Critical error drive sector not found

Today i was on my computer and experienced this issue, I found a few older topic on here regarding it. I ran the unhide, combo fix, and it appears to have fixed the problem the icons on my desktop have returned, i can go back on chrome etc.

Here is my log from unhide -

--------------------------------------
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 10/07/2012 10:41:08 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 332322 files processed.

Restoring the Start Menu.
* 505 Shortcuts and Desktop items were restored.


Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
* DisableTaskMgr policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
* HidNoChangingWallPaperden policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowControlPanel was set to 0! It was set back to 1!
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyComputer was set to 0! It was set back to 1!
* Start_ShowMyDocs was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 10/07/2012 10:48:20 PM
Execution time: 0 hours(s), 7 minute(s), and 11 seconds(s)


-------------------------------------

ANd here is my log from the Malwarebytes Anti Malware -

--------------------------

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.04

Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19088
lalit :: LALITMAMTA-PC [administrator]

Protection: Disabled

08-10-2012 08:19:07
mbam-log-2012-10-08 (08-19-07).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 514337
Time elapsed: 1 hour(s), 35 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nqJmDLLyhpVVQC.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\nqJmDLLyhpVVQC.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UJPTuOBg9fQk3U (Trojan.FakeAlert) -> Data: C:\ProgramData\UJPTuOBg9fQk3U.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\ProgramData\NQJMDLLYHPVVQC.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\UJPTUOBG9FQK3U.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Lalit\USB\Lalit\New Folder\pwdremover.exe (PSWTool.PdfCracker) -> Quarantined and deleted successfully.
C:\ProgramData\ajrO5zbYAPBR2R.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)
-------

ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
  
• When ComboFix finishes, it will produce a report for you.
  
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Hi,

I ran ComboFix in safe mode and here are the logs -

--------------------

ComboFix 12-10-08.02 - lalit 08-10-2012 23:38:11.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.91.1033.18.3062.2282 [GMT 5.5:30]
Running from: c:\users\lalit\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ajrO5zbYAPBR2R
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\UJPTuOBg9fQk3U
c:\users\lalit\g2mdlhlpx.exe
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 18:43 . 2012-10-08 18:45 -------- d-----w- c:\users\lalit\AppData\Local\temp
2012-10-08 18:43 . 2012-10-08 18:43 -------- d-----w- c:\users\Vijay\AppData\Local\temp
2012-10-08 18:43 . 2012-10-08 18:43 -------- d-----w- c:\users\LalitMamta\AppData\Local\temp
2012-10-08 18:43 . 2012-10-08 18:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-08 17:09 . 2012-10-08 17:09 -------- d-----w- C:\_OTL
2012-10-06 09:32 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06B40FF4-315F-415A-9FF0-C3E2964818B0}\mpengine.dll
2012-10-03 04:44 . 2012-10-03 04:44 -------- d-----w- c:\windows\Profiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 16:26 . 2009-02-13 05:52 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-10-08 16:26 . 2009-02-13 05:58 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-09-07 11:34 . 2009-07-19 08:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-15 13:12 . 2012-04-07 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 13:12 . 2011-05-21 12:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 14:55 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-10-25 103896]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-20 296056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-07 1089608]
.
c:\users\LalitMamta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-10 45056]
.
c:\users\lalit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-10 45056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-01-22 21:25 712704 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 10:27 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 03:28 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 05:01 54608 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 04:01 448080 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-20 04:08 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 05:41]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-07 05:41]
.
2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2972934901-3891036527-1405551415-1000Core.job
- c:\users\LalitMamta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17 05:45]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2972934901-3891036527-1405551415-1000UA.job
- c:\users\LalitMamta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-17 05:45]
.
2009-12-29 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2009-11-14 00:49]
.
2012-10-06 c:\windows\Tasks\Norton Security Scan for lalit.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 04:18]
.
2011-02-19 c:\windows\Tasks\Total PC Health Defrag.job
- c:\program files\Total PC Health\Total PC Health\tpch.exe [2010-12-15 18:23]
.
2012-10-02 c:\windows\Tasks\Total PC Health Registration3.job
- c:\program files\Common Files\Total PC Health\UUS3\UUS3.dll [2010-11-02 18:09]
.
2011-02-19 c:\windows\Tasks\Total PC Health Update3.job
- c:\program files\Common Files\Total PC Health\UUS3\Update3.exe [2010-11-02 18:09]
.
2011-02-19 c:\windows\Tasks\Total PC Health.job
- c:\program files\Total PC Health\Total PC Health\tpch.exe [2010-12-15 18:23]
.
2012-10-07 c:\windows\Tasks\User_Feed_Synchronization-{35D796DF-0360-4A01-9F16-E8DC64F1D484}.job
- c:\windows\system32\msfeedssync.exe [2012-05-08 04:32]
.
2012-10-07 c:\windows\Tasks\User_Feed_Synchronization-{79131BF7-0A56-4037-839B-F8EDDBA51273}.job
- c:\windows\system32\msfeedssync.exe [2012-05-08 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{B440D501-40FB-40D0-AE30-B7EBEE2B3F9A} - http://www.orangeshark.com/brainIQ/brainIQexeinterim.php?gid=105&from=icon
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 202.149.208.92 202.149.208.91
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{A057A204-BACC-4D26-9A9E-3AF287E2699B} - (no file)
HKLM-RunOnce- - (no file)
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-09 00:15
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????d??l/?????;? ;?X ;?? ;??
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2972934901-3891036527-1405551415-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{04893240-570C-9EB1-8B57-AB630851B329}*]
"halcjafiojdcaklk"=hex:6a,61,69,6e,65,63,65,64,6e,69,69,69,6a,64,6e,6e,62,69,
64,6a,00,cd
"iafcdmhhoihojfieig"=hex:69,61,61,6f,6e,67,6a,67,63,6f,6d,63,66,69,66,68,63,6d,
00,77
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-10-09 00:32:58
ComboFix-quarantined-files.txt 2012-10-08 19:02
.
Pre-Run: 21,964,595,200 bytes free
Post-Run: 21,996,085,248 bytes free
.
- - End Of File - - F422A5CB4E255B7187FBA1EAF60ABD75

---------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

I downloaded TDSSKiller to my desktop and it is not running. I tried to run it from normal mode as well as safe mode. I see the tdssskiller process in task manager but it immediately gets killed.

RogueKiller Scan

• Download RogueKiller and save it on your desktop.
  
• Quit all programs
  
• Start RogueKiller.exe.
  
• Wait until Prescan has finished ...
  
• Click on Scan
  

• Wait for the end of the scan.
  
• The report has been created on the desktop.
  
• Click on the Delete button.
  

• The report has been created on the desktop.
  

• Next click on the ShortcutsFix
  
  
  
• The report has been created on the desktop.
  

Please post:

All RKreport.txt text files located on your desktop.

RKreport[1]
=======================================
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : lalit [Admin rights]
Mode : Scan -- Date : 10/11/2012 09:31:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[TASK][SUSP PATH] {11992006-CE07-4FEC-B997-60DC13C5B4F7} : C:\Windows\System32\pcalua.exe -a "C:\Users\LalitMamta\Desktop\Softwares Source - Brij\Zip Genius\zgupd.exe" -d "C:\Users\LalitMamta\Desktop\Softwares Source - Brij\Zip Genius" -> FOUND
[TASK][SUSP PATH] {703350BB-D3DA-4D2F-952D-4D4EC4758924} : C:\Windows\System32\pcalua.exe -a "C:\Program Files\WinRAR\WinRAR.exe" -d C:\Users\LalitMamta\Desktop\Lalit2\Downloads -c "C:\Users\LalitMamta\Desktop\Lalit2\Downloads\MAnisha.rar" -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x830E1EE9 -> HOOKED (Unknown @ 0x899ADA88)
SSDT[14] : NtAlertThread @ 0x83047305 -> HOOKED (Unknown @ 0x899AD410)
SSDT[18] : NtAllocateVirtualMemory @ 0x8307EE68 -> HOOKED (Unknown @ 0x89AD0008)
SSDT[54] : NtConnectPort @ 0x8301884D -> HOOKED (Unknown @ 0x897568E8)
SSDT[67] : NtCreateMutant @ 0x83082F77 -> HOOKED (Unknown @ 0x899A5CE8)
SSDT[78] : NtCreateThread @ 0x830E0560 -> HOOKED (Unknown @ 0x899AB4F8)
SSDT[147] : NtFreeVirtualMemory @ 0x82EDDCE7 -> HOOKED (Unknown @ 0x89A055C0)
SSDT[156] : NtImpersonateAnonymousToken @ 0x83007257 -> HOOKED (Unknown @ 0x899A47C8)
SSDT[158] : NtImpersonateThread @ 0x83019980 -> HOOKED (Unknown @ 0x899AFF20)
SSDT[177] : NtMapViewOfSection @ 0x83070AFE -> HOOKED (Unknown @ 0x897D7058)
SSDT[184] : NtOpenEvent @ 0x83032451 -> HOOKED (Unknown @ 0x899A55B0)
SSDT[195] : NtOpenProcessToken @ 0x8305967B -> HOOKED (Unknown @ 0x89CEC070)
SSDT[202] : NtOpenThreadToken @ 0x83059E51 -> HOOKED (Unknown @ 0x899B8E80)
SSDT[282] : NtResumeThread @ 0x8304D924 -> HOOKED (Unknown @ 0x89A24D68)
SSDT[289] : NtSetContextThread @ 0x830E1233 -> HOOKED (Unknown @ 0x899A8CF0)
SSDT[305] : NtSetInformationProcess @ 0x83080A24 -> HOOKED (Unknown @ 0x899B2FD0)
SSDT[306] : NtSetInformationThread @ 0x8304EEB4 -> HOOKED (Unknown @ 0x899A8DF0)
SSDT[330] : NtSuspendProcess @ 0x830E1E23 -> HOOKED (Unknown @ 0x899A67D0)
SSDT[331] : NtSuspendThread @ 0x8309ECEA -> HOOKED (Unknown @ 0x899AC008)
SSDT[334] : NtTerminateProcess @ 0x8302F2F0 -> HOOKED (Unknown @ 0x8AC610F8)
SSDT[335] : NtTerminateThread @ 0x8305BAF3 -> HOOKED (Unknown @ 0x899ACA40)
SSDT[348] : NtUnmapViewOfSection @ 0x83071155 -> HOOKED (Unknown @ 0x899B0B68)
SSDT[358] : NtWriteVirtualMemory @ 0x8305A033 -> HOOKED (Unknown @ 0x89B36630)

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1646GSX ATA Device +++++
--- User ---
[MBR] 5a34a3dc833a5b7243be24e83730f3e6
[BSP] 258f7fe201a52df58eeaab3f062e5d2f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 151126 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 886f876c109ddbd10ad94da2b50350ac
[BSP] 258f7fe201a52df58eeaab3f062e5d2f : Windows Vista MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 151126 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312581792 | Size: 0 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

========================================
RKreport[2]
========================================
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : lalit [Admin rights]
Mode : Remove -- Date : 10/11/2012 09:31:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[TASK][SUSP PATH] {11992006-CE07-4FEC-B997-60DC13C5B4F7} : C:\Windows\System32\pcalua.exe -a "C:\Users\LalitMamta\Desktop\Softwares Source - Brij\Zip Genius\zgupd.exe" -d "C:\Users\LalitMamta\Desktop\Softwares Source - Brij\Zip Genius" -> DELETED
[TASK][SUSP PATH] {703350BB-D3DA-4D2F-952D-4D4EC4758924} : C:\Windows\System32\pcalua.exe -a "C:\Program Files\WinRAR\WinRAR.exe" -d C:\Users\LalitMamta\Desktop\Lalit2\Downloads -c "C:\Users\LalitMamta\Desktop\Lalit2\Downloads\MAnisha.rar" -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x830E1EE9 -> HOOKED (Unknown @ 0x899ADA88)
SSDT[14] : NtAlertThread @ 0x83047305 -> HOOKED (Unknown @ 0x899AD410)
SSDT[18] : NtAllocateVirtualMemory @ 0x8307EE68 -> HOOKED (Unknown @ 0x89AD0008)
SSDT[54] : NtConnectPort @ 0x8301884D -> HOOKED (Unknown @ 0x897568E8)
SSDT[67] : NtCreateMutant @ 0x83082F77 -> HOOKED (Unknown @ 0x899A5CE8)
SSDT[78] : NtCreateThread @ 0x830E0560 -> HOOKED (Unknown @ 0x899AB4F8)
SSDT[147] : NtFreeVirtualMemory @ 0x82EDDCE7 -> HOOKED (Unknown @ 0x89A055C0)
SSDT[156] : NtImpersonateAnonymousToken @ 0x83007257 -> HOOKED (Unknown @ 0x899A47C8)
SSDT[158] : NtImpersonateThread @ 0x83019980 -> HOOKED (Unknown @ 0x899AFF20)
SSDT[177] : NtMapViewOfSection @ 0x83070AFE -> HOOKED (Unknown @ 0x897D7058)
SSDT[184] : NtOpenEvent @ 0x83032451 -> HOOKED (Unknown @ 0x899A55B0)
SSDT[195] : NtOpenProcessToken @ 0x8305967B -> HOOKED (Unknown @ 0x89CEC070)
SSDT[202] : NtOpenThreadToken @ 0x83059E51 -> HOOKED (Unknown @ 0x899B8E80)
SSDT[282] : NtResumeThread @ 0x8304D924 -> HOOKED (Unknown @ 0x89A24D68)
SSDT[289] : NtSetContextThread @ 0x830E1233 -> HOOKED (Unknown @ 0x899A8CF0)
SSDT[305] : NtSetInformationProcess @ 0x83080A24 -> HOOKED (Unknown @ 0x899B2FD0)
SSDT[306] : NtSetInformationThread @ 0x8304EEB4 -> HOOKED (Unknown @ 0x899A8DF0)
SSDT[330] : NtSuspendProcess @ 0x830E1E23 -> HOOKED (Unknown @ 0x899A67D0)
SSDT[331] : NtSuspendThread @ 0x8309ECEA -> HOOKED (Unknown @ 0x899AC008)
SSDT[334] : NtTerminateProcess @ 0x8302F2F0 -> HOOKED (Unknown @ 0x8AC610F8)
SSDT[335] : NtTerminateThread @ 0x8305BAF3 -> HOOKED (Unknown @ 0x899ACA40)
SSDT[348] : NtUnmapViewOfSection @ 0x83071155 -> HOOKED (Unknown @ 0x899B0B68)
SSDT[358] : NtWriteVirtualMemory @ 0x8305A033 -> HOOKED (Unknown @ 0x89B36630)

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1646GSX ATA Device +++++
--- User ---
[MBR] 5a34a3dc833a5b7243be24e83730f3e6
[BSP] 258f7fe201a52df58eeaab3f062e5d2f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 151126 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 886f876c109ddbd10ad94da2b50350ac
[BSP] 258f7fe201a52df58eeaab3f062e5d2f : Windows Vista MBR Code [possible maxSST in 2!]
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 151126 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312581792 | Size: 0 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

================================================
RKreport[3]
================================================
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : lalit [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/11/2012 09:36:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 3 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 302 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 469 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : Root.MBR ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Good job!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  
• Click Start or wait for the scanner to load.
  
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, there are a couple of things to keep in mind:
  
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  
• Open the logfile from wherever you saved it
  
• Copy and paste the contents in your next reply.
  

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

ESET-Scan-Log.txt ==>

C:\Lalit\USB\Lalit\New Folder\SlowXPFix_setup.exe Win32/Adware.SlowXPFix application cleaned by deleting - quarantined
C:\Users\lalit\Downloads\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

Any other things ==>
Slow computer --- Yes

Error messages --- Malwarebytes Anti-Malware shows the following error message - IP-BLOCK 93.170.50.12 (Type: outgoing, Port: 50674, Process: svchost.exe)

Fake antivirus alerts or the icon in the system tray --- None

svchost.exe running at 100% --- No, I see several svchost.exe in the task manager with one of them using more than 100 MB memory.

System crashes or blue screen of death --- Last system crash (blue screen) was a week back, when I got this error, a file_recovery application started to run by itself at system startup and about 20 dialog boxes came indicating disk write failure and every file in the system got hidden

We're still dealing with the rootkit that's hiding in the lower part of the disk.


Please download Hitman Pro

• After the download completes please double click the program to run it.
  
• Accept the terms of the license agreement and click Next
  
• Let the scan run. It will not take long
  
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  
• Upload log.xml here for review please
  

avast! aswMBR

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Uncheck "Trace disk IO calls".
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.

• Once the scan finishes click Save log to save the log to your Desktop
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  
• Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.

The Hitman Pro logs -
=======================

I ran aswMBR.exe 2 times and both times my system crashed. Details for last crash -

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 16393

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 82F3115E
BCP3: DA6A9874
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1


Last edited by lalitgu on 15th October 2012, 5:02 am; edited 1 time in total (Reason for editing : adding more info)

We need to re-check the MBR, please do this:

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

• Double-click on MBRCheck.exe to run it.
  
• It will open a black window...please do not fix anything (if it gives you an option).
  
• When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  
• A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  
• Please copy and paste the contents of that log in your next reply.

MBRCheck logs -
=======================================
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A205
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 160):
0x82E1B000 \SystemRoot\system32\ntkrnlpa.exe
0x831D4000 \SystemRoot\system32\hal.dll
0x80609000 \SystemRoot\system32\kdcom.dll
0x80611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80671000 \SystemRoot\system32\PSHED.dll
0x80682000 \SystemRoot\system32\BOOTVID.dll
0x8068A000 \SystemRoot\system32\CLFS.SYS
0x806CB000 \SystemRoot\system32\CI.dll
0x83809000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83885000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83892000 \SystemRoot\system32\drivers\acpi.sys
0x838D8000 \SystemRoot\system32\drivers\WMILIB.SYS
0x838E1000 \SystemRoot\system32\drivers\msisadrv.sys
0x838E9000 \SystemRoot\system32\drivers\pci.sys
0x83910000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x8391A000 \SystemRoot\System32\drivers\partmgr.sys
0x83929000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8392C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x83936000 \SystemRoot\system32\drivers\volmgr.sys
0x83945000 \SystemRoot\System32\drivers\volmgrx.sys
0x8398F000 \SystemRoot\system32\drivers\intelide.sys
0x83996000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x839A4000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x839D1000 \SystemRoot\System32\drivers\mountmgr.sys
0x839E1000 \SystemRoot\system32\drivers\atapi.sys
0x807AB000 \SystemRoot\system32\drivers\ataport.SYS
0x839E9000 \SystemRoot\system32\drivers\msahci.sys
0x807C9000 \SystemRoot\system32\drivers\fltmgr.sys
0x83A03000 \SystemRoot\system32\drivers\fileinfo.sys
0x83A13000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83A1C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83A8D000 \SystemRoot\system32\drivers\ndis.sys
0x83B98000 \SystemRoot\system32\drivers\msrpc.sys
0x83BC3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B201000 \SystemRoot\System32\drivers\tcpip.sys
0x8B2EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B403000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B512000 \SystemRoot\system32\drivers\volsnap.sys
0x8B54B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8B550000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x8B59B000 \SystemRoot\System32\Drivers\spldr.sys
0x8B5A3000 \SystemRoot\System32\Drivers\mup.sys
0x8B5B2000 \SystemRoot\System32\drivers\ecache.sys
0x8B5D9000 \SystemRoot\system32\drivers\disk.sys
0x8B305000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B5EA000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B346000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B34F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90405000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x90A3C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90ADB000 \SystemRoot\System32\drivers\watchdog.sys
0x90AE8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90AF3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90B31000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90B40000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90B52000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90C03000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x90E32000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90E42000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90E50000 \SystemRoot\system32\drivers\tifm21.sys
0x90E9C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90EB6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90EBA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90ECD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90ED8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90F0A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90F0C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90F17000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x90F1C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90F35000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x90F38000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90F66000 \SystemRoot\system32\DRIVERS\storport.sys
0x90FA7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90FB2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90FC9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90FD4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90B76000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90B85000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90B99000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90BAE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90FF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90BBE000 \SystemRoot\system32\DRIVERS\ks.sys
0x90BE8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90BF2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B35E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B392000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90200000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8B3A3000 \SystemRoot\system32\drivers\portcls.sys
0x8B3D0000 \SystemRoot\system32\drivers\drmk.sys
0x91805000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x91921000 \SystemRoot\system32\drivers\modem.sys
0x9192E000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x91977000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x91988000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9238A000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x92393000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x923B5000 \SystemRoot\System32\Drivers\usbvideo.sys
0x923EB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9199F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x923F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x919AF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x923FB000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x923FC000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x919B8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x919C1000 \SystemRoot\System32\Drivers\Null.SYS
0x919C8000 \SystemRoot\System32\Drivers\Beep.SYS
0x919CF000 \SystemRoot\System32\drivers\vga.sys
0x919DB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x903F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B3F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B33B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA1A06000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA1A14000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xA1A1D000 \SystemRoot\system32\DRIVERS\tdx.sys
0xA1A33000 \SystemRoot\system32\DRIVERS\smb.sys
0xA1A47000 \SystemRoot\system32\drivers\afd.sys
0xA1A8F000 \SystemRoot\System32\DRIVERS\netbt.sys
0xA1AC1000 \SystemRoot\system32\drivers\ws2ifsl.sys
0xA1ACA000 \SystemRoot\system32\DRIVERS\pacer.sys
0xA1AE0000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA1AEE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA1B01000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xA1B2D000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xA1B93000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA1BCF000 \SystemRoot\system32\drivers\nsiproxy.sys
0xA240C000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA246B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA2489000 \SystemRoot\System32\Drivers\dfsc.sys
0xA24A0000 \SystemRoot\System32\Drivers\crashdmp.sys
0xA24AD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0xA24B8000 \SystemRoot\System32\Drivers\dump_msahci.sys
0xA9E70000 \SystemRoot\System32\win32k.sys
0xA24C2000 \SystemRoot\System32\drivers\Dxapi.sys
0xA24CC000 \SystemRoot\system32\DRIVERS\monitor.sys
0xAA090000 \SystemRoot\System32\TSDDD.dll
0xAA0B0000 \SystemRoot\System32\cdd.dll
0xA24DB000 \SystemRoot\system32\drivers\luafv.sys
0xA24F6000 \??\C:\Windows\system32\drivers\mbam.sys
0xA24FA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA250A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA2534000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA253E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA2551000 \SystemRoot\system32\drivers\spsys.sys
0xBD400000 \SystemRoot\system32\drivers\HTTP.sys
0xBD46D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xBD48A000 \SystemRoot\system32\DRIVERS\bowser.sys
0xBD4A3000 \SystemRoot\System32\drivers\mpsdrv.sys
0xBD4B8000 \SystemRoot\system32\drivers\mrxdav.sys
0xBD4D8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBD4F7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xBD530000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xBD548000 \SystemRoot\System32\DRIVERS\srv2.sys
0xBD570000 \SystemRoot\System32\DRIVERS\srv.sys
0xBF405000 \SystemRoot\system32\drivers\peauth.sys
0xBF4E3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xBF4ED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x92200000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121009.003\NAVEX15.SYS
0xBF523000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20121009.003\NAVENG.SYS
0xBF538000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77850000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
480 C:\Windows\System32\smss.exe
612 csrss.exe
656 csrss.exe
664 C:\Windows\System32\wininit.exe
704 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\services.exe
752 C:\Windows\System32\lsass.exe
772 C:\Windows\System32\lsm.exe
908 C:\Windows\System32\svchost.exe
952 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
996 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\audiodg.exe
1248 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\SLsvc.exe
1308 C:\Windows\System32\svchost.exe
1440 C:\Program Files\HitmanPro\hmpsched.exe
1452 C:\Windows\System32\svchost.exe
1584 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1760 C:\Windows\System32\wlanext.exe
1832 C:\Windows\System32\spoolsv.exe
1868 C:\Windows\System32\svchost.exe
268 C:\Windows\System32\agrsmsvc.exe
424 C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
488 C:\Program Files\Bonjour\mDNSResponder.exe
580 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
600 C:\Program Files\Symantec AntiVirus\DefWatch.exe
844 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2020 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
2152 C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
2168 C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
2208 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
2264 C:\Toshiba\IVP\ISM\pinger.exe
2276 C:\Windows\System32\IoctlSvc.exe
2288 C:\Windows\System32\svchost.exe
2300 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2320 C:\Windows\System32\rpcnet.exe
2380 C:\Toshiba\IVP\swupdate\swupdtmr.exe
2464 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2524 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2572 C:\Windows\System32\TODDSrv.exe
2612 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2696 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
2732 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2760 C:\Windows\System32\SearchIndexer.exe
3560 C:\Windows\System32\dwm.exe
3572 C:\Windows\explorer.exe
3616 C:\Program Files\HitmanPro\HitmanPro.exe
3636 C:\Windows\System32\taskeng.exe
3712 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
3960 C:\Windows\System32\taskeng.exe
2448 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
2440 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
1556 C:\Program Files\Real\RealPlayer\Update\realsched.exe
1340 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
3472 C:\Windows\System32\wbem\unsecapp.exe
1292 WmiPrvSE.exe
2992 C:\Program Files\Google\Chrome\Application\chrome.exe
4084 C:\Program Files\Google\Chrome\Application\chrome.exe
4056 C:\Program Files\Google\Chrome\Application\chrome.exe
3476 C:\Program Files\Google\Chrome\Application\chrome.exe
416 C:\Program Files\Google\Chrome\Application\chrome.exe
1288 C:\Program Files\Google\Chrome\Application\chrome.exe
4160 C:\Program Files\Google\Chrome\Application\chrome.exe
4340 C:\Program Files\Google\Chrome\Application\chrome.exe
4468 C:\Program Files\Google\Chrome\Application\chrome.exe
4532 C:\PROGRA~1\Webshots\webshots.scr
4944 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
4976 C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
5012 WmiPrvSE.exe
5060 C:\Windows\servicing\TrustedInstaller.exe
5928 C:\Program Files\Google\Chrome\Application\chrome.exe
5992 C:\Windows\System32\wbem\WMIADAP.exe
4380 C:\Windows\System32\wuauclt.exe
4144 C:\Users\lalit\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1646GSX, Rev: LB113M

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!

Now, another run-through. Check computer for any more issues, and let me know what's up.