[Need help cant remove Rootkit.0Access from computer :(]

I've decided to reformat my hard drive, my dad bought me windows 7 upgrade.

I have just one more question though if you have the answer. Do you know if I can do a clean install (format and install) from the windows 7 upgrade disc?

Or will I have to use the vista recovery discs to reformat and then install windows 7.

[Need help cant remove Rootkit.0Access from computer :(]

Now I cant boot into my computer after rebooting...

It runs through the start up but when it gets to the log in screen all I get is a blank black screen... I cant even boot it into safe mode. I'm doing a system restore now.

[Need help cant remove Rootkit.0Access from computer :(]

ComboFix 12-06-28.03 - Amitabh 07/01/2012 13:11:13.4.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2575 [GMT -7:00]

Running from: c:\users\Amitabh\Desktop\ComboFix.exe

Command switches used :: c:\users\Amitabh\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\SysWOW64\services.exe --> c:\windows\System32\services.exe

.

((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))

.

.

2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\Shalabh\AppData\Local\temp

2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\Mcx2\AppData\Local\temp

2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\Alpana\AppData\Local\temp

2012-06-29 18:55 . 2012-06-29 18:55 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-29 18:27 . 2012-06-29 18:27 -------- d-----w- c:\users\Amitabh\AppData\Local\Activision

2012-06-26 00:35 . 2012-06-26 00:35 -------- d-----w- c:\users\Shalabh\AppData\Local\Activision

2012-06-25 00:45 . 2012-06-25 00:45 -------- d-----w- c:\users\Amitabh\AppData\Roaming\NVIDIA

2012-06-24 03:35 . 2012-06-24 20:08 -------- d-----w- C:\AdobeTemp

2012-06-23 14:29 . 2012-06-23 14:29 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-21 06:26 . 2012-06-21 06:26 -------- d-----w- c:\users\Shalabh\A8B9466986544126BD28D0D2412CDED6.TMP

2012-06-21 00:08 . 2012-06-28 07:37 -------- d-----w- c:\users\Shalabh\AppData\Local\ApplicationHistory

2012-06-21 00:07 . 2012-06-21 00:07 -------- d-----w- c:\program files (x86)\Common Files\SpellEx

2012-06-21 00:04 . 2012-06-21 00:04 -------- d-----w- c:\windows\SysWow64\URTTEMP

2012-06-20 23:38 . 2012-06-20 23:38 -------- d-----w- c:\program files\DIFX

2012-06-20 23:38 . 2009-09-03 23:30 128512 ----a-w- c:\windows\system32\drivers\tiehdusb.sys

2012-06-20 23:37 . 2012-06-21 00:07 -------- d-----w- c:\program files (x86)\TI Education

2012-06-20 23:37 . 2012-06-21 00:07 -------- d-----w- c:\program files (x86)\Common Files\TI Shared

2012-06-19 16:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 16:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 16:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 16:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 16:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 16:15 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-19 16:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 16:15 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-19 16:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 16:15 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-19 16:15 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 16:15 . 2012-06-02 22:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-19 16:15 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-19 16:15 . 2012-06-02 22:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2012-06-13 21:36 . 2012-06-13 21:36 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-13 21:36 . 2012-06-13 21:36 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-03 21:24 . 2012-05-09 01:35 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-06-03 21:23 . 2010-11-27 01:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-06-03 20:41 . 2012-05-24 17:48 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2012-06-02 19:20 . 2012-06-02 19:20 -------- d-----w- c:\users\Shalabh\AppData\Roaming\IObit

2012-06-02 19:19 . 2012-06-02 19:19 -------- d-----w- c:\programdata\IObit

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 02:14 . 2012-04-05 00:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 02:14 . 2011-05-15 13:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-15 10:48 . 2012-03-15 02:05 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-03-15 02:05 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2011-11-18 20:50 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2011-11-18 20:50 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2011-06-12 00:54 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-05-15 10:48 . 2011-06-12 00:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2011-06-12 00:54 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 10:48 . 2011-06-12 00:54 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2011-06-12 00:54 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 09:29 . 2011-06-12 00:57 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2011-06-12 00:57 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2011-06-12 00:57 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2011-06-12 00:57 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2011-06-12 00:57 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-04-18 17:08 . 2012-03-15 02:05 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-04-04 22:56 . 2009-06-16 00:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-30_22.29.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-02-18 02:19 . 2012-07-01 16:16 29582 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1317974818-1678399554-1570300057-1001_UserData.bin

- 2008-02-18 02:19 . 2012-06-30 17:17 29582 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1317974818-1678399554-1570300057-1001_UserData.bin

- 2008-02-17 20:29 . 2012-06-30 13:16 22870 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1317974818-1678399554-1570300057-1000_UserData.bin

+ 2008-02-17 20:29 . 2012-07-01 13:26 22870 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1317974818-1678399554-1570300057-1000_UserData.bin

+ 2012-07-01 16:14 . 2012-07-01 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-30 17:15 . 2012-06-30 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-30 17:15 . 2012-06-30 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-01 16:14 . 2012-07-01 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2007-12-04 18:05 . 2012-07-01 16:16 104704 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2012-07-01 16:16 206170 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-02-17 20:25 . 2012-06-30 17:15 475136 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-02-17 20:25 . 2012-07-01 19:03 475136 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-02-11 09:16 . 2012-06-30 14:50 526600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-02-11 09:16 . 2012-07-01 14:47 526600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2008-02-17 20:25 . 2012-06-30 17:15 5144576 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-02-17 20:25 . 2012-07-01 19:03 5144576 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-05-09 04:02 . 2012-07-01 00:13 2385600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2008-05-09 04:02 . 2012-06-30 07:48 2385600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-04-11 06:32 . 2012-07-01 14:47 5027508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1317974818-1678399554-1570300057-1000-8192.dat

+ 2008-02-17 20:25 . 2012-07-01 19:03 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-02-17 20:25 . 2012-06-30 17:15 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-04-08 08:04 . 2012-07-01 07:22 63133672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1317974818-1678399554-1570300057-1001-8192.dat

+ 2011-10-31 07:55 . 2012-07-01 14:47 24284919 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1317974818-1678399554-1570300057-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BTBFirstRun"="c:\program files (x86)\Hewlett-Packard\SDP\hprun.exe" [2007-07-19 20480]

"googletalk"="c:\users\Amitabh\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-09 65536]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-18 1484856]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:14]

.

2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1000Core.job

- c:\users\Amitabh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 20:33]

.

2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1000UA.job

- c:\users\Amitabh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 20:33]

.

2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1001Core.job

- c:\users\Shalabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 16:58]

.

2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1001UA.job

- c:\users\Shalabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 16:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Shalabh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2007-10-25 5430272]

"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://cm.my.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: att.com

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.254

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Amitabh\AppData\Roaming\Mozilla\Firefox\Profiles\up9n5bpd.default\

FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]

"ImagePath"="\??\c:\program files (x86)\HP\DVDPlay\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-07-01 14:27:10

ComboFix-quarantined-files.txt 2012-07-01 21:27

ComboFix2.txt 2012-06-30 22:39

.

Pre-Run: 167,281,922,048 bytes free

Post-Run: 167,071,113,216 bytes free

.

- - End Of File - - F8788B3D96E30C3C9A61937CF07416E9

[Need help cant remove Rootkit.0Access from computer :(]

I have the 3 vista recovery disks that my computer made when I bought the computer yes.

----------------------------------

SystemLook 30.07.11 by jpshortstuff

Log created at 18:47 on 30/06/2012 by Amitabh

Administrator - Elevation successful

========== Filefind ==========

Searching for "Services.exe"

C:\Windows\System32\services.exe --a---- 384512 bytes [17:35 30/05/2009] [07:10 11/04/2009] BC81150939BD52DBC7A08C245F1FB229

C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [17:34 30/05/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_294799ef88bb616c\services.exe --a---- 389632 bytes [09:10 02/11/2006] [11:16 02/11/2006] 0A87F57DFC2C0EB9BBA8BE1C87BAFE1A

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [13:21 07/06/2008] [08:00 19/01/2008] DFAC660F0F139276CC9299812DE42719

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [17:35 30/05/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe --a---- 279552 bytes [12:21 02/11/2006] [09:45 02/11/2006] 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [13:19 07/06/2008] [07:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [17:34 30/05/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

-= EOF =-

[Need help cant remove Rootkit.0Access from computer :(]

Here is the combofix log, what should I do next?

---------------------------------------------------------------

ComboFix 12-06-28.03 - Amitabh 06/30/2012 12:58:45.3.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2191 [GMT -7:00]

Running from: c:\users\Amitabh\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Amitabh\Favorites\mxfilerelatedcache.mxc2

c:\users\Shalabh\Favorites\mxfilerelatedcache.mxc2

.

c:\windows\system32\Services.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))

.

.

2012-06-30 22:29 . 2012-06-30 22:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-30 22:29 . 2012-06-30 22:29 -------- d-----w- c:\users\Shalabh\AppData\Local\temp

2012-06-30 22:29 . 2012-06-30 22:29 -------- d-----w- c:\users\Mcx2\AppData\Local\temp

2012-06-30 22:29 . 2012-06-30 22:29 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-06-29 18:55 . 2012-06-29 18:55 -------- d-----w- C:\TDSSKiller_Quarantine

2012-06-29 18:27 . 2012-06-29 18:27 -------- d-----w- c:\users\Amitabh\AppData\Local\Activision

2012-06-26 00:35 . 2012-06-26 00:35 -------- d-----w- c:\users\Shalabh\AppData\Local\Activision

2012-06-25 00:45 . 2012-06-25 00:45 -------- d-----w- c:\users\Amitabh\AppData\Roaming\NVIDIA

2012-06-24 03:35 . 2012-06-24 20:08 -------- d-----w- C:\AdobeTemp

2012-06-23 14:29 . 2012-06-23 14:29 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-21 06:26 . 2012-06-21 06:26 -------- d-----w- c:\users\Shalabh\A8B9466986544126BD28D0D2412CDED6.TMP

2012-06-21 00:08 . 2012-06-28 07:37 -------- d-----w- c:\users\Shalabh\AppData\Local\ApplicationHistory

2012-06-21 00:07 . 2012-06-21 00:07 -------- d-----w- c:\program files (x86)\Common Files\SpellEx

2012-06-21 00:04 . 2012-06-21 00:04 -------- d-----w- c:\windows\SysWow64\URTTEMP

2012-06-20 23:38 . 2012-06-20 23:38 -------- d-----w- c:\program files\DIFX

2012-06-20 23:38 . 2009-09-03 23:30 128512 ----a-w- c:\windows\system32\drivers\tiehdusb.sys

2012-06-20 23:37 . 2012-06-21 00:07 -------- d-----w- c:\program files (x86)\TI Education

2012-06-20 23:37 . 2012-06-21 00:07 -------- d-----w- c:\program files (x86)\Common Files\TI Shared

2012-06-19 16:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 16:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 16:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 16:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 16:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 16:15 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-19 16:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 16:15 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-19 16:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 16:15 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-19 16:15 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 16:15 . 2012-06-02 22:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-19 16:15 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-19 16:15 . 2012-06-02 22:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2012-06-13 21:36 . 2012-06-13 21:36 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-13 21:36 . 2012-06-13 21:36 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-03 21:24 . 2012-05-09 01:35 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-06-03 21:23 . 2010-11-27 01:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-06-03 20:41 . 2012-05-24 17:48 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2012-06-02 19:20 . 2012-06-02 19:20 -------- d-----w- c:\users\Shalabh\AppData\Roaming\IObit

2012-06-02 19:19 . 2012-06-02 19:19 -------- d-----w- c:\programdata\IObit

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 02:14 . 2012-04-05 00:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 02:14 . 2011-05-15 13:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-15 10:48 . 2012-03-15 02:05 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-03-15 02:05 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2011-11-18 20:50 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2011-11-18 20:50 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2011-06-12 00:54 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-05-15 10:48 . 2011-06-12 00:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2011-06-12 00:54 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 10:48 . 2011-06-12 00:54 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2011-06-12 00:54 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 09:29 . 2011-06-12 00:57 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2011-06-12 00:57 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2011-06-12 00:57 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2011-06-12 00:57 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2011-06-12 00:57 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-04-18 17:08 . 2012-03-15 02:05 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-04-04 22:56 . 2009-06-16 00:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BTBFirstRun"="c:\program files (x86)\Hewlett-Packard\SDP\hprun.exe" [2007-07-19 20480]

"googletalk"="c:\users\Amitabh\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-09 65536]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-18 1484856]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:14]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1000Core.job

- c:\users\Amitabh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 20:33]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1000UA.job

- c:\users\Amitabh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 20:33]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1001Core.job

- c:\users\Shalabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 16:58]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1001UA.job

- c:\users\Shalabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 16:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Shalabh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Shalabh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Shalabh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Shalabh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2007-10-25 5430272]

"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://cm.my.yahoo.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

LSP: c:\windows\system32\wpclsp.dll

Trusted Zone: att.com

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.254

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Amitabh\AppData\Roaming\Mozilla\Firefox\Profiles\up9n5bpd.default\

FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]

"ImagePath"="\??\c:\program files (x86)\HP\DVDPlay\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-06-30 15:39:45

ComboFix-quarantined-files.txt 2012-06-30 22:39

.

Pre-Run: 168,491,253,760 bytes free

Post-Run: 168,349,458,432 bytes free

.

- - End Of File - - 675738E9DAA83E00203773B740229D66

[Need help cant remove Rootkit.0Access from computer :(]

I will run the scan again later today. However im begining to think i might have to reinstall windows at this rate.

So I want to ask.

Should I do a system restore? Would that work?

or

Should I format and reinstall Vista? (in the event I cant delete this trojan)

[Need help cant remove Rootkit.0Access from computer :(]

SystemLook 30.07.11 by jpshortstuff

Log created at 10:50 on 30/06/2012 by Amitabh

Administrator - Elevation successful

========== Filefind ==========

Searching for "ComboFix.txt"

C:\ComboFix\ComboFix.txt --a---- 555 bytes [00:44 30/06/2012] [00:44 30/06/2012] 7FAAEAA5935A8080B034A524287FED07

-= EOF =-

The log s ays its in a folder called Combofix... but there isnt a folder named that in my c drive. There is a file called combofix but when I click on that it just opens a screen that shows all my partitions and computer drives.

Also I have been runing rouge killer and deleting that file but everytime I reboot my computer it returns.

-------------------------------------------

I opened the Combofix.txt using the run command however this is all the file says

ComboFix 12-06-28.03 - Amitabh 06/29/2012 17:44:36.2.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2230 [GMT -7:00]

Running from: C:\Users\Amitabh\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

[Need help cant remove Rootkit.0Access from computer :(]

I managed to get combofix to run and finish successfully however it did not create a log file... it created a file in the C:\ directory called "combofix" Which I cannot seem to open. And it created a folder called Combofix23155c

But no where is there a combofix.txt file

Also another folder called Qoobox was created.

---------------------------------------------

I have attached the Rougekiller file again as you specified. As you can see from the log Im still having an infection at c:\windows\installer\{40cdcb9d-7b7f-904e-16b0-6d17c386ccc6}

Everytime I delete it and reboot the rootkit just comes back... do you think its a problem with my DNS perhaps?

RKreport13.txt

[Need help cant remove Rootkit.0Access from computer :(]

The log is still reading the same now after I rebooted,

it's still showing C:\Windows\Installer\{40cdcb9d-7b7f-904e-16b0-6d17c386ccc6}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

My new problem now is that I did as you stated above and ran it in safe mode. But now I get 2 errors.

First error: It tells me that McAfee is running and needs to be stopped. However in Safe mode Mcafee is not running at all. I even ran task manager and killed all the services and processes related to McAfee, but it still gives me the error

Second error: Combofix still runs however when the command prompt loads it says "attempting to run Combofix" But then under that it displays the error "You do not have administrative privlages to run this, please run in admin prompt."

I also tried right clicking and running as administrator but I still received the same error.

Why cant I run combofix? And the malware still seems to be on my PC.

[Need help cant remove Rootkit.0Access from computer :(]

Combofix wont seem to install on my computer. Ive disabled all malware and anti virus programs, saved it to desktop. But when I run the installer it freezes on output C:\32788R22FWJFW

Also after a few minutes it exits out of the installer and flashes a prompt screen saying warning, however I dont know what it says because the prompt screen disappears after 2 seconds. What is going on?

Also I ran Malwarebytes again and the Rootkit is still there... plus now an additional 4 malwares are being detected, but I think its detecting rougekiller as malware. Please help.

[Need help cant remove Rootkit.0Access from computer :(]

I have attached the log. What do I do next now?

TDSSKiller.2.7.43.0_29.06.2012_11.53.02_log.txt

[Need help cant remove Rootkit.0Access from computer :(]

I have attached the files and logs

Attach.txt

DDS.txt

RKreport2.txt

[Need help cant remove Rootkit.0Access from computer :(]

Also another question: Would doing a system restore solve the problem quickly? If I restored my computer to 2 weeks ago before the rootkit.

[Need help cant remove Rootkit.0Access from computer :(]

I ran malwarebytes scan about a week ago and thought I deleted it. Scanned again today and it was still there. I only really noticed it today because random music suddenly started playing on my computer. Multiple times even when I had no programs open. How can I get rid of it without having to reformat my whole system?

here is a log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.27.02

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Amitabh :: AMITABH-PC [administrator]

6/28/2012 10:08:12 PM

mbam-log-2012-06-28 (22-08-12).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 314127

Time elapsed: 11 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{40cdcb9d-7b7f-904e-16b0-6d17c386ccc6}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)