PDA

View Full Version : Click.GiftLoad - help please



bobbyshaw
2011-04-02, 12:07
Hello,

I've got a laptop with the Click.GiftLoad nasty! I've got a DDS report below could someone help me please

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Gemma at 9:32:46.88 on 02/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.1911.824 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
c:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gemma\Desktop\gemma\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
dRunOnce: [SpybotDeletingB5933] command.com /c del "c:\programdata\microsoft\windows\start menu\programs\registry easy\Registry Easy on the Web.lnk"
dRunOnce: [SpybotDeletingD5648] cmd.exe /c del "c:\programdata\microsoft\windows\start menu\programs\registry easy\Registry Easy on the Web.lnk"
dRunOnce: [SpybotDeletingB2403] command.com /c del "c:\program files\registry easy\Code"
dRunOnce: [SpybotDeletingD1056] cmd.exe /c del "c:\program files\registry easy\Code"
dRunOnce: [SpybotDeletingB6496] command.com /c del "c:\program files\registry easy\errorlist.txt"
dRunOnce: [SpybotDeletingD1987] cmd.exe /c del "c:\program files\registry easy\errorlist.txt"
dRunOnce: [SpybotDeletingB5945] command.com /c del "c:\program files\registry easy\FileAssociation.ass"
dRunOnce: [SpybotDeletingD2433] cmd.exe /c del "c:\program files\registry easy\FileAssociation.ass"
dRunOnce: [SpybotDeletingB6276] command.com /c del "c:\program files\registry easy\GetAutoSavePwd.dll"
dRunOnce: [SpybotDeletingD7977] cmd.exe /c del "c:\program files\registry easy\GetAutoSavePwd.dll"
dRunOnce: [SpybotDeletingB9683] command.com /c del "c:\program files\registry easy\Recoveryer.dll"
dRunOnce: [SpybotDeletingD2455] cmd.exe /c del "c:\program files\registry easy\Recoveryer.dll"
dRunOnce: [SpybotDeletingB3749] command.com /c del "c:\program files\registry easy\RegistryEasy.url"
dRunOnce: [SpybotDeletingD4271] cmd.exe /c del "c:\program files\registry easy\RegistryEasy.url"
dRunOnce: [SpybotDeletingB2213] command.com /c del "c:\program files\registry easy\unins000.dat"
dRunOnce: [SpybotDeletingD1680] cmd.exe /c del "c:\program files\registry easy\unins000.dat"
dRunOnce: [SpybotDeletingB2667] command.com /c del "c:\program files\registry easy\Code"
dRunOnce: [SpybotDeletingD4070] cmd.exe /c del "c:\program files\registry easy\Code"
dRunOnce: [SpybotDeletingB4167] command.com /c del "c:\program files\registry easy\errorlist.txt"
dRunOnce: [SpybotDeletingD6644] cmd.exe /c del "c:\program files\registry easy\errorlist.txt"
dRunOnce: [SpybotDeletingB5333] command.com /c del "c:\program files\registry easy\FileAssociation.ass"
dRunOnce: [SpybotDeletingD7578] cmd.exe /c del "c:\program files\registry easy\FileAssociation.ass"
dRunOnce: [SpybotDeletingB511] command.com /c del "c:\program files\registry easy\GetAutoSavePwd.dll"
dRunOnce: [SpybotDeletingD9484] cmd.exe /c del "c:\program files\registry easy\GetAutoSavePwd.dll"
dRunOnce: [SpybotDeletingB8874] command.com /c del "c:\program files\registry easy\Recoveryer.dll"
dRunOnce: [SpybotDeletingD2223] cmd.exe /c del "c:\program files\registry easy\Recoveryer.dll"
dRunOnce: [SpybotDeletingB8930] command.com /c del "c:\program files\registry easy\RegistryEasy.url"
dRunOnce: [SpybotDeletingD5048] cmd.exe /c del "c:\program files\registry easy\RegistryEasy.url"
dRunOnce: [SpybotDeletingB7118] command.com /c del "c:\program files\registry easy\unins000.dat"
dRunOnce: [SpybotDeletingD9736] cmd.exe /c del "c:\program files\registry easy\unins000.dat"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-16 146448]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-11-24 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-27 1153368]
R2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [2010-7-5 45056]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\TmXPFlt.sys [2010-5-11 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2010-5-11 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-16 283152]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-12-27 2320920]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-11-24 41648]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 21072]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-12-27 29472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-12-27 146528]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-24 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-11-24 247808]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-7-30 21744]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-11-24 277536]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-6 51792]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-7-16 497008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-12-27 134144]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-11-24 171520]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-7-16 689416]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-04-01 08:00:39 -------- d-----w- c:\users\gemma\appdata\roaming\PCDr
2011-04-01 08:00:02 -------- d-----w- c:\progra~2\PCDr
2011-03-31 20:34:51 -------- d-----w- c:\program files\Registry Easy
2011-03-27 12:27:58 -------- d-----w- c:\users\gemma\appdata\roaming\Roxio Log Files
2011-03-27 12:26:53 -------- d-----w- c:\windows\system32\appmgmt
2011-03-27 12:23:47 -------- d-----w- c:\windows\pss
2011-03-27 11:22:53 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-03-27 10:07:09 -------- d-----w- c:\users\gemma\appdata\local\Google
2011-03-27 10:06:43 -------- d-----w- c:\users\gemma\appdata\local\Deployment
2011-03-27 10:06:43 -------- d-----w- c:\users\gemma\appdata\local\Apps
2011-03-27 09:35:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-27 09:35:57 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-27 01:24:36 -------- d--h--w- C:\$AVG
2011-03-27 01:06:04 -------- d-----w- c:\users\gemma\appdata\roaming\AVG10
2011-03-27 01:05:21 -------- d--h--w- c:\progra~2\Common Files
2011-03-27 01:04:42 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-27 01:04:42 -------- d-----w- c:\progra~2\AVG10
2011-03-27 01:04:30 -------- d-----w- c:\program files\AVG
2011-03-27 01:02:21 -------- d-----w- c:\progra~2\MFAData
2011-03-27 00:31:59 98392 ------w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-27 00:30:56 -------- d-----w- c:\users\gemma\appdata\local\Sunbelt Software
2011-03-26 20:08:53 0 ----a-w- c:\users\gemma\appdata\local\Qgixowohon.bin
2011-03-26 20:08:52 -------- d-----w- c:\users\gemma\appdata\local\{3E828216-E2AE-4B9F-BFA4-D68518D6FDE5}
2011-03-26 20:07:26 -------- d-----w- c:\users\gemma\appdata\roaming\OfferBox
2011-03-09 18:02:48 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 18:02:48 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 18:02:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 18:02:43 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 18:02:43 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 18:02:43 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 18:02:43 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 18:02:31 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 18:02:31 1034240 ----a-w- c:\windows\system32\mstsc.exe
.
==================== Find3M ====================
.
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST925041 rev.D005 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST9250410AS_____________________________D005SDM1#4&39adf722&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
.
============= FINISH: 9:41:49.09 ===============

Blade81
2011-04-04, 17:20
Hi,

Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.

Please post contents of attach.txt log too.

Blade81
2011-04-10, 21:47
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.