derek69
2011-04-21, 07:43
I have tried running spybot but it won't update neither will Symantec virus software I have installed on my laptop. Neither will it let me boot in safe mode
Thanks in advance for any help
dds file below
DDS (Ver_11-03-05.01) - NTFSx86
Run by derekg at 6:31:43.49 on 21/04/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.1917.809 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\Windows\System32\HotFixQ0306270.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Windows\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\derekg\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SndVol.exe
C:\Windows\TEMP\gwlt\setup.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\derekg\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=1080606
mDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=1080606
uInternet Settings,ProxyServer = 10.100.0.51:80
uInternet Settings,ProxyOverride = <local>
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: Internet Service: {0cf79c5f-22ab-4e2a-82a5-bc9f4f3d4f87} - c:\program files\applications\iebr.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\derekg\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [{E4CFD005-C876-F606-B7A8-E9E400CAE2E1}] c:\users\derekg\appdata\roaming\puyhh\gouh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CORSAIR_PLUtil] c:\program files\corsair\corsair flash voyager utility\PLBkMon.exe
mRun: [PLFFAP] c:\windows\system32\HotfixQ0306270.exe
mRun: [CardDetectorICON225] c:\program files\carddetector\icon225\CardDetector.exe
mRun: [BEWINTERNET-UKSessionManager] c:\program files\orangebs\bewinternetuk\sessionmanager\SessionManager.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-explorer: NoThemesTab = 1 (0x1)
uPolicies-disallowrun: 1 = chkrzm.exe
uPolicies-disallowrun: 2 = freecell.exe
uPolicies-disallowrun: 3 = mshearts.exe
uPolicies-disallowrun: 4 = pinball.exe
uPolicies-disallowrun: 5 = rvsemz.exe
uPolicies-disallowrun: 6 = sol.exe
uPolicies-disallowrun: 7 = spider.exe
uPolicies-disallowrun: 8 = winmine.exe
uPolicies-system: NoColorChoice = 1 (0x1)
uPolicies-system: NoDispAppearancePage = 1 (0x1)
uPolicies-system: NoDispScrSavPage = 1 (0x1)
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: DisallowRun = 1 (0x1)
dPolicies-explorer: NoThemesTab = 1 (0x1)
dPolicies-disallowrun: 1 = chkrzm.exe
dPolicies-disallowrun: 2 = freecell.exe
dPolicies-disallowrun: 3 = mshearts.exe
dPolicies-disallowrun: 4 = pinball.exe
dPolicies-disallowrun: 5 = rvsemz.exe
dPolicies-disallowrun: 6 = sol.exe
dPolicies-disallowrun: 7 = spider.exe
dPolicies-disallowrun: 8 = winmine.exe
dPolicies-system: NoColorChoice = 1 (0x1)
dPolicies-system: NoDispAppearancePage = 1 (0x1)
dPolicies-system: NoDispScrSavPage = 1 (0x1)
dPolicies-system: NoDispBackgroundPage = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\progra~1\micros~4\endpoi~1\31265d~1.0\WhlLSP.dll
Trusted Zone: birdforum.net\www
Trusted Zone: blogspot.com\www.bamberbridgebirder
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.165.113,93.188.160.153
TCP: {66D1C7F9-C0BF-40FF-8BCD-4589EAFD9314} = 93.188.165.113,93.188.160.153
TCP: {74BF8332-22E6-4DFB-AE58-C0FFCED7B54C} = 93.188.165.113,93.188.160.153
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]
R2 tdevmon;Tibbo Device Monitor kernel-mode service;c:\windows\system32\drivers\tdevmon.sys [2009-4-1 63784]
R2 tsvckrnl;Tibbo Service Kernel-mode Satellite;c:\windows\system32\drivers\tsvc.sys [2007-4-10 47936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-7 102448]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-3 27632]
S2 AMService;AMService;c:\windows\temp\gwlt\setup.exe run --> c:\windows\temp\gwlt\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-5 133104]
S3 DMService;Whale Component Manager;c:\windows\downloaded program files\dm.0\DMService.exe [2011-2-7 468368]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-1 13224]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2009-6-1 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2009-6-1 51968]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-6-1 28224]
S3 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [2009-4-8 7424]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-1 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-8-1 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-8-1 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-8-1 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-8-1 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-8-1 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-8-1 109736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-8-1 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-8-1 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-8-1 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-8-1 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-8-1 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-8-1 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-8-1 109736]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-20 16896]
.
=============== Created Last 30 ================
.
2011-04-19 13:13:48 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-04-19 13:13:47 -------- d-----w- c:\program files\Prevx
2011-04-19 13:13:40 -------- d-----w- c:\progra~2\PrevxCSI
2011-04-18 15:40:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-18 15:40:18 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-18 14:22:53 0 ----a-w- c:\users\derekg\appdata\local\Qmehipejid.bin
2011-04-18 14:22:50 -------- d-----w- c:\users\derekg\appdata\local\{CD42F370-F069-4472-AA6F-5DC69D425A40}
2011-04-18 14:20:30 -------- d-----w- c:\users\derekg\appdata\roaming\Puyhh
2011-04-18 14:20:30 -------- d-----w- c:\users\derekg\appdata\roaming\Mufomi
2011-04-18 14:11:51 388096 ----a-r- c:\users\derekg\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-18 14:11:50 -------- d-----w- c:\program files\Trend Micro
2011-04-18 10:38:31 16409960 ----a-w- c:\temp\spybotsd162.exe
2011-04-18 08:48:18 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
2011-04-18 08:40:31 125440 ----a-w- c:\windows\system32\hpf3l02t.dll
2011-04-18 08:35:21 454504 ----a-w- c:\windows\system32\hpzids01.dll
2011-04-12 07:41:36 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{84a3275c-c893-4ba3-a10b-b6ab9e6ed7ba}\mpengine.dll
2011-04-07 10:33:17 160986 ----a-w- c:\windows\system32\WhlLSPBackup_2.reg
2011-04-07 10:32:19 3103 ----a-w- c:\windows\system32\WhlNSPBackup_2.reg
2011-03-23 20:12:00 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 20:11:59 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 20:11:59 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
==================== Find3M ====================
.
2011-02-02 18:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_MHY2080BH rev.0085000B -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86750439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x867567d0]; MOV EAX, [0x8675684c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82A62912] -> \Device\Harddisk0\DR0[0x858CAAC8]
3 CLASSPNP[0x885A18B3] -> ntkrnlpa!IofCallDriver[0x82A62912] -> [0x86845220]
\Driver\atapi[0x857A39E8] -> IRP_MJ_CREATE -> 0x86750439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskFUJITSU_MHY2080BH_______________________0085000B#5&112fc0bb&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 6:34:45.01 ===============
Thanks in advance for any help
dds file below
DDS (Ver_11-03-05.01) - NTFSx86
Run by derekg at 6:31:43.49 on 21/04/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.1917.809 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\System32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
C:\Windows\System32\HotFixQ0306270.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Windows\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\derekg\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SndVol.exe
C:\Windows\TEMP\gwlt\setup.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\derekg\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=1080606
mDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=1080606
uInternet Settings,ProxyServer = 10.100.0.51:80
uInternet Settings,ProxyOverride = <local>
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: Internet Service: {0cf79c5f-22ab-4e2a-82a5-bc9f4f3d4f87} - c:\program files\applications\iebr.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\derekg\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [{E4CFD005-C876-F606-B7A8-E9E400CAE2E1}] c:\users\derekg\appdata\roaming\puyhh\gouh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CORSAIR_PLUtil] c:\program files\corsair\corsair flash voyager utility\PLBkMon.exe
mRun: [PLFFAP] c:\windows\system32\HotfixQ0306270.exe
mRun: [CardDetectorICON225] c:\program files\carddetector\icon225\CardDetector.exe
mRun: [BEWINTERNET-UKSessionManager] c:\program files\orangebs\bewinternetuk\sessionmanager\SessionManager.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-explorer: NoThemesTab = 1 (0x1)
uPolicies-disallowrun: 1 = chkrzm.exe
uPolicies-disallowrun: 2 = freecell.exe
uPolicies-disallowrun: 3 = mshearts.exe
uPolicies-disallowrun: 4 = pinball.exe
uPolicies-disallowrun: 5 = rvsemz.exe
uPolicies-disallowrun: 6 = sol.exe
uPolicies-disallowrun: 7 = spider.exe
uPolicies-disallowrun: 8 = winmine.exe
uPolicies-system: NoColorChoice = 1 (0x1)
uPolicies-system: NoDispAppearancePage = 1 (0x1)
uPolicies-system: NoDispScrSavPage = 1 (0x1)
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: DisallowRun = 1 (0x1)
dPolicies-explorer: NoThemesTab = 1 (0x1)
dPolicies-disallowrun: 1 = chkrzm.exe
dPolicies-disallowrun: 2 = freecell.exe
dPolicies-disallowrun: 3 = mshearts.exe
dPolicies-disallowrun: 4 = pinball.exe
dPolicies-disallowrun: 5 = rvsemz.exe
dPolicies-disallowrun: 6 = sol.exe
dPolicies-disallowrun: 7 = spider.exe
dPolicies-disallowrun: 8 = winmine.exe
dPolicies-system: NoColorChoice = 1 (0x1)
dPolicies-system: NoDispAppearancePage = 1 (0x1)
dPolicies-system: NoDispScrSavPage = 1 (0x1)
dPolicies-system: NoDispBackgroundPage = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\progra~1\micros~4\endpoi~1\31265d~1.0\WhlLSP.dll
Trusted Zone: birdforum.net\www
Trusted Zone: blogspot.com\www.bamberbridgebirder
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.165.113,93.188.160.153
TCP: {66D1C7F9-C0BF-40FF-8BCD-4589EAFD9314} = 93.188.165.113,93.188.160.153
TCP: {74BF8332-22E6-4DFB-AE58-C0FFCED7B54C} = 93.188.165.113,93.188.160.153
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-20 21504]
R2 tdevmon;Tibbo Device Monitor kernel-mode service;c:\windows\system32\drivers\tdevmon.sys [2009-4-1 63784]
R2 tsvckrnl;Tibbo Service Kernel-mode Satellite;c:\windows\system32\drivers\tsvc.sys [2007-4-10 47936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-7 102448]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-5-3 27632]
S2 AMService;AMService;c:\windows\temp\gwlt\setup.exe run --> c:\windows\temp\gwlt\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-5 133104]
S3 DMService;Whale Component Manager;c:\windows\downloaded program files\dm.0\DMService.exe [2011-2-7 468368]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-1 13224]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2009-6-1 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2009-6-1 51968]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-6-1 28224]
S3 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [2009-4-8 7424]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-1 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-8-1 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-8-1 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-8-1 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-8-1 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-8-1 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-8-1 109736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-8-1 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-8-1 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-8-1 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-8-1 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-8-1 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-8-1 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-8-1 109736]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-20 16896]
.
=============== Created Last 30 ================
.
2011-04-19 13:13:48 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-04-19 13:13:47 -------- d-----w- c:\program files\Prevx
2011-04-19 13:13:40 -------- d-----w- c:\progra~2\PrevxCSI
2011-04-18 15:40:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-18 15:40:18 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-18 14:22:53 0 ----a-w- c:\users\derekg\appdata\local\Qmehipejid.bin
2011-04-18 14:22:50 -------- d-----w- c:\users\derekg\appdata\local\{CD42F370-F069-4472-AA6F-5DC69D425A40}
2011-04-18 14:20:30 -------- d-----w- c:\users\derekg\appdata\roaming\Puyhh
2011-04-18 14:20:30 -------- d-----w- c:\users\derekg\appdata\roaming\Mufomi
2011-04-18 14:11:51 388096 ----a-r- c:\users\derekg\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-18 14:11:50 -------- d-----w- c:\program files\Trend Micro
2011-04-18 10:38:31 16409960 ----a-w- c:\temp\spybotsd162.exe
2011-04-18 08:48:18 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
2011-04-18 08:40:31 125440 ----a-w- c:\windows\system32\hpf3l02t.dll
2011-04-18 08:35:21 454504 ----a-w- c:\windows\system32\hpzids01.dll
2011-04-12 07:41:36 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{84a3275c-c893-4ba3-a10b-b6ab9e6ed7ba}\mpengine.dll
2011-04-07 10:33:17 160986 ----a-w- c:\windows\system32\WhlLSPBackup_2.reg
2011-04-07 10:32:19 3103 ----a-w- c:\windows\system32\WhlNSPBackup_2.reg
2011-03-23 20:12:00 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 20:11:59 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 20:11:59 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
==================== Find3M ====================
.
2011-02-02 18:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_MHY2080BH rev.0085000B -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86750439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x867567d0]; MOV EAX, [0x8675684c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82A62912] -> \Device\Harddisk0\DR0[0x858CAAC8]
3 CLASSPNP[0x885A18B3] -> ntkrnlpa!IofCallDriver[0x82A62912] -> [0x86845220]
\Driver\atapi[0x857A39E8] -> IRP_MJ_CREATE -> 0x86750439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskFUJITSU_MHY2080BH_______________________0085000B#5&112fc0bb&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 156301486 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 6:34:45.01 ===============