Rkill just told me I have a Rootkit, the top one seems to be the main problem. Can anyone tell me how to delete it please? thanks.



C:\Users\MM~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe

Please, read HERE and post required logs.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Thanks.

I updated Malwarebytes and done a full scan, it found nothing at all.


GMER Log


GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-11 09:15:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: zzz.exe; Driver: C:\Users\MARKMC~1\AppData\Local\Temp\axrdifoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA0CD5780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA0CD5830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA0CD58D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA0CD5970]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 82CCBB54 4 Bytes [80, 57, CD, A0] {ADC BYTE [EDI-0x33], 0xa0}
.text ntkrnlpa.exe!KeSetEvent + 621 82CCBD84 8 Bytes [30, 58, CD, A0, D0, 58, CD, ...] {XOR [EAX-0x33], BL; MOV AL, [0xa0cd58d0]}
.text ntkrnlpa.exe!KeSetEvent + 681 82CCBDE4 4 Bytes JMP 50262E6B
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8F40C340, 0x3EEDE7, 0xE8000020]
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl section is writeable [0xA4C05000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in ".vmp2" section [0xA4C28050]
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xA4C05000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xA4C28050]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[2740] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 75FAB37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73147817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7319A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7314BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7313F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [731475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7313E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73178395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7314DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7313FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7313FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [731371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [731CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7316C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7313D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73136853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7313687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73142AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae0 7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[2740] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BthPort\Paramet ers\Keys\002269d1b739 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BthPort\Paramet ers\Keys\002269d1b739@d4cbaff409fa 0x21 0x57 0x4E 0xBF ...
Reg HKLM\SYSTEM\ControlSet009\Services\BthPort\Paramet ers\Keys\002269d1b739 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Par ameters\Keys\002269d1b739
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Par ameters\Keys\002269d1b739@d4cbaff409fa 0x21 0x57 0x4E 0xBF ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Med ia Center\Service\Scheduler@Heartbeat 0x08 0xB2 0x68 0xAD ...

---- EOF - GMER 1.0.15 ----




I appreciate your help.

MBR Log


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 8930
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 170):
0x82C1F000 \SystemRoot\system32\ntkrnlpa.exe
0x82FD8000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80478000 \SystemRoot\system32\PSHED.dll
0x80489000 \SystemRoot\system32\BOOTVID.dll
0x80491000 \SystemRoot\system32\CLFS.SYS
0x804D2000 \SystemRoot\system32\CI.dll
0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068B000 \SystemRoot\system32\drivers\acpi.sys
0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E2000 \SystemRoot\system32\drivers\pci.sys
0x80709000 \SystemRoot\System32\drivers\partmgr.sys
0x80718000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80725000 \SystemRoot\system32\drivers\volmgr.sys
0x80734000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8078E000 \SystemRoot\System32\Drivers\UBHelper.sys
0x83208000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x832E1000 \SystemRoot\system32\drivers\atapi.sys
0x832E9000 \SystemRoot\system32\drivers\ataport.SYS
0x83307000 \SystemRoot\system32\drivers\fltmgr.sys
0x83339000 \SystemRoot\system32\drivers\fileinfo.sys
0x83349000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x83352000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AE09000 \SystemRoot\system32\drivers\ndis.sys
0x8AF14000 \SystemRoot\system32\drivers\msrpc.sys
0x8AF3F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B002000 \SystemRoot\System32\drivers\tcpip.sys
0x8B0EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B204000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B314000 \SystemRoot\system32\drivers\volsnap.sys
0x8B34D000 \SystemRoot\System32\Drivers\spldr.sys
0x8B355000 \SystemRoot\System32\Drivers\mup.sys
0x8B364000 \SystemRoot\System32\drivers\ecache.sys
0x8B38B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B3AF000 \SystemRoot\system32\drivers\disk.sys
0x8B3C0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B3E1000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B3EA000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8B3EF000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8AF7A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AF83000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B3F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8AF92000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F40C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FB40000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FBE1000 \SystemRoot\System32\drivers\watchdog.sys
0x8FBED000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AF9B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AFD9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FC07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC94000 \SystemRoot\system32\DRIVERS\L1E60x86.sys
0x8FE03000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x9018A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9019D000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x901A7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x901B2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x901E1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x901E3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FCA4000 \SystemRoot\system32\DRIVERS\itecir.sys
0x8FCFC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x901EE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8FD14000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FD43000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FD84000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FD8F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FDA6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FDB1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FDD4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FDE3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AFE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90409000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x90492000 \SystemRoot\system32\DRIVERS\termdd.sys
0x904A2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x904A4000 \SystemRoot\system32\DRIVERS\ks.sys
0x904CE000 \SystemRoot\system32\DRIVERS\circlass.sys
0x904DC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x904E6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x904F3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90528000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91C06000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91E0E000 \SystemRoot\system32\drivers\portcls.sys
0x91E3B000 \SystemRoot\system32\drivers\drmk.sys
0x91E60000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x91F86000 \SystemRoot\system32\drivers\modem.sys
0x91F93000 \SystemRoot\system32\drivers\nvhda32v.sys
0x91FA6000 \SystemRoot\system32\DRIVERS\hidir.sys
0x91FB1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91FC1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91FC8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91FD1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91FD9000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x91FE5000 \??\C:\Windows\system32\SAVRKBootTasks.sys
0x91FEA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91FF3000 \SystemRoot\System32\Drivers\Null.SYS
0x90539000 \SystemRoot\System32\Drivers\Beep.SYS
0x90540000 \SystemRoot\System32\drivers\vga.sys
0x9054C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9056D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90575000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9057D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90588000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90596000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9059F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x905B5000 \SystemRoot\system32\drivers\vfs101x.sys
0x80796000 \SystemRoot\System32\Drivers\AVerAF15.sys
0x91FFA000 \SystemRoot\System32\Drivers\BdaSup.SYS
0x905C2000 \SystemRoot\system32\DRIVERS\xusb21.sys
0x905D0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x905D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x833C3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x833E4000 \SystemRoot\system32\DRIVERS\smb.sys
0x805B2000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x91A03000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91A35000 \SystemRoot\system32\drivers\afd.sys
0x91A7D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91A93000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91AA1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91AB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91AF0000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x91AF4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91AFE000 \SystemRoot\system32\drivers\csc.sys
0x91B59000 \SystemRoot\System32\Drivers\dfsc.sys
0x91B70000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x91BAC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B107000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x91BB9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9A200000 \SystemRoot\System32\win32k.sys
0x91BCA000 \SystemRoot\System32\drivers\Dxapi.sys
0x91BD4000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A420000 \SystemRoot\System32\TSDDD.dll
0x91BE3000 \SystemRoot\system32\drivers\luafv.sys
0x9A440000 \SystemRoot\System32\cdd.dll
0x9F200000 \SystemRoot\system32\drivers\spsys.sys
0x9F2B0000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9F2C2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9F2D2000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9F2FC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9F306000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9F319000 \SystemRoot\system32\drivers\HTTP.sys
0x9F386000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F3A3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9F3BC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9F3D1000 \SystemRoot\system32\drivers\mrxdav.sys
0x8B1E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0C08000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0C41000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0C59000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0C81000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0CCF000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xA0CD3000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA0CDE000 \??\C:\Windows\system32\drivers\int15.sys
0xA0CE5000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
0xA0D03000 \SystemRoot\system32\drivers\peauth.sys
0xA0DE1000 \SystemRoot\system32\drivers\PSDNServ.sys
0xA0DEA000 \SystemRoot\system32\drivers\psdvdisk.sys
0x9F3F2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x905F0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4C04000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0xA4C30000 \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl
0xA4C5C000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA4C66000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA4C8E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4CA4000 \SystemRoot\system32\drivers\MSPQM.sys
0xA4CA6000 \??\C:\Users\MARKMC~1\AppData\Local\Temp\axrdifoc. sys
0x77210000 \Windows\System32\ntdll.dll

Processes (total 94):
0 System Idle Process
4 System
560 C:\Windows\System32\smss.exe
784 csrss.exe
872 C:\Windows\System32\wininit.exe
884 csrss.exe
916 C:\Windows\System32\services.exe
960 C:\Windows\System32\lsass.exe
968 C:\Windows\System32\lsm.exe
1084 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\nvvsvc.exe
1164 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\audiodg.exe
1424 C:\Windows\System32\svchost.exe
1444 C:\Windows\System32\SLsvc.exe
1488 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\winlogon.exe
1692 C:\Windows\System32\vfsFPService.exe
1748 C:\Windows\System32\svchost.exe
1872 C:\Windows\System32\wlanext.exe
1976 C:\Windows\System32\spoolsv.exe
2000 C:\Windows\System32\svchost.exe
748 C:\Windows\System32\agrsmsvc.exe
808 C:\Program Files\AVG\AVG10\avgwdsvc.exe
820 C:\Windows\System32\svchost.exe
836 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
908 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
1588 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
420 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2068 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2100 C:\ACER\Mobility Center\MobilityService.exe
2352 C:\Windows\System32\svchost.exe
2396 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2408 C:\Windows\System32\rundll32.exe
2444 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2480 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\svchost.exe
2568 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2628 C:\Windows\System32\SearchIndexer.exe
3004 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3568 WmiPrvSE.exe
3896 C:\Windows\System32\taskeng.exe
4072 C:\Windows\System32\dwm.exe
1068 C:\Windows\System32\taskeng.exe
2740 C:\Windows\explorer.exe
3244 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1536 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3872 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
3040 C:\Program Files\Launch Manager\LManager.exe
2236 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
1252 C:\Windows\RtHDVCpl.exe
1060 C:\Windows\PLFSetI.exe
2604 C:\Program Files\Cyberlink\PowerDVD9\PDVD9Serv.exe
2252 C:\Program Files\Cyberlink\Shared files\brs.exe
3944 C:\Windows\System32\rundll32.exe
2520 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
2244 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
1040 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1896 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
3992 C:\Program Files\AVG\AVG10\avgtray.exe
1468 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3440 C:\Windows\ehome\ehtray.exe
1540 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
2476 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4136 C:\Program Files\Windows Media Player\wmpnscfg.exe
4204 C:\Program Files\Windows Media Player\wmpnetwk.exe
4496 C:\Windows\ehome\ehmsas.exe
4728 C:\Windows\ehome\ehsched.exe
5208 C:\Windows\ehome\ehrecvr.exe
5992 C:\Users\MARKMC~1\AppData\Local\Temp\RtkBtMnt.exe
4028 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
4368 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5940 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
5948 C:\Program Files\AVG\AVG10\avgemcx.exe
5448 C:\Program Files\AVG\AVG10\avgnsx.exe
4640 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
4312 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
596 C:\Program Files\AVG\AVG10\avgcsrvx.exe
4576 C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe
3524 C:\Program Files\Click-N-Type\Click-N-Type.exe
4704 C:\Program Files\Internet Explorer\iexplore.exe
1516 C:\Program Files\Internet Explorer\iexplore.exe
5460 C:\Windows\System32\Macromed\Flash\FlashUtil10l_Ac tiveX.exe
4884 C:\Program Files\Internet Explorer\iexplore.exe
4076 C:\Program Files\Internet Explorer\iexplore.exe
3972 C:\Windows\System32\SearchProtocolHost.exe
4744 C:\Windows\System32\SearchFilterHost.exe
5012 C:\Windows\System32\dllhost.exe
4476 dllhost.exe
5112 dllhost.exe
552 C:\Users\Mark McL\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`c0100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000026`c2e00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
PhysicalDrive1 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116
298 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

DDS Log


DDS (Ver_10-12-05.01) - NTFSx86
Run by Mark McL at 9:33:23.78 on 11/12/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3068.1504 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Users\MARKMC~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_Ac tiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mark McL\Desktop\MBRCheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mark McL\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=0&o=vu32&d=0908&m=aspire_ 8930
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=0&o=vu32&d=0908&m=aspire_ 8930
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\s wg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\users\markmc~1\appdata\roaming\micros~1\windows \startm~1\programs\startup\click-~1.lnk - c:\program files\click-n-type\Click-N-Type.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950D F09FAB501E03.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

================= FIREFOX ===================

FF - ProfilePath - c:\users\markmc~1\appdata\roaming\mozilla\firefox\ profiles\zculsmuv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.d ll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin \mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGI DSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-12-10 18816]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/05/02 0310];c:\program files\acer arcade deluxe\playmovie\000.fcl [2010-5-2 87536]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/07 18:03:03];c:\program files\cyberlink\powerdvd9\000.fcl [2009-9-1 87536]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-9-28 75048]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-9-28 122368]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-5-26 599344]
R3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\system32\drivers\AVerAF15.sys [2008-9-28 280192]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ AVGIDSShim.sys [2010-8-19 27216]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-9-28 54784]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-17 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101 x.sys [2008-5-26 40752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-17 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssflt r.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-17 85136]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-7-8 33792]
S3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\drivers\MijUfilt.sys [2009-7-8 10368]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-7-22 27904]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2010-12-10 15:03:48 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-12-10 14:22:33 -------- d-----w- c:\program files\Sophos
2010-12-09 16:48:36 -------- d-sh--w- C:\found.000
2010-11-24 05:23:38 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-14 00:10:51 -------- d-----w- c:\program files\common files\xing shared
2010-11-13 12:52:11 -------- d--h--w- C:\$AVG

==================== Find3M ====================

2010-12-11 02:48:24 119296 ----a-w- c:\windows\system32\zlib.dll
2010-10-19 10:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 1341 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-07-03 21:35:55 1013584 ----a-w- c:\program files\TDSSKiller.exe
2010-07-03 12:59:46 294400 ----a-w- c:\program files\exeHelper.com
2010-07-02 13:11:38 3725496 ----a-w- c:\program files\ComboFix.exe
2010-07-02 12:41:23 525824 ----a-w- c:\program files\dds.scr
2010-07-02 00:47:40 1529241 ----a-w- c:\program files\SDFix.exe
2010-07-01 20:23:20 363520 ----a-w- c:\program files\rkill.com
2010-06-19 11:00:49 2131808 ----a-w- c:\program files\avg_free_stb_all_9_114_cnet.exe
2010-06-09 03:17:14 5588664 ----a-w- c:\program files\PoolSharksInstaller.exe
2010-05-17 17:32:33 1339288 ----a-w- c:\program files\sar_15_sfx.exe

============= FINISH: 9:33:52.39 ===============

Attach Log



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 28/09/2008 19:07:00
System Uptime: 11/12/2010 08:48:47 (1 hours ago)

Motherboard: Acer | | Aspire 8930
Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | CPU | 2534/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 144 GiB total, 81.427 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 297.949 GiB free.
E: is FIXED (NTFS) - 139 GiB total, 139.399 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer Crystal Eye Webcam 3.0.6.3
Acer eAudio Management
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Acer VCM
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
Alice Greenfingers
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AVerMedia A309 (MiniCard, DVB-T) 1.0.0.43
AVerMedia A310 (MiniCard, DVB-T) 1.1.0.29
AVG 2011
Backspin Billiards
Big Kahuna Reef
Bookworm Deluxe
Bricks of Egypt
Cake Mania
CCleaner
Chuzzle
Click-N-Type
CyberLink PowerDirector
CyberLink PowerDVD 9
D3DX10
DAL Scanner
Daniusoft MP3 WAV Converter(Build 2.0.25)
Diner Dash Flo on the Go
eSobi v2
Flip Words 2
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
ITECIR
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest Solitaire
JMicron JMB38X Flash Media Controller
Junk Mail filter update
Launch Manager
LightScribe 1.4.142.1
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft Xbox 360 Accessories 1.1
Microsoft XNA Framework Redistributable 3.0
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Orion
PhotoNow!
Pinnacle Game Profiler
PIXresizer 2.0.4
Pool Sharks 2.1
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
RecordPad Sound Recorder
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sophos Anti-Rootkit 1.5.4
Spelling Dictionaries Support For Adobe Reader 9
Switch Sound File Converter
Synaptics Pointing Device Driver
System Requirements Lab
Turbo Pizza
Ultimate Extras sounds from Microsoft® Tinker™
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Validity Sensors software
VLC media player 1.0.2
WavePad Sound Editor
WIDCOMM Bluetooth Software 6.0.1.5000
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
Windows Sound Schemes
Xbox 360 Controller UI

==== End Of File ===========================

PhysicalDrive0 Unknown MBR code

Your MBR looks suspicious, so we'll have to fix it.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

Is there any other method I can fix it without a cd? I don't have any.

Unfortunately, in case of Vista, no.

Originally Posted by broni

Unfortunately, in case of Vista, no.

I found an unused CD-R so I'm trying it now, will reply soon thanks.