Detected Trojan - now hard drive failure

**meatrocket** · 21-07-2011

Hello,

Last night I was surfing the web and ad-aware told me I had a trojan. I went to scan for it then in the task bar it said I was having a critical hard drive failure. There wasn't any strange programs popping up trying to get me to buy there software so I don't know what is going on. It then restarted. Now I don't have any desktop icons and it appears that all my files are lost. When I run Rkill, It said something about windows was running a proxy? Then I would run malwarebytes (both of these I had to put on a flash drive to run on the computer) it would scan for a bit then it would get an overflow error and shut down.

Please help me.
I am running windows 7.

**meatrocket** · 21-07-2011

Update: I ran rkill again after start up.
Processes terminated by Rkill

C:\programdata\fawQrGaeBAupsR.exe
C:\windows\syswow64\attrib.exe

**meatrocket** · 21-07-2011

Here is a DDS log. Also When i try to use TDSSKiller, the window to the program will pop up but like with everything else I try to run the program consists of a window of just plain white background.

DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Ryan at 15:55:38 on 2011-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2826 [GMT -5:00]
.
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\AnyPC Client\APLanMgrC.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\InfDefaultInstall.exe
C:\windows\SysWOW64\InfDefaultInstall.exe
C:\windows\SysWOW64\InfDefaultInstall.exe
C:\windows\SysWOW64\InfDefaultInstall.exe
C:\windows\SysWOW64\InfDefaultInstall.exe
C:\windows\SysWOW64\InfDefaultInstall.exe
C:\windows\SysWOW64\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\windows\SysWOW64\InfDefaultInstall.exe
C:\windows\SysWOW64\InfDefaultInstall.exe
C:\windows\SysWOW64\InfDefaultInstall.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\notepad.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\B2RN3JPV\dds.scr
C:\windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2997295
uSearch Bar = Preserve
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C3 48BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Prof iles\5uhuan9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGI DSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Soluto;Soluto;C:\windows\system32\DRIVERS\Soluto.s ys --> C:\windows\system32\DRIVERS\Soluto.sys [?]
R1 PSINKNC;PSINKNC;C:\windows\system32\DRIVERS\psinkn c.sys --> C:\windows\system32\DRIVERS\psinknc.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/03 12:12:40];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-19 146928]
R2 PSINAflt;PSINAflt;C:\windows\system32\DRIVERS\PSIN Aflt.sys --> C:\windows\system32\DRIVERS\PSINAflt.sys [?]
R2 PSINFile;PSINFile;C:\windows\system32\DRIVERS\PSIN File.sys --> C:\windows\system32\DRIVERS\PSINFile.sys [?]
R2 PSINProc;PSINProc;C:\windows\system32\DRIVERS\PSIN Proc.sys --> C:\windows\system32\DRIVERS\PSINProc.sys [?]
R2 PSINProt;PSINProt;C:\windows\system32\DRIVERS\PSIN Prot.sys --> C:\windows\system32\DRIVERS\PSINProt.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssflt r.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 NMgamingmsFltr;USB Optical Mouse;C:\windows\system32\drivers\NMgamingms.sys --> C:\windows\system32\drivers\NMgamingms.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsus bflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-7-9 166400]
S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-7-9 128512]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-23 135664]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-23 135664]
S4 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-4-28 140608]
S4 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-2-2 332272]
S4 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-2-2 311296]
S4 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2011-7-7 376352]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-21 18:40:57 -------- d-----w- C:\ProgramData\Panda Security
2011-07-21 04:06:31 293376 ----a-w- C:\windows\SysWow64\WISPTIS.EXE
2011-07-21 04:06:29 39728 ----a-w- C:\windows\SysWow64\SCP32.DLL
2011-07-21 04:06:28 125744 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL
2011-07-21 04:06:26 18432 ----a-w- C:\windows\SysWow64\corpol.dll
2011-07-21 04:06:25 49480 ----a-w- C:\windows\System32\drivers\mfesmfk.sys
2011-07-21 04:06:25 40904 ----a-w- C:\windows\System32\drivers\mferkdk.sys
2011-07-21 04:06:25 307400 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2011-07-21 04:06:25 176144 ----a-w- C:\windows\System32\drivers\Mpfp.sys
2011-07-21 04:06:25 102600 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2011-07-21 04:06:18 22016 ----a-w- C:\windows\System32\corpol.dll
2011-07-21 00:55:56 372736 ---ha-w- C:\ProgramData\P1kAlMiG2Kb7Fz.exe
2011-07-15 18:06:21 -------- d-----w- C:\Program Files\Soluto
2011-07-14 23:29:38 55808 ---ha-w- C:\windows\SysWow64\EEBSDKIF.dll
2011-07-14 23:29:38 110592 ---ha-w- C:\windows\SysWow64\EEBDSCVR.dll
2011-07-10 04:17:30 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-07-10 04:17:29 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-07-10 04:17:29 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-07-10 04:17:29 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-07-10 04:17:29 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-07-10 04:17:15 -------- d--h--w- C:\ProgramData\UDL
2011-07-10 04:15:51 -------- d-----w- C:\Program Files\Epson Software
2011-07-10 04:13:37 -------- d-----w- C:\Program Files\Common Files\EPSON
2011-07-10 04:12:12 -------- d-----w- C:\Program Files (x86)\EpsonNet
2011-07-10 04:10:56 118784 ----a-w- C:\windows\System32\E_ILMGCA.DLL
2011-07-10 04:10:52 88064 ----a-w- C:\windows\System32\E_IBCBGCA.DLL
2011-07-10 04:10:44 -------- d--h--w- C:\ProgramData\EPSON
2011-07-10 04:10:31 -------- d-----w- C:\Program Files (x86)\Epson Software
2011-07-10 04:09:34 464384 ----a-w- C:\windows\System32\esxw2ud.dll
2011-07-10 04:09:34 17408 ----a-w- C:\windows\System32\esxcdev.dll
2011-07-10 04:09:34 128392 ----a-w- C:\windows\System32\esdevapp.exe
2011-07-10 04:09:29 -------- d-----w- C:\Program Files (x86)\epson
2011-07-09 18:50:32 -------- d--h--w- C:\Users\Ryan\AppData\Roaming\HpUpdate
2011-07-09 18:49:31 -------- d-----w- C:\Program Files (x86)\HP
2011-07-09 18:47:29 -------- d--h--w- C:\Users\Ryan\AppData\Local\HP
2011-07-04 21:31:26 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-04 21:31:25 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-28 22:17:05 -------- d-----w- C:\Program Files (x86)\Coupons
.
==================== Find3M ====================
.
2011-07-07 13:34:08 54728 ----a-w- C:\windows\System32\drivers\Soluto.sys
2011-07-07 00:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-07-01 21:02:17 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
2011-06-22 16:00:15 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07:25 3137536 ----a-w- C:\windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-06-03 06

38 421888 ----a-w- C:\windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-06-03 05

12 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-06-03 05

11 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-30 03:44:38 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-05-30 03:44:37 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-05-24 11:42:55 404480 ----a-w- C:\windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\windows\SysWow64\drvinst.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-04-28 12:09:29 361280 ----a-w- C:\windows\System32\PSUNCpl.cpl
2011-04-28 11:57:43 128072 ----a-w- C:\windows\System32\drivers\PSINProt.sys
2011-04-28 11:57:43 121928 ----a-w- C:\windows\System32\drivers\PSINProc.sys
2011-04-28 11:57:42 159816 ----a-w- C:\windows\System32\drivers\PSINAflt.sys
2011-04-28 11:57:42 149576 ----a-w- C:\windows\System32\drivers\PSINKNC.sys
2011-04-28 11:57:42 114760 ----a-w- C:\windows\System32\drivers\PSINFile.sys
2011-04-28 03:55:08 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
2011-04-28 03:54:56 80384 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS
2011-04-27 02:40:40 158208 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\windows\System32\drivers\afd.sys
2011-04-23 01:29:25 2303488 ----a-w- C:\windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-04-22 22:15:29 27520 ----a-w- C:\windows\System32\drivers\Diskdump.sys
.
============= FINISH: 15

02.54 ===============

**meatrocket** · 21-07-2011

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-21 17:54:28
Windows 6.1.7601 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\0026b654edff
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\0026b654f652
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\0026b66b6864
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\0026b654edff (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\0026b654f652 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\0026b66b6864 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\winsxs\amd64_microsoft-windows-aero_31bf3856ad364e35_6.1.7601.17514_none_0a0916fa 3009208a\aero.msstyles (size mismatch) 1187984/1171088 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-o..achine-ui.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f87c9021f6656904\msoobeui.dll.mui (size mismatch) 21504/22016 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-oobe-machine-ui_31bf3856ad364e35_6.1.7601.17514_none_c081339cf8 50430b\msoobeui.dll (size mismatch) 1156608/1161728 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-rasapi_31bf3856ad364e35_6.1.7601.17514_none_cb5d84 d96624bcbd\pbkmigr.dll (size mismatch) 56320/57856 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_09c f3ec67e6c6b50\RasMigPlugin.dll (size mismatch) 155136/217088 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905 283bdc3e1d2d8\spprgrss.dll (size mismatch) 57344/57856 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-w..-installer-provider_31bf3856ad364e35_6.1.7601.17514_none_88af 1cb8f0d0a95d\msiprov.dll (size mismatch) 399872/399360 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-w..ovider-cimwin32-dll_31bf3856ad364e35_6.1.7601.17514_none_2dd0f6a01 caf55c6\cimwin32.dll (size mismatch) 2055168/2058240 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_ 6e88c3faa2049408\WmiPrvSD.dll (size mismatch) 750080/754176 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_ 6e88c3faa2049408\WmiPrvSE.exe (size mismatch) 368640/372736 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0 d90a8cf\WmiApRpl.dll (size mismatch) 137216/137728 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.1.7601.17514_none_3fe5b852e d7138b6\wbemcore.dll (size mismatch) 1220096/1225216 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-wmi-ds-provider_31bf3856ad364e35_6.1.7601.17514_none_e70f 3fb2e8f114ba\dsprov.dll (size mismatch) 160256/159232 bytes executable
File C:\Windows\winsxs\amd64_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.1.7601.17514_none_4e7f a5bfc379eecd\ntevt.dll (size mismatch) 266240/265728 bytes executable
File C:\Windows\winsxs\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_c1fead4e 4bf85947\IMTCCFG.DLL (size mismatch) 171520/172032 bytes executable
File C:\Windows\winsxs\wow64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_142 3e918b2cd2d4b\RasMigPlugin.dll (size mismatch) 116736/172544 bytes executable
File C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.1.7601.17514_none_63c4031bc 4bcf024\fastprox.dll (size mismatch) 605696/606208 bytes executable
File C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_ 78dd6e4cd6655603\WmiPrvSE.exe (size mismatch) 254976/257536 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.1.7601.17514_none_6f3ee9 55adc74b87\pbkmigr.dll (size mismatch) 47104/67584 bytes executable

---- EOF - GMER 1.0.15 ----

**broni** · 22-07-2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== =============

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

Please, complete all steps listed here: HERE

Detected Trojan - now hard drive failure

Detected Trojan - now hard drive failure

Similar Threads

Hard drive no longer detected

Hard drive not detected

No hard drive detected...

hard disk drive not detected

fully capacity of hard drive not detected