need my wifes laptop :(

[sup3rman]

i have the gmer log GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 05:49:45
Windows 6.0.6001 Service Pack 1
Running: ewgrqd99.exe; Driver: C:\Users\LILBIG~1\AppData\Local\Temp\ufxiqkob.sys


---- System - GMER 1.0.15 ----

Code 8482A798 ZwEnumerateKey
Code 8482A760 ZwFlushInstructionCache
Code 84C86E2D IofCallDriver
Code 84C86E66 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 81E81FE2 5 Bytes JMP 84C86E6B
.text ntkrnlpa.exe!IofCallDriver 81F03F6F 5 Bytes JMP 84C86E32
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81FFA30B 5 Bytes JMP 8482A764
PAGE ntkrnlpa.exe!ZwEnumerateKey 8204FBAC 5 Bytes JMP 8482A79C

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!DialogBoxIndirectParamW 76E9BD25 5 Bytes JMP 727843F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!CreateWindowExW 76EA3D67 5 Bytes JMP 7268D9BC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!DialogBoxParamA 76ED80B2 5 Bytes JMP 72784394 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!DialogBoxIndirectParamA 76ED83DD 5 Bytes JMP 7278445A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!MessageBoxIndirectA 76EED471 5 Bytes JMP 72784329 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!MessageBoxIndirectW 76EED56B 5 Bytes JMP 727842BE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!MessageBoxExA 76EED5D1 5 Bytes JMP 7278425C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] USER32.dll!MessageBoxExW 76EED5F5 5 Bytes JMP 727841FA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] ole32.dll!OleLoadFromStream 76FD9726 5 Bytes JMP 72784778 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!HttpAddRequestHeadersA 7712CF46 5 Bytes JMP 008F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!HttpOpenRequestA 7712D508 5 Bytes JMP 00D6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!InternetConnectA 7712DEAE 5 Bytes JMP 00D8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!InternetConnectW 7712F862 5 Bytes JMP 00D7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!HttpOpenRequestW 7712FBFB 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WININET.dll!HttpAddRequestHeadersW 7712FE49 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WS2_32.dll!closesocket 76F3330C 5 Bytes JMP 031F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WS2_32.dll!recv 76F3343A 5 Bytes JMP 0309000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WS2_32.dll!connect 76F340D9 5 Bytes JMP 030A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[192] WS2_32.dll!send 76F3659B 5 Bytes JMP 0320000A
.text C:\Program Files\Trend Micro\supercool\HijackThis.exe[312] kernel32.dll!CreateProcessW 76CF1C01 5 Bytes JMP 0177000A
.text C:\Program Files\DAP\DAP.EXE[320] kernel32.dll!CreateProcessW 76CF1C01 5 Bytes JMP 00A9000A
.text C:\Windows\Explorer.EXE[440] kernel32.dll!CreateProcessW 76CF1C01 5 Bytes JMP 01D9000A
.text C:\Windows\system32\wininit.exe[572] kernel32.dll!CreateProcessW 76CF1C01 5 Bytes JMP 009A000A
.text C:\Windows\system32\services.exe[648] kernel32.dll!CreateProcessW 76CF1C01 5 Bytes JMP 00EB000A
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[1896] WS2_32.dll!closesocket 76F3330C 5 Bytes JMP 034F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1896] WS2_32.dll!connect 76F340D9 5 Bytes JMP 034E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1896] WS2_32.dll!send 76F3659B 5 Bytes JMP 0350000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 0203BFC0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 0203C030
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 02039F00
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 0203C560
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 0203B230
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 020386C0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 02039920
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 02039B90
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 0203B340
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 0203C550
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 0203B190
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 0203AFF0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 0203A3F0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 0203AB80
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 0203A830
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 0203AFB0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetACP] 0203C570
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 02039E80
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] 020399A0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 0203A000
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 0203C230
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 0203A150
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0203C550
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0203C030
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0203B190
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0203CAD0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 0203A150
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 02039B00
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 02039E80
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0203AFF0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0203B6B0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0203B440
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0203B630
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0203BB10
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0203B820
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 0203B340
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0203B580
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0203B130
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 0203AFB0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 0203C570
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0203A000
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0203C290
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0203C1B0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0203C170
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0203A830
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 020399A0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0203B230
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 02039920
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 02039B90
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 020386C0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 0203AB80
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 0203C540
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 0203C810
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 0203C7B0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0203CA00
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0203CAA0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 0203C8D0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0203C4C0
IAT C:\Program Files\DAP\DAP.EXE[320] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0203C470

[sup3rman]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \FileSystem\fastfat \Fat B4A0EA7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys (*** hidden *** ) 8BF36000-8BF52000 (114688 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [192] 0x00E70000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\winlogon.exe [600] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [896] 0x009E0000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1008] 0x00990000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1056] 0x009A0000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1096] 0x009A0000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1120] 0x009A0000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1136] 0x00990000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1296] 0x00990000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1408] 0x009A0000
Library \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [1896] 0x02050000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\H8SRTdcwtvxbmfb.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@start

[sup3rman]

Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet008\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet009\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTdcwtvxbmfb.sys
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTcbmpqdpfen.dll
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcsvsvehtdd.dat
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRToteayxrxwp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiqwlipbtig.dll
Reg HKLM\SYSTEM\ControlSet010\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTebtpkforyo.dll

---- EOF - GMER 1.0.15 ----

[sup3rman]

i might have been under safe mode when i did it cant remember dag sorry ppl but i know it has a virus and trojan none of the antivirus programs will work on her laptop and the web browser keeps redirecting to other sites any help you all can give will be very appreciated

[Broni]

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"&#37;userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

[sup3rman]

21:20:00:444 1564 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
21:20:00:444 1564 ================================================================================
21:20:00:444 1564 SystemInfo:

21:20:00:444 1564 OS Version: 6.0.6001 ServicePack: 1.0
21:20:00:444 1564 Product type: Workstation
21:20:00:444 1564 ComputerName: LILBIGPIMPIN-PC
21:20:00:444 1564 UserName: Lil Big Pimpin'
21:20:00:444 1564 Windows directory: C:\Windows
21:20:00:444 1564 Processor architecture: Intel x86
21:20:00:444 1564 Number of processors: 2
21:20:00:444 1564 Page size: 0x1000
21:20:00:444 1564 Boot type: Normal boot
21:20:00:444 1564 ================================================================================
21:20:00:444 1564 UnloadDriverW: NtUnloadDriver error 2
21:20:00:444 1564 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:20:00:444 1564 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
21:20:00:460 1564 UtilityInit: KLMD drop and load success
21:20:00:460 1564 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
21:20:00:460 1564 UtilityInit: KLMD open success
21:20:00:460 1564 UtilityInit: Initialize success
21:20:00:460 1564
21:20:00:460 1564 Scanning Services ...
21:20:00:476 1564 CreateRegParser: Registry parser init started
21:20:00:476 1564 CreateRegParser: DisableWow64Redirection error
21:20:00:476 1564 wfopen_ex: Trying to open file C:\Windows\system32\config\system
21:20:00:476 1564 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
21:20:00:476 1564 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:20:00:476 1564 wfopen_ex: Trying to KLMD file open
21:20:00:476 1564 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
21:20:00:476 1564 wfopen_ex: File opened ok (Flags 2)
21:20:00:476 1564 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 2521318
21:20:00:476 1564 wfopen_ex: Trying to open file C:\Windows\system32\config\software
21:20:00:476 1564 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
21:20:00:476 1564 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:20:00:476 1564 wfopen_ex: Trying to KLMD file open
21:20:00:476 1564 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
21:20:00:476 1564 wfopen_ex: File opened ok (Flags 2)
21:20:00:476 1564 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 2521340
21:20:00:476 1564 CreateRegParser: EnableWow64Redirection error
21:20:00:476 1564 CreateRegParser: RegParser init completed
21:20:01:380 1564 GetAdvancedServicesInfo: Raw services enum returned 432 services
21:20:01:380 1564 ScanTDL2Services: Exact detect H8SRTd.sys (h: 1)
21:20:01:380 1564 RegNode HKLM\SYSTEM\ControlSet001\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:380 1564 will be deleted on reboot
21:20:01:380 1564 DeleteTDL2Service: SafeBoot Minimal doesn't infected
21:20:01:380 1564 DeleteTDL2Service: SafeBoot Network doesn't infected
21:20:01:396 1564 RegNode HKLM\SYSTEM\ControlSet002\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:396 1564 will be deleted on reboot
21:20:01:396 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet002\control\safeboot) error 5
21:20:01:427 1564 RegNode HKLM\SYSTEM\ControlSet003\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:427 1564 will be deleted on reboot
21:20:01:427 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet003\control\safeboot) error 5
21:20:01:458 1564 RegNode HKLM\SYSTEM\ControlSet004\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:458 1564 will be deleted on reboot
21:20:01:458 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet004\control\safeboot) error 5
21:20:01:458 1564 RegNode HKLM\SYSTEM\ControlSet005\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:458 1564 will be deleted on reboot
21:20:01:458 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet005\control\safeboot) error 5
21:20:01:474 1564 RegNode HKLM\SYSTEM\ControlSet006\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:474 1564 will be deleted on reboot
21:20:01:474 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet006\control\safeboot) error 5
21:20:01:490 1564 RegNode HKLM\SYSTEM\ControlSet007\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:490 1564 will be deleted on reboot
21:20:01:490 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet007\control\safeboot) error 5
21:20:01:490 1564 RegNode HKLM\SYSTEM\ControlSet008\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:490 1564 will be deleted on reboot
21:20:01:490 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet008\control\safeboot) error 5
21:20:01:490 1564 RegNode HKLM\SYSTEM\ControlSet009\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:490 1564 will be deleted on reboot
21:20:01:490 1564 DeleteTDL2Service: RawRegOpenKeyW(ControlSet009\control\safeboot) error 5
21:20:01:505 1564 RegNode HKLM\SYSTEM\ControlSet010\services\H8SRTd.sys infected by TDSS rootkit ... 21:20:01:505 1564 will be deleted on reboot
21:20:01:505 1564 DeleteTDL2Service: SafeBoot Minimal doesn't infected
21:20:01:521 1564 DeleteTDL2Service: SafeBoot Network doesn't infected
21:20:01:521 1564 File C:\Windows\system32\drivers\H8SRTdcwtvxbmfb.sys infected by TDSS rootkit ... 21:20:01:521 1564 will be deleted on reboot
21:20:01:521 1564 DeleteTDL2Service: Module enum: Name: H8SRTd. Type: 1

[sup3rman]

21:20:01:521 1564 DeleteTDL2Service: Module clone ImagePath, skipping
21:20:01:521 1564 DeleteTDL2Service: Module enum: Name: H8SRTc. Type: 1
21:20:01:521 1564 File C:\Windows\system32\H8SRTcbmpqdpfen.dll infected by TDSS rootkit ... 21:20:01:521 1564 will be deleted on reboot
21:20:01:521 1564 DeleteTDL2Service: Module enum: Name: H8SRTsrcr. Type: 1
21:20:01:521 1564 File C:\Windows\system32\H8SRTcsvsvehtdd.dat infected by TDSS rootkit ... 21:20:01:521 1564 will be deleted on reboot
21:20:01:521 1564 DeleteTDL2Service: Module enum: Name: h8srtserf. Type: 1
21:20:01:521 1564 File C:\Windows\system32\H8SRToteayxrxwp.dll infected by TDSS rootkit ... 21:20:01:521 1564 will be deleted on reboot
21:20:01:521 1564 DeleteTDL2Service: Module enum: Name: h8srtbbr. Type: 1
21:20:01:521 1564 File C:\Windows\system32\H8SRTiqwlipbtig.dll infected by TDSS rootkit ... 21:20:01:521 1564 will be deleted on reboot
21:20:01:536 1564 DeleteTDL2Service: Module enum: Name: h8srtmsg. Type: 1
21:20:01:536 1564 File C:\Windows\system32\H8SRTebtpkforyo.dll infected by TDSS rootkit ... 21:20:01:536 1564 will be deleted on reboot
21:20:01:536 1564 ScanTDL2Services: DeleteEvilService(H8SRTd.sys) success
21:20:01:536 1564 fclose_ex: Trying to close file C:\Windows\system32\config\system
21:20:01:536 1564 fclose_ex: Trying to close file C:\Windows\system32\config\software
21:20:01:536 1564
21:20:01:536 1564 Scanning Kernel memory ...
21:20:01:536 1564 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
21:20:01:536 1564 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 84EE8C68
21:20:01:536 1564 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
21:20:01:536 1564
21:20:01:536 1564 DetectCureTDL3: DEVICE_OBJECT: 84FEBAC8
21:20:01:536 1564 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84FEBAC8
21:20:01:536 1564 DetectCureTDL3: DEVICE_OBJECT: 84851BA0
21:20:01:536 1564 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84851BA0
21:20:01:536 1564 KLMD_ReadMem: Trying to ReadMemory 0x84851BA0[0x38]
21:20:01:536 1564 DetectCureTDL3: DRIVER_OBJECT: 847DB908
21:20:01:536 1564 KLMD_ReadMem: Trying to ReadMemory 0x847DB908[0xA8]
21:20:01:536 1564 KLMD_ReadMem: Trying to ReadMemory 0x847CF170[0x1A]
21:20:01:536 1564 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
21:20:01:536 1564 DetectCureTDL3: IrpHandler (0) addr: 879C20FC
21:20:01:536 1564 DetectCureTDL3: IrpHandler (1) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (2) addr: 879C20FC
21:20:01:536 1564 DetectCureTDL3: IrpHandler (3) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (4) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (5) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (6) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (7) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (8) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (9) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (10) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (11) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (12) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (13) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (14) addr: 879B09D6
21:20:01:536 1564 DetectCureTDL3: IrpHandler (15) addr: 879B09A8
21:20:01:536 1564 DetectCureTDL3: IrpHandler (16) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (17) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (18) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (19) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (20) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (21) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (22) addr: 879B0A04
21:20:01:536 1564 DetectCureTDL3: IrpHandler (23) addr: 879BDB70
21:20:01:536 1564 DetectCureTDL3: IrpHandler (24) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (25) addr: 81E75FE3
21:20:01:536 1564 DetectCureTDL3: IrpHandler (26) addr: 81E75FE3
21:20:01:536 1564 TDL3_FileDetect: Processing driver: atapi
21:20:01:536 1564 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
21:20:01:536 1564 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
21:20:01:536 1564 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Clean
21:20:01:536 1564 UtilityBootReinit: Reboot required for cure complete..
21:20:01:536 1564 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
21:20:01:552 1564 UtilityBootReinit: KLMD drop success
21:20:01:552 1564 KLMD_ApplyPendList: Pending buffer(5816_6DB5, 2216) dropped successfully
21:20:01:552 1564 UtilityBootReinit: Cure on reboot scheduled successfully
21:20:01:552 1564
21:20:01:552 1564 Completed
21:20:01:552 1564
21:20:01:552 1564 Results:
21:20:01:552 1564 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:20:01:552 1564 Registry objects infected / cured / cured on reboot: 10 / 0 / 10
21:20:01:552 1564 File objects infected / cured / cured on reboot: 6 / 0 / 6
21:20:01:552 1564
21:20:01:614 1564 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
21:20:01:614 1564 UtilityDeinit: KLMD(ARK) unloaded successfully

[Broni]

Very good

Please download ComboFix from Here or Here to your Desktop.


**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[sup3rman]

"some files could not be created close all applications restart windows and restart installation " restarted numerous time ill try again after work in the morn after i check back for advice maybe i need to update it dont have internet on at all been using my computer to transfer through usb stick....thanks for all the help so far though...

[Broni]

Delete your Combofix file.
Download fresh one from HERE
I renamed the file for a reason.

[sup3rman]

i have to uninstall the comodo and avg but i cant uninstall the avg it wond do it i have manually deleted everything but the avgse.dll 98kb size ill figure it out later on when i get back home thanx for all the help so far

[Train]

AVG Remover utility
http://www.avg.com/us-en/download-tools

[sup3rman]

here's the log from combo fix
ComboFix 10-01-27.03 - Lil Big Pimpin' 01/29/2010 15:36:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1158 [GMT -5:00]
Running from: c:\users\Lil Big Pimpin'\Desktop\9c6fg5k7.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\h8srtmainqt.dll
c:\users\Lil Big Pimpin'\AppData\Local\prang4.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\oem2.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-29 20:41 . 2010-01-29 20:41 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Local\temp
2010-01-29 20:41 . 2010-01-29 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-27 10:26 . 2010-01-27 10:26 -------- d-----w- c:\program files\Trend Micro
2010-01-27 08:59 . 2010-01-19 13:13 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-27 08:59 . 2010-01-19 11:42 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-27 08:59 . 2010-01-19 11:43 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-27 08:59 . 2010-01-19 11:46 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-27 08:59 . 2010-01-19 11:43 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-27 08:59 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-27 08:59 . 2010-01-19 11:57 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-27 08:59 . 2010-01-27 08:59 -------- d-----w- c:\programdata\Alwil Software
2010-01-27 08:59 . 2010-01-27 08:59 -------- d-----w- c:\program files\Alwil Software
2010-01-23 08:18 . 2010-01-27 08:35 1014 ----a-w- c:\programdata\h8srtkrl32mainweq.dll
2010-01-23 07:57 . 2010-01-23 07:57 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-01-23 05:14 . 2010-01-23 05:25 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-01-23 04:48 . 2010-01-23 04:48 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\AVG8
2010-01-13 12:53 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 12:53 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-08 09:30 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 09:30 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-08 05:01 . 2010-01-23 04:29 -------- d-----w- c:\program files\a-squared Free
2010-01-08 04:54 . 2010-01-08 09:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 13:33 . 2010-01-07 13:33 -------- d-----w- c:\programdata\IObit
2010-01-07 13:13 . 2010-01-07 13:13 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-07 03:57 . 2010-01-07 03:57 -------- d-----w- c:\windows\Sun
2010-01-07 02:12 . 2010-01-07 02:12 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\Malwarebytes
2010-01-07 02:12 . 2010-01-07 02:12 -------- d-----w- c:\programdata\Malwarebytes
2010-01-02 05:37 . 2010-01-03 05:00 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\DivX
2010-01-02 05:29 . 2010-01-02 05:29 -------- d-----w- c:\program files\DivX
2010-01-02 05:29 . 2010-01-02 05:29 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 20:34 . 2008-11-29 07:42 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\Comodo
2010-01-29 20:34 . 2008-11-29 07:41 -------- d-----w- c:\program files\COMODO
2010-01-28 23:19 . 2010-01-28 23:19 -------- d-----w- c:\programdata\avg8
2010-01-28 02:30 . 2008-11-15 14:57 -------- d-----w- c:\programdata\Roxio
2010-01-28 02:02 . 2010-01-28 02:02 0 ------w- c:\windows\system32\trzE5EB.tmp
2010-01-28 02:01 . 2008-11-29 07:34 -------- d-----w- c:\program files\PeerGuardian2
2010-01-27 23:47 . 2010-01-27 23:47 0 ------w- c:\windows\system32\trz708E.tmp
2010-01-27 23:46 . 2010-01-27 23:46 0 ------w- c:\windows\system32\trzFB3F.tmp
2010-01-14 16:12 . 2009-10-03 11:38 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 03:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-07 13:33 . 2008-11-21 08:07 -------- d-----w- c:\program files\IObit
2010-01-07 12:37 . 2008-10-25 16:06 -------- d-----w- c:\program files\Yahoo!
2010-01-03 22:44 . 2008-02-16 20:19 3528 ----a-w- c:\users\Lil Big Pimpin'\AppData\Roaming\wklnhst.dat
2010-01-02 06:38 . 2010-01-22 13:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 13:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 13:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 05:29 . 2008-10-27 19:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-02 04:57 . 2010-01-22 13:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 19:50 . 2008-10-25 23:04 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\Yahoo!
2009-12-28 19:49 . 2008-10-25 23:03 -------- d-----w- c:\programdata\Yahoo!
2009-12-28 19:42 . 2009-02-23 14:48 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2009-12-28 17:04 . 2008-11-29 07:23 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\BitTorrent
2009-12-11 06:45 . 2008-11-25 12:44 -------- d-----w- c:\users\Lil Big Pimpin'\AppData\Roaming\dvdcss
2009-12-10 10:13 . 2008-10-25 16:11 -------- d-----w- c:\program files\Defraggler
2009-12-07 01:22 . 2009-12-07 01:15 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-12-07 01:18 . 2009-12-07 00:49 -------- d-----w- c:\program files\Riven
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 03:41 . 2009-10-24 03:01 127872 ----a-w- c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\uninstall.exe
2009-11-12 03:41 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-11-10 19:39 . 2009-12-28 19:49 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-11-09 13:22 . 2009-12-12 03:24 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-12 03:24 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-12 03:24 411136 ----a-w- c:\windows\system32\drivers\http.sys
.

[sup3rman]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2009-02-23 14:47 140880 ----a-w- c:\progra~1\DAP\dapieloader.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 1457152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]
"a-squared"="c:\program files\a-squared Anti-Malware\a2guard.exe" [2010-01-02 3280712]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-01-19 2743104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-19 20:47 342848 ----a-w- c:\users\Lil Big Pimpin'\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2009-02-23 14:47 2807296 ----a-w- c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdpamon]
2007-12-07 10:17 16040 ----a-w- c:\program files\Lexmark Z2300 Series\lxdpamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdpmon.exe]
2007-12-07 10:17 656040 ----a-w- c:\program files\Lexmark Z2300 Series\lxdpmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 00:13 133656 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
2008-11-24 19:43 460216 ----a-w- c:\windows\System32\Adobe\Shockwave 11\SwHelper_1103471.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2009-12-07 01:15 1435240 ----a-w- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 06:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [1/27/2010 3:59 AM 162640]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [1/23/2010 12:14 AM 1858144]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [1/8/2010 12:01 AM 1858144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [1/27/2010 3:59 AM 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [1/27/2010 3:59 AM 51792]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/7/2010 8:33 AM 312592]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdpserv.exe [12/1/2007 2:16 AM 98984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/23/2009 8:58 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2008-12-13 18:51]

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 01:58]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 01:58]
.
.

[sup3rman]

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
FF - ProfilePath - c:\users\Lil Big Pimpin'\AppData\Roaming\Mozilla\Firefox\Profiles\jkyse0tg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\users\Lil Big Pimpin'\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\Lil Big Pimpin'\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 15:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-29 15:43:03
ComboFix-quarantined-files.txt 2010-01-29 20:43

Pre-Run: 156,842,889,216 bytes free
Post-Run: 156,781,957,120 bytes free

- - End Of File - - BB2DD531736FF47B17FEBB896FFED497