Hello, thanks for the swift reply. I followed the steps as directed about 3 hours ago, and I have been able to surf the net without problems thus far. These are the Logs.
---------------------------------------------------------------------------------
Tdskiller:
16:06:49:939 5540 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
16:06:49:939 5540 ================================================================================
16:06:49:939 5540 SystemInfo:
16:06:49:939 5540 OS Version: 6.0.6002 ServicePack: 2.0
16:06:49:939 5540 Product type: Workstation
16:06:49:939 5540 ComputerName: HP001-PC
16:06:49:939 5540 UserName: hp001
16:06:49:939 5540 Windows directory: C:\Windows
16:06:49:939 5540 Processor architecture: Intel x86
16:06:49:939 5540 Number of processors: 2
16:06:49:939 5540 Page size: 0x1000
16:06:49:939 5540 Boot type: Normal boot
16:06:49:939 5540 ================================================================================
16:06:49:939 5540 UnloadDriverW: NtUnloadDriver error 2
16:06:49:939 5540 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:06:49:939 5540 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
16:06:50:064 5540 UtilityInit: KLMD drop and load success
16:06:50:064 5540 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
16:06:50:064 5540 UtilityInit: KLMD open success
16:06:50:064 5540 UtilityInit: Initialize success
16:06:50:064 5540
16:06:50:064 5540 Scanning Services ...
16:06:50:064 5540 CreateRegParser: Registry parser init started
16:06:50:064 5540 CreateRegParser: DisableWow64Redirection error
16:06:50:064 5540 wfopen_ex: Trying to open file C:\Windows\system32\config\system
16:06:50:064 5540 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
16:06:50:064 5540 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:06:50:064 5540 wfopen_ex: Trying to KLMD file open
16:06:50:064 5540 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
16:06:50:064 5540 wfopen_ex: File opened ok (Flags 2)
16:06:50:079 5540 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 19E1368
16:06:50:079 5540 wfopen_ex: Trying to open file C:\Windows\system32\config\software
16:06:50:079 5540 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
16:06:50:079 5540 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:06:50:079 5540 wfopen_ex: Trying to KLMD file open
16:06:50:079 5540 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
16:06:50:079 5540 wfopen_ex: File opened ok (Flags 2)
16:06:50:079 5540 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 19E1390
16:06:50:079 5540 CreateRegParser: EnableWow64Redirection error
16:06:50:079 5540 CreateRegParser: RegParser init completed
16:06:51:780 5540 GetAdvancedServicesInfo: Raw services enum returned 484 services
16:06:51:780 5540 fclose_ex: Trying to close file C:\Windows\system32\config\system
16:06:51:780 5540 fclose_ex: Trying to close file C:\Windows\system32\config\software
16:06:51:780 5540
16:06:51:780 5540 Scanning Kernel memory ...
16:06:51:780 5540 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
16:06:51:780 5540 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 857AC268
16:06:51:780 5540 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
16:06:51:780 5540
16:06:51:780 5540 DetectCureTDL3: DEVICE_OBJECT: 88431AC8
16:06:51:780 5540 KLMD_GetLowerDeviceObject: Trying to get lower device object for 88431AC8
16:06:51:780 5540 DetectCureTDL3: DEVICE_OBJECT: 8838F900
16:06:51:780 5540 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8838F900
16:06:51:780 5540 KLMD_ReadMem: Trying to ReadMemory 0x8838F900[0x38]
16:06:51:780 5540 DetectCureTDL3: DRIVER_OBJECT: 88420C50
16:06:51:780 5540 KLMD_ReadMem: Trying to ReadMemory 0x88420C50[0xA8]
16:06:51:780 5540 KLMD_ReadMem: Trying to ReadMemory 0x8841C2C0[0x1E]
16:06:51:780 5540 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
16:06:51:780 5540 DetectCureTDL3: IrpHandler (0) addr: 81016FC8
16:06:51:780 5540 DetectCureTDL3: IrpHandler (1) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (2) addr: 81017040
16:06:51:780 5540 DetectCureTDL3: IrpHandler (3) addr: 810170B8
16:06:51:780 5540 DetectCureTDL3: IrpHandler (4) addr: 810170B8
16:06:51:780 5540 DetectCureTDL3: IrpHandler (5) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (6) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (7) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (8) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (9) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (10) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (11) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (12) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (13) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (14) addr: 81016BC4
16:06:51:780 5540 DetectCureTDL3: IrpHandler (15) addr: 8100A7E4
16:06:51:780 5540 DetectCureTDL3: IrpHandler (16) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (17) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (18) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (19) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (20) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (21) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (22) addr: 8101559C
16:06:51:780 5540 DetectCureTDL3: IrpHandler (23) addr: 810127A2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (24) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (25) addr: 822319D2
16:06:51:780 5540 DetectCureTDL3: IrpHandler (26) addr: 822319D2
16:06:51:780 5540 KLMD_ReadMem: Trying to ReadMemory 0x8100CF26[0x400]
16:06:51:780 5540 TDL3_StartIoHookDetect: CheckParameters: 4, 81011000, 0
16:06:51:780 5540 TDL3_FileDetect: Processing driver: USBSTOR
16:06:51:780 5540 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:06:51:780 5540 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:06:51:795 5540 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
16:06:51:795 5540
16:06:51:795 5540 DetectCureTDL3: DEVICE_OBJECT: 8571FAC8
16:06:51:795 5540 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8571FAC8
16:06:51:795 5540 DetectCureTDL3: DEVICE_OBJECT: 8558F390
16:06:51:795 5540 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8558F390
16:06:51:795 5540 KLMD_ReadMem: Trying to ReadMemory 0x8558F390[0x38]
16:06:51:795 5540 DetectCureTDL3: DRIVER_OBJECT: 86422BA0
16:06:51:795 5540 KLMD_ReadMem: Trying to ReadMemory 0x86422BA0[0xA8]
16:06:51:795 5540 KLMD_ReadMem: Trying to ReadMemory 0x855CB028[0x38]
16:06:51:795 5540 KLMD_ReadMem: Trying to ReadMemory 0x8558AF10[0xA8]
16:06:51:795 5540 KLMD_ReadMem: Trying to ReadMemory 0x8558AEC0[0x1A]
16:06:51:795 5540 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
16:06:51:795 5540 DetectCureTDL3: IrpHandler (0) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (1) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (2) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (3) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (4) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (5) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (6) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (7) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (8) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (9) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (10) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (11) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (12) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (13) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (14) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (15) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (16) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (17) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (18) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (19) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (20) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (21) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (22) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (23) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (24) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (25) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: IrpHandler (26) addr: 855F1841
16:06:51:795 5540 DetectCureTDL3: All IRP handlers pointed to one addr: 855F1841
16:06:51:795 5540 KLMD_ReadMem: Trying to ReadMemory 0x855F1841[0x400]
16:06:51:795 5540 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 333, 121, 3, 109
16:06:51:795 5540 Driver "atapi" Irp handler infected by TDSS rootkit ... 16:06:51:811 5540 KLMD_WriteMem: Trying to WriteMemory 0x855F18BA[0xD]
16:06:51:811 5540 cured
16:06:51:811 5540 KLMD_ReadMem: Trying to ReadMemory 0x855F16EC[0x400]
16:06:51:811 5540 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
16:06:51:811 5540 Driver "atapi" StartIo handler infected by TDSS rootkit ... 16:06:51:811 5540 TDL3_StartIoHookCure: Number of patches 1
16:06:51:811 5540 KLMD_WriteMem: Trying to WriteMemory 0x855F17F5[0x6]
16:06:51:811 5540 cured
16:06:51:811 5540 TDL3_FileDetect: Processing driver: atapi
16:06:51:811 5540 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
16:06:51:811 5540 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
16:06:51:811 5540 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Infected
16:06:51:811 5540 File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 16:06:51:811 5540 TDL3_FileCure: Processing driver file: C:\Windows\system32\drivers\atapi.sys
16:06:53:792 5540 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys:19944, checking..
16:06:53:808 5540 ValidateDriverFile: Stage 1 passed
16:06:53:808 5540 ValidateDriverFile: Stage 2 passed
16:06:53:933 5540 DigitalSignVerifyByHandle: Embedded DS result: 00000000
16:06:53:933 5540 ValidateDriverFile: Stage 3 passed
16:06:53:933 5540 FileCallback: File validated successfully, restore information prepared
16:06:56:725 5540 FindDriverFileBackup: Backup copy found in DriverStore
16:06:56:725 5540 TDL3_FileCure: Backup copy found, using it..
16:06:56:725 5540 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tskFAA.tmp
16:06:56:928 5540 TDL3_FileCure: New / Old Image paths: (system32\drivers\tskFAA.tmp, system32\drivers\atapi.sys)
16:06:56:928 5540 TDL3_FileCure: KLMD jobs schedule success
16:06:56:928 5540 will be cured on next reboot
16:06:56:928 5540 UtilityBootReinit: Reboot required for cure complete..
16:06:56:928 5540 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
16:06:56:943 5540 UtilityBootReinit: KLMD drop success
16:06:56:943 5540 KLMD_ApplyPendList: Pending buffer(1C47_5D97, 608) dropped successfully
16:06:56:943 5540 UtilityBootReinit: Cure on reboot scheduled successfully
16:06:56:943 5540
16:06:56:943 5540 Completed
16:06:56:943 5540
16:06:56:943 5540 Results:
16:06:56:943 5540 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
16:06:56:943 5540 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:06:56:943 5540 File objects infected / cured / cured on reboot: 1 / 0 / 1
16:06:56:943 5540
16:06:56:943 5540 UnloadDriverW: NtUnloadDriver error 1
16:06:56:943 5540 KLMD_Unload: UnloadDriverW(klmd21) error 1
16:06:56:943 5540 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
16:06:56:943 5540 UtilityDeinit: KLMD(ARK) unloaded successfully
---------------------------------------------------------------------------------------
Combofix:
ComboFix 10-01-26.01 - hp001 27/01/2010 16:15:06.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.65.1033.18.2551.1652 [GMT 1:00]
Running from: c:\users\hp001\Desktop\ComboFix.exe
Command switches used :: c:\users\hp001\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\hp001\AppData\Roaming\uTorrent
c:\users\hp001\AppData\Roaming\uTorrent\Demonic Confidence and Super Confidence by Archer Sloan.torrent
c:\users\hp001\AppData\Roaming\uTorrent\MapSource_6137.exe.torrent
.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.
2010-01-27 15:23 . 2010-01-27 15:23 -------- d-----w- c:\users\hp001\AppData\Local\temp
2010-01-27 15:23 . 2010-01-27 15:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-27 15:23 . 2010-01-27 15:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-27 15:23 . 2010-01-27 15:23 -------- d-----w- c:\users\Guest Internet\AppData\Local\temp
2010-01-27 15:23 . 2010-01-27 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-26 16:23 . 2010-01-26 18:14 -------- d-----w- c:\users\Guest Internet\AppData\Roaming\dvdcss
2010-01-26 16:23 . 2010-01-26 18:15 -------- d-----w- c:\users\Guest Internet\AppData\Roaming\vlc
2010-01-22 18:54 . 2010-01-23 23:01 -------- d-----w- c:\users\Guest Internet\AppData\Roaming\skypePM
2010-01-22 18:52 . 2010-01-24 05:15 -------- d-----w- c:\users\Guest Internet\AppData\Roaming\Skype
2010-01-17 11:39 . 2010-01-17 11:39 -------- d-----w- c:\programdata\Vodafone
2010-01-16 23:24 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2010-01-16 23:20 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-16 23:20 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-16 23:20 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-01-13 07:08 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-01-13 07:08 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-01-12 08:54 . 2010-01-12 08:54 -------- d-----w- c:\program files\Trend Micro
2010-01-11 22:10 . 2010-01-26 18:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-11 22:10 . 2010-01-26 18:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-10 22:21 . 2010-01-10 22:21 -------- d-----w- c:\program files\Enigma Software Group
2010-01-10 21:52 . 2010-01-21 16:49 -------- d-sh--w- c:\users\hp001\.COMMgr
2010-01-05 18:04 . 2010-01-05 18:04 -------- d-----w- c:\users\hp001\AppData\Local\SRS Labs
2010-01-05 18:04 . 2010-01-05 18:04 -------- d-----w- c:\programdata\SRS Labs
2010-01-05 18:04 . 2007-07-26 01:25 39808 ----a-w- c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2010-01-05 18:04 . 2007-07-26 01:25 42112 ----a-w- c:\windows\system32\drivers\csiidecoder_kern_i386.sys
2010-01-05 18:04 . 2007-07-26 01:25 47360 ----a-w- c:\windows\system32\drivers\Surroundhp_kern_i386.sys
2010-01-05 18:04 . 2007-07-26 01:25 47104 ----a-w- c:\windows\system32\drivers\tshd4_kern_i386.sys
2010-01-05 18:04 . 2007-07-26 01:25 32000 ----a-w- c:\windows\system32\drivers\wowhd_kern_i386.sys
2009-12-31 13:27 . 2009-12-31 13:37 -------- d-----w- c:\users\hp001\AppData\Roaming\ppstream
2009-12-31 13:27 . 2009-12-31 13:33 -------- d-----w- c:\program files\PPStream
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 15:08 . 2009-06-08 15:23 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-27 15:07 . 2006-11-09 21:07 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-27 15:04 . 2009-12-19 10:55 -------- d-----w- c:\users\hp001\AppData\Roaming\vlc
2010-01-22 15:03 . 2008-04-18 10:03 -------- d-----w- c:\users\hp001\AppData\Roaming\skypePM
2010-01-22 14:22 . 2008-04-18 10:01 -------- d-----w- c:\users\hp001\AppData\Roaming\Skype
2010-01-22 12:53 . 2008-05-21 05:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 12:42 . 2009-06-05 18:10 -------- d-----w- c:\users\hp001\AppData\Roaming\dvdcss
2010-01-16 23:31 . 2007-05-31 16:59 -------- d-----w- c:\programdata\Microsoft Help
2010-01-16 23:28 . 2007-05-31 16:23 -------- d-----w- c:\program files\CONEXANT
2010-01-16 23:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 18:07 . 2007-05-31 16:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 17:46 . 2007-05-31 16:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 00:10 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 08:21 . 2009-12-15 04:49 -------- d-----w- c:\program files\SlySoft
2010-01-07 04:29 . 2009-01-09 20:35 680 ----a-w- c:\users\hp001\AppData\Local\d3d9caps.dat
2009-12-27 14:14 . 2009-12-27 14:14 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-12-27 14:02 . 2009-12-27 14:02 -------- d-----w- c:\programdata\GARMIN
2009-12-27 01:33 . 2009-10-17 14:33 -------- d-----w- c:\users\hp001\AppData\Roaming\GARMIN
2009-12-27 01:19 . 2007-10-14 01:22 -------- d-----w- c:\program files\DIFX
2009-12-27 01:18 . 2009-12-27 01:18 -------- d-----w- c:\program files\Garmin
2009-12-25 10:59 . 2009-12-25 10:59 -------- d-----w- c:\program files\SMPlayer
2009-12-25 01:05 . 2007-10-13 14:10 -------- d-----w- c:\program files\Google
2009-12-21 16:13 . 2009-12-21 16:13 -------- d-----w- c:\program files\Windows Live
2009-12-21 16:13 . 2009-12-21 16:13 -------- d-----w- c:\programdata\WindowsLiveInstaller
2009-12-21 16:13 . 2009-12-21 16:13 -------- d-----w- c:\programdata\WLInstaller
2009-12-21 16:05 . 2009-12-21 16:05 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-19 10:55 . 2009-12-19 10:55 -------- d-----w- c:\program files\VideoLAN
2009-12-15 17:37 . 2009-12-15 17:37 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-15 17:37 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-15 17:36 . 2009-12-15 17:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-15 17:35 . 2009-12-15 17:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-15 04:55 . 2009-12-15 04:55 -------- d-----w- c:\programdata\SlySoft
2009-11-21 06:40 . 2009-12-15 17:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-15 17:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-15 17:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-15 17:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 12:31 . 2009-12-15 17:25 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-15 17:25 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-15 17:25 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-05 04:26 . 2009-12-27 12:22 11221864 ----a-w- c:\users\hp001\AppData\Roaming\Mozilla\Firefox\Profiles\f3t99l33.Lee\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
2009-11-02 19:10 . 2008-10-19 16:34 101480 ----a-w- c:\users\Guest Internet\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 10:06 . 2008-05-18 20:32 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2008-05-18 20:32 31232 --sh--r- c:\windows\System32\msfDX.dll
2007-12-17 13:43 . 2008-05-18 20:32 27648 --sh--w- c:\windows\System32\Smab0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-05-17 5729136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{2E9D28CD-006A-4969-AB92-63DD74B4CA59}"="c:\program files\T-Mobile\Web'n'Walk Accelerator\bmoc -d" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-04-12 163840]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-13 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-13 129560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
c:\users\hp001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GB-PVR Tray.lnk - c:\program files\Devnz\GBPVR\GBPVRTray.exe [2008-11-2 110592]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-17 113664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-10-13 184320]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
WinManager.lnk - c:\program files\PC-TV\WinManager\WinManager.exe [2008-11-23 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-07 19:15 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):72,28,55,df,50,e8,c9,01
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [20/04/2009 17:20 9216]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15:40 3668480]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\System32\drivers\ZTEusbnet.sys [13/08/2009 16:54 110592]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\System32\drivers\zteusbvoice.sys [13/08/2009 16:54 105344]
S2 gupdate1c9a03e2e8e1de0;Google Update Service (gupdate1c9a03e2e8e1de0);c:\program files\Google\Update\GoogleUpdate.exe [08/03/2009 23:35 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [28/05/2008 20:01 21504]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [09/04/2009 13:38 7680]
S3 tiltmouse;Paten HID USB Filter Driver1;c:\windows\System32\drivers\MUsbFltr.sys [24/03/2008 15:33 9600]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [23/03/2008 20:39 717296]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KLMDB
*Deregistered* - klmdb
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 22:35]
2010-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 22:35]
2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{8F5574C4-D5CA-4D87-BC75-D228C92DE391}.job
- c:\windows\system32\msfeedssync.exe [2009-12-15 04:59]
.
.
------- Supplementary Scan -------
.
mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
FF - ProfilePath - c:\users\hp001\AppData\Roaming\Mozilla\Firefox\Profiles\f3t99l33.Lee\
FF - prefs.js: browser.search.selectedEngine - Amazon.co.uk
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.co.uk/FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\NPSWF32.dll
FF - plugin: c:\users\hp001\AppData\Roaming\Mozilla\Firefox\Profiles\f3t99l33.Lee\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-27 16:23
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-01-27 16:26:50
ComboFix-quarantined-files.txt 2010-01-27 15:26
ComboFix2.txt 2010-01-26 19:16
Pre-Run: 15,772,655,616 bytes free
Post-Run: 15,736,213,504 bytes free
- - End Of File - - 37148EBF4B614DB67499A403C9CFB137