]
S3 authfwco;authfwco;c:\windows\system32\DRIVERS\authfwco.sys [2010-08-26 22792]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-05-07 113152]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 00:44 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 07:43]
2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 07:43]
2010-12-17 c:\windows\Tasks\lqzvhck.job
- c:\windows\system32\WGATrayj.dll [2010-09-26 09:30]
2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{F6202F01-1407-4389-8A19-DCE5AEDB6A15}.job
- c:\windows\system32\msfeedssync.exe [2010-08-20 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com.au/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnbuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
IE: Download by VersalSoft Internet Download - c:\program files\VersalSoft\InternetDownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} -
hxxp://audownload.authentium.net/bigpon ... wizard.exe.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-3FWHZQA3LT - c:\users\nicole.dee\AppData\Local\Temp\Fhw.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-gtvbpvfp - c:\users\nicole.dee\AppData\Local\Temp\ctelvhact\jksfubryhsn.exe
MSConfigStartUp-OODefragTray - c:\windows\system32\oodtray.exe
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
MSConfigStartUp-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\program files\Google\Gmail Notifier\gnotify.exe
ActiveSetup-{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516} - c:\programdata\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
AddRemove-EPSON Scanner - c:\program files\epson\escndv\setup\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-17 20:53
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netWindows 6.0.6002 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll PCTCore.sys >>UNKNOWN [0x8745EEC5]<<
c:\windows\system32\DRIVERS\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86d2b872; SUB DWORD [EBP-0x4], 0x86d2b12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x82495962] -> \Device\Harddisk0\DR0[0x86DDAAC8]
3 CLASSPNP[0x82B478B3] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x867ED7F8]
5 hpdskflt[0x895AD06E] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x867CE110]
7 PCTCore[0x88D7CAC6] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x86227028]
[0x866F7418] -> IRP_MJ_CREATE -> 0x8745EEC5
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x72; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEVT-60ZCT0___________________11.01A11#4&126f26d8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85bb31f8
\Driver\iaStor DriverStartIo -> 0x8745EAEA
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,0d,bb,64,24,a1,37,44,9b,ac,d2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,0d,bb,64,24,a1,37,44,9b,ac,d2,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="E6A998F69BDE7861944D1E9D4981D0D9827A3F2CB0792EF9DFF9965516D9BC133FF7ECDA68C2D37E6C8A9FD35E8E68D34C8B90CE20D4876A4EBAB43B80B8E830F440A5A5C98E0B4B606D49C495C4E214F5580BD7B82A16D392451B503E7DD0D9C8DC4ED0714BA0E5BA34FCF5F822615575A87DF8FC0F3CAB66062A956BF0B8E4E07EF7CAB519D99DA9F419E436B94B0420143BDC16A9A19CEC394681476F27D7C5A737F60FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6171C11EC38DE3DA2D97226D213B55501CD3B496A820523846DF67F6A8240FE884B8A83D4DB7754A3653285DDA0F7D21A864B2AEF83A919681BE4476CB79444298B2A3E2A4FA7063F2D0CD754385755DE3E54B9903F0920D675EC687525CF9BB2228C595AC97A20ACD92996665FEC0FEFB3B97180B050CF241CCDC182780CD85030723DC5C917CE0D2BE255F8040C25026A12ADCB57A066BAF27B9B61E258F1C099C8B9A0D1185E12A9470C4698FD5F5DA828AE51B70F4497229D9D3817B5005508B501F4E40E43031E9594DB137DA85EFA7A99C2D9A46ECB978F55FCCF1B4175E812A89E8F7A943B16452F9AEF3A12F3AFBAF429485D8EFB0060B37BC871171A6EE8AACE5E540D2B650180392DD84E23D9D02E5C13ABEFE353D40FD4C11708D20CFB670AE2080C54A1230DC24CF13605D0D5178DCDF404CD47E1217C01DDBD417B3FA02932F3134FA4BF4391D59046C5311A613E9010E09C583786B84F0D079B3ADB7CD8E56A4B478C1C705A52351C25D69D28C4F6CB3DC54730C1A677DCD3AB89AC841A1EB3FC7B3BAF49A252547D76E719664E206978D018E2B536CB7D3BD16E4428C1F90A193ED72A6442E7D552234AF57BD6301C92DD92952E2B9F0EF77D31E639F81F1CB1F84B6CBCE82995A52829D3ADB2CD8EAE9BC344579BCC27E5375F8CED3CB88E7DA4C48C3397B0622894F3042588265D18D07A9FC3F5AE5289184B61625B7276D651B6538AA49E81AC8D5E8D6DD26799BA56CB0967F7A78C86CD09C513FB01DF3EA2D5BDE938132B2CC95E2A77DFC64828990F199D369A48271DF1CFE31796C8564F9DFEDCD2388BC2982F4A9754F9E1149AE11C219872EB5AD923461979EE26E4A3CA7A524434C1AED6D08E06A4BE53D771A21016D91952B1EEFEA65F42C75D557D614B9E323A62557A864FDE9CD37FF0C4F729008B01C7625B28A0C46962CAB751A5BF79187A75BE0C5616A4DB7C397FD2C6CF48109E0FC630091A3AB404BC3D2623577C422BF616A60CA038D2014B4AEBBD9E3E9F6B5DDC954FAB964275753D1727C8A7D109562B7CB7E1644B2CF037774C649146E0DEC6C36C9F950386AC32D2447C603E50F772CF2A81D5DD4F5DD4ECA5A5"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5476)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\bigpond\security\App\syssvcnt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\iPod Access for Windows\iPAHelper.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\IDT\WDM\sttray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\bigpond\security\App\Console.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2010-12-17 21:10:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-17 10:40
Pre-Run: 149,453,844,480 bytes free
Post-Run: 149,622,521,856 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5195846F4EBBB74EC7B84B2B6DC1E81E
DDS.txt LOG:
DDS (Ver_10-12-12.02) - NTFSx86
Run by nicole.dee at 21:12:06.69 on Fri 17/12/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1978.936 [GMT 10.5:30]
AV: BP Security Anti-Virus *Enabled/Updated* {2AE60669-4A4D-9072-52C3-AE6DC7FBA827}
SP: BP Security Anti-Spyware *Enabled/Updated* {EB7B86C7-56E4-8851-2533-24C5CA20ABFA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BP Security Firewall *Enabled* {12DD874C-0022-912A-799C-07583928EF5C}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files\Bigpond\ESP Elements\AuthElementsSvc.exe
c:\Program Files\bigpond\security\App\syssvcnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
c:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\bigpond\security\App\Console.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\Program Files\Common Files\Sunbelt\SBAMSvc.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\nicole.dee\Desktop\Virus fix stuff\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.com.au/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnbuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ESP] "c:\program files\bigpond\security\app\start.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download by VersalSoft Internet Download - c:\program files\versalsoft\internetdownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} -
hxxp://audownload.authentium.net/bigpon ... wizard.exeDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
hxxp://upload.facebook.com/controls/200 ... ader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-6 217032]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-8-5 93872]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2008-6-27 77824]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\drivers\amp.sys [2010-8-2 132648]
R2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\drivers\ampse.sys [2010-10-19 1123880]
R2 AuthElementsSvc;AuthElementsSvc;c:\program files\bigpond\esp elements\AuthElementsSvc.exe [2010-8-13 242952]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 24880]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2008-11-8 25824]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-22 361808]
R2 SBAMSvc;Anti-Spyware;c:\program files\common files\sunbelt\SBAMSvc.exe [2009-9-8 1012040]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-8-10 69936]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-8-2 96808]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-8-2 96808]
R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-8-2 137768]
R3 authfwco;authfwco;c:\windows\system32\drivers\authfwco.sys [2010-10-19 22792]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-5-8 113152]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-11 3658752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-22 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 iscFlash;iscFlash;c:\swsetup\sp43819\iscflash.sys [2009-2-3 11520]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-5-29 17408]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-12-6 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-12-6 1142224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-12-17 10:36:23 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-17 10:17:58 -------- d-----w- c:\users\nicole.dee\appdata\local\temp
2010-12-17 08:47:23 98816 ----a-w- c:\windows\sed.exe
2010-12-17 08:47:23 89088 ----a-w- c:\windows\MBR.exe
2010-12-17 08:47:23 256512 ----a-w- c:\windows\PEV.exe
2010-12-17 08:47:23 161792 ----a-w- c:\windows\SWREG.exe
2010-12-15 04:41:20 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-15 04:41:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-15 04:41:17 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-15 04:41:16 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-15 04:41:15 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-15 04:41:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-15 04:41:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-15 02:05:04 -------- d-----w- c:\users\nicole.dee\appdata\roaming\Malwarebytes
2010-12-15 01:42:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-15 01:42:30 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-15 01:42:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-15 01:42:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-06 08:26:41 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-12-06 08:26:41 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-12-06 08:26:32 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-12-06 08:26:32 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-12-06 08:26:06 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-12-06 08:25:26 -------- d-----w- c:\program files\common files\PC Tools
2010-12-06 08:25:25 -------- d-----w- c:\users\nicole.dee\appdata\roaming\PC Tools
2010-12-06 08:25:25 -------- d-----w- c:\program files\Spyware Doctor
2010-12-06 08:25:25 -------- d-----w- c:\progra~2\PC Tools
2010-11-17 10:55:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-17 10:55:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-17 10:52:06 -------- d-----w- c:\program files\iPod
2010-11-17 10:51:58 -------- d-----w- c:\program files\iTunes
==================== Find3M ====================
2010-11-19 09:33:28 47360 ----a-w- c:\users\nicole.dee\appdata\roaming\pcouffin.sys
2010-09-28 05:14:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-26 09:30:57 155648 --sha-r- c:\windows\system32\WGATrayj.dll
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.netWindows 6.0.6002 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll PCTCore.sys >>UNKNOWN [0x8745EEC5]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x86d2b872; SUB DWORD [EBP-0x4], 0x86d2b12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x82495962] -> \Device\Harddisk0\DR0[0x86DDAAC8]
3 CLASSPNP[0x82B478B3] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x867ED7F8]
5 hpdskflt[0x895AD06E] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x867CE110]
7 PCTCore[0x88D7CAC6] -> ntkrnlpa!IofCallDriver[0x82495962] -> [0x86227028]
[0x866F7418] -> IRP_MJ_CREATE -> 0x8745EEC5
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x72; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEVT-60ZCT0___________________11.01A11#4&126f26d8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85bb31f8
\Driver\iaStor DriverStartIo -> 0x8745EAEA
user & kernel MBR OK
sectors 625142446 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 21:15:37.04 ===============
ATTACH.txt LOG:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/07/2008 7:57:29 AM
System Uptime: 17/12/2010 8:49:46 PM (1 hours ago)
Motherboard: Quanta | | 3602
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 800/1066mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 289 GiB total, 139.4 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.708 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&7777\7&2E015ABA&0&0026B082A44E_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&7777\7&2E015ABA&0&0026B082A44E_C00000000
Service:
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Service:
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E015ABA&0&001BAF21223E_C00000000
Service:
==== System Restore Points ===================
==== Installed Programs ======================
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
Adobe Shockwave Player
Agere Systems HDA Modem
Akamai NetSession Interface
Anti-Spyware (Sunbelt3)
Anti-Virus (Command Software 5)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Authentium Web Install Helper
AVSDK5
BigPond (BIUS)
Bigpond Desktop
BigPond Security
BlService Web Update
Bonjour
CalorieKing Nutrition and Exercise Manager - Australian Edition (remove only)
Camera RAW Plug-In for EPSON Creativity Suite
Cards_Calendar_OrderGift_DoMorePlugout
CleanCenter v2.8.1.1 Trial Version
CyberLink DVD Suite
CyberLink YouCam
Data Lifeguard Diagnostic for Windows
Definition update for Microsoft Office 2010 (KB982726)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
e-tax 2010
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan Assistant
EPSON Stylus CX9300F_DX9400F Manual
ESP
Facebook Plug-In
Firewall (Core 2)
Firewall (User)
FLV Player 2.0 (build 25)
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Games
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential 2.5
HP QuickPlay 3.7
HP Total Care Advisor
HP Update
HP User Guides 0102
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
IDT Audio
ImagXpress
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iPhone Configuration Utility
iPod Access for Windows v4.2.5
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 5
Junk Mail filter update
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Memeo AutoBackup
Memeo AutoSync
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 2000
Microsoft Works 2000 Setup Launcher
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
neroxml
OGA Notifier 1.7.0105.35.0
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Riva FLV Encoder 2.0
Safari
Spyware Doctor 7.0
Synaptics Pointing Device Driver
Third Party Prerequisites
Tracks Eraser Pro v7.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Web Filtering (Base 2)
Web Filtering (Base)
Web Filtering (Kids Page)
Web Filtering (RuleSpace CFI Anti-Phishing)
Web Filtering (Rulespace CFI)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Word in Works Suite add-in
Xvid 1.2.2 final uninstall
==== End Of File ===========================
PC is not running too bad, I am yet to install updates as they didn't complete the other day.
Have not had any more virus popups, so that's fantastic.
Thanks.