Jump to content

Recommended Posts

Hi, I sure could use the experts at Malwarebytes, I have many trojans and perhaps other problems. I have run the Malwarebytes program three times and it now comes back clear, but the machine will only boot in safe mode. I'm attaching the logs thus far for your perusal and expert opinion. I appreciate you folks being of assistance to me in getting this computer running again.

mbam-log-2011-03-26 (00-32-34).txt

mbam-log-2011-03-26 (00-57-42).txt

mbam-log-2011-03-27 (22-11-20).txt

Link to post
Share on other sites

Hello ,

And :welcome: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Please Download Rootkit Unhooker Save it to your desktop.

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hi, quite some malware showing up there, so lets start cleaning that. First of all, I suspect a rootkit, although I see no evidence, but to be sure, run the following.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hello, this version of the rootkit ran but nothing was found. It is pasted here as requested. I look forward to resolving this issue with your wonderful assistance.

2011/03/28 23:12:31.0390 1100 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/28 23:12:31.0671 1100 ================================================================================

2011/03/28 23:12:31.0671 1100 SystemInfo:

2011/03/28 23:12:31.0671 1100

2011/03/28 23:12:31.0671 1100 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/28 23:12:31.0671 1100 Product type: Workstation

2011/03/28 23:12:31.0671 1100 ComputerName: PC

2011/03/28 23:12:31.0671 1100 UserName: Bill

2011/03/28 23:12:31.0671 1100 Windows directory: C:\WINDOWS

2011/03/28 23:12:31.0671 1100 System windows directory: C:\WINDOWS

2011/03/28 23:12:31.0671 1100 Processor architecture: Intel x86

2011/03/28 23:12:31.0671 1100 Number of processors: 1

2011/03/28 23:12:31.0671 1100 Page size: 0x1000

2011/03/28 23:12:31.0671 1100 Boot type: Safe boot with network

2011/03/28 23:12:31.0671 1100 ================================================================================

2011/03/28 23:12:31.0937 1100 Initialize success

2011/03/28 23:12:59.0328 1176 ================================================================================

2011/03/28 23:12:59.0328 1176 Scan started

2011/03/28 23:12:59.0328 1176 Mode: Manual;

2011/03/28 23:12:59.0328 1176 ================================================================================

2011/03/28 23:13:02.0312 1176 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/28 23:13:02.0468 1176 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/03/28 23:13:02.0734 1176 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/03/28 23:13:02.0906 1176 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/28 23:13:03.0062 1176 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/03/28 23:13:04.0234 1176 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/28 23:13:04.0375 1176 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/03/28 23:13:04.0625 1176 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/28 23:13:04.0765 1176 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/28 23:13:04.0921 1176 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/28 23:13:05.0203 1176 BootScreen (490eb3a40a4566234b47de3bccbc6cea) C:\WINDOWS\System32\drivers\vidstub.sys

2011/03/28 23:13:05.0484 1176 BT848 (dd3d4c8721b6ff0ba267f733c1bb83a0) C:\WINDOWS\system32\drivers\BT848.sys

2011/03/28 23:13:05.0703 1176 btaudio (71f7c2e4c04b0f420486fef4382e3ddb) C:\WINDOWS\system32\drivers\btaudio.sys

2011/03/28 23:13:05.0875 1176 BTDriver (713e660b818ff2956e25f69d0f02b8db) C:\WINDOWS\system32\DRIVERS\btport.sys

2011/03/28 23:13:06.0062 1176 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

2011/03/28 23:13:06.0218 1176 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

2011/03/28 23:13:06.0406 1176 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

2011/03/28 23:13:06.0593 1176 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

2011/03/28 23:13:06.0859 1176 BTKRNL (bc86ab81c614ced5b60335fa6e5f89cd) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2011/03/28 23:13:07.0078 1176 BTSERIAL (79debcfa062a286225221fd58ac080f4) C:\WINDOWS\system32\drivers\btserial.sys

2011/03/28 23:13:07.0296 1176 BTSLBCSP (d7a556c2e58efd42324a3b5518691893) C:\WINDOWS\system32\drivers\btslbcsp.sys

2011/03/28 23:13:07.0468 1176 BTTUNER (5eda13e9634a8d4a0b8838a55f3db3c9) C:\WINDOWS\system32\drivers\BTTUNER.sys

2011/03/28 23:13:07.0687 1176 BTWDNDIS (d7a6f1b98b8482bb213495793a7c1605) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2011/03/28 23:13:07.0890 1176 btwmodem (8c97d4aa460c88188f0c162dedcbc487) C:\WINDOWS\system32\DRIVERS\btwmodem.sys

2011/03/28 23:13:08.0078 1176 BTWUSB (e5ceae42f3df70caeb2bf717e519ac67) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/03/28 23:13:08.0281 1176 BTXBAR (396660bb5805cf0166269db7d2215fe7) C:\WINDOWS\system32\drivers\BTXBAR.sys

2011/03/28 23:13:08.0406 1176 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/28 23:13:08.0546 1176 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/03/28 23:13:08.0812 1176 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/28 23:13:08.0937 1176 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/28 23:13:09.0109 1176 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/28 23:13:09.0968 1176 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/28 23:13:10.0156 1176 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/28 23:13:10.0359 1176 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/03/28 23:13:10.0500 1176 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/28 23:13:10.0656 1176 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/28 23:13:11.0078 1176 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/28 23:13:11.0359 1176 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/28 23:13:11.0515 1176 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/03/28 23:13:11.0640 1176 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/28 23:13:11.0765 1176 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/03/28 23:13:11.0921 1176 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/03/28 23:13:12.0140 1176 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS

2011/03/28 23:13:12.0375 1176 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/28 23:13:12.0484 1176 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/28 23:13:12.0609 1176 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/03/28 23:13:12.0859 1176 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/28 23:13:13.0125 1176 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/28 23:13:13.0437 1176 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/03/28 23:13:13.0625 1176 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/03/28 23:13:13.0796 1176 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/03/28 23:13:14.0000 1176 HSFHWBS2 (09180a69c5a967d7e296b3c1a886cf2a) C:\WINDOWS\system32\DRIVERS\USR_BSC2.sys

2011/03/28 23:13:14.0203 1176 HSF_DP (5cd143dfad49743c33e61350fe78fb97) C:\WINDOWS\system32\DRIVERS\USR_MDM.sys

2011/03/28 23:13:14.0406 1176 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/28 23:13:14.0828 1176 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/28 23:13:15.0000 1176 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/28 23:13:15.0437 1176 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/03/28 23:13:15.0562 1176 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/28 23:13:15.0718 1176 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/28 23:13:15.0859 1176 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/28 23:13:16.0062 1176 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/28 23:13:16.0359 1176 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/28 23:13:16.0906 1176 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/28 23:13:17.0359 1176 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys

2011/03/28 23:13:17.0890 1176 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/28 23:13:18.0453 1176 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/03/28 23:13:19.0000 1176 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/28 23:13:19.0406 1176 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/28 23:13:20.0515 1176 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\drivers\lccfltr.sys

2011/03/28 23:13:21.0171 1176 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/03/28 23:13:21.0859 1176 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys

2011/03/28 23:13:22.0375 1176 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/28 23:13:22.0609 1176 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/28 23:13:22.0937 1176 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/28 23:13:23.0218 1176 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/28 23:13:23.0562 1176 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/28 23:13:24.0250 1176 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/28 23:13:24.0640 1176 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/28 23:13:25.0296 1176 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/28 23:13:25.0937 1176 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/28 23:13:26.0328 1176 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/28 23:13:26.0625 1176 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/28 23:13:26.0875 1176 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/28 23:13:27.0031 1176 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/03/28 23:13:27.0187 1176 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/28 23:13:27.0328 1176 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/03/28 23:13:27.0546 1176 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/28 23:13:27.0703 1176 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/03/28 23:13:27.0843 1176 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/28 23:13:27.0968 1176 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/28 23:13:28.0093 1176 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/28 23:13:28.0218 1176 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/28 23:13:28.0375 1176 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/28 23:13:28.0562 1176 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/28 23:13:29.0218 1176 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/28 23:13:29.0421 1176 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/28 23:13:29.0703 1176 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/28 23:13:29.0953 1176 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/28 23:13:30.0109 1176 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/28 23:13:30.0484 1176 PalmUSBD (0be60fb345b04fad6125a1e27d111d08) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/03/28 23:13:30.0625 1176 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/03/28 23:13:30.0781 1176 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/28 23:13:31.0062 1176 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/28 23:13:31.0281 1176 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

2011/03/28 23:13:31.0421 1176 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/28 23:13:31.0671 1176 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/03/28 23:13:31.0984 1176 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/03/28 23:13:33.0125 1176 pgfilter (f219a12a0d3eaded880ca15664f05d7d) C:\Program Files\Tools\Torrents\PeerGuardian2\pgfilter.sys

2011/03/28 23:13:33.0375 1176 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys

2011/03/28 23:13:33.0578 1176 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/28 23:13:33.0734 1176 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/03/28 23:13:34.0046 1176 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/28 23:13:34.0234 1176 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/28 23:13:34.0406 1176 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/03/28 23:13:35.0156 1176 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/28 23:13:35.0296 1176 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/28 23:13:35.0484 1176 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/28 23:13:35.0625 1176 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/28 23:13:35.0781 1176 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/28 23:13:36.0093 1176 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/28 23:13:36.0265 1176 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/28 23:13:36.0468 1176 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/28 23:13:36.0640 1176 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

2011/03/28 23:13:36.0968 1176 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/28 23:13:37.0156 1176 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys

2011/03/28 23:13:37.0359 1176 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/03/28 23:13:37.0500 1176 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/03/28 23:13:37.0812 1176 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/28 23:13:38.0140 1176 SiS315 (c14863dece98b65195429df2dcc038bc) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2011/03/28 23:13:38.0359 1176 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2011/03/28 23:13:38.0484 1176 SiSGbeXP (ded793c377fa132912b4381043a4d554) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys

2011/03/28 23:13:38.0656 1176 SiSkp (c29363d5855c4b55012a31ef6436013c) C:\WINDOWS\system32\DRIVERS\srvkp.sys

2011/03/28 23:13:38.0796 1176 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/03/28 23:13:39.0000 1176 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys

2011/03/28 23:13:39.0281 1176 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/28 23:13:39.0406 1176 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/28 23:13:39.0625 1176 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/28 23:13:39.0843 1176 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

2011/03/28 23:13:40.0046 1176 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

2011/03/28 23:13:40.0234 1176 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

2011/03/28 23:13:40.0453 1176 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/03/28 23:13:40.0593 1176 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/28 23:13:40.0781 1176 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/28 23:13:41.0375 1176 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/28 23:13:41.0562 1176 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/28 23:13:41.0734 1176 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/03/28 23:13:41.0890 1176 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/28 23:13:42.0031 1176 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/28 23:13:42.0171 1176 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/28 23:13:42.0500 1176 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/03/28 23:13:42.0625 1176 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/28 23:13:42.0890 1176 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/28 23:13:43.0125 1176 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/03/28 23:13:43.0343 1176 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/03/28 23:13:43.0500 1176 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/28 23:13:43.0656 1176 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/28 23:13:43.0812 1176 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/03/28 23:13:43.0937 1176 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/28 23:13:44.0093 1176 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/28 23:13:44.0265 1176 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys

2011/03/28 23:13:44.0437 1176 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/28 23:13:44.0578 1176 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/28 23:13:44.0828 1176 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/28 23:13:45.0062 1176 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/28 23:13:45.0296 1176 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/28 23:13:45.0515 1176 winachsf (fe4e3c7df92cd8381f3e155d9a712812) C:\WINDOWS\system32\DRIVERS\HSF_USR.sys

2011/03/28 23:13:46.0046 1176 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/03/28 23:13:46.0218 1176 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/28 23:13:46.0390 1176 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/28 23:13:46.0890 1176 ================================================================================

2011/03/28 23:13:46.0890 1176 Scan finished

2011/03/28 23:13:46.0890 1176 ================================================================================

Link to post
Share on other sites

Hi, good that nothing was detected. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Here is ComboFix. I am unsure yet whether the computer will start properly. I am sure you have more tricks in the bag yet! Thank you so much once more!

ComboFix 11-03-28.05 - Bill 03/29/2011 15:39:25.1.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.696 [GMT -4:00]

Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Bill\Application Data\PriceGong

c:\documents and settings\Bill\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Bill\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Bill\Local Settings\Application Data\{6B076C22-F464-4EFB-BD65-3210A9B5B1A5}

c:\documents and settings\Bill\Local Settings\Application Data\{6B076C22-F464-4EFB-BD65-3210A9B5B1A5}\chrome.manifest

c:\documents and settings\Bill\Local Settings\Application Data\{6B076C22-F464-4EFB-BD65-3210A9B5B1A5}\chrome\content\_cfg.js

c:\documents and settings\Bill\Local Settings\Application Data\{6B076C22-F464-4EFB-BD65-3210A9B5B1A5}\chrome\content\overlay.xul

c:\documents and settings\Bill\Local Settings\Application Data\{6B076C22-F464-4EFB-BD65-3210A9B5B1A5}\install.rdf

c:\windows\system32\encapi32.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-29 )))))))))))))))))))))))))))))))

.

.

2011-03-26 04:40 . 2011-03-26 04:40 -------- d-----w- c:\windows\system32\wbem\Repository

2011-03-26 04:04 . 2011-03-26 04:04 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes

2011-03-26 04:04 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-26 04:04 . 2011-03-26 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-03-26 04:04 . 2011-03-26 04:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-26 04:04 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-25 01:37 . 2011-03-25 01:38 -------- d-----w- c:\program files\Common Files\Adobe

2011-03-25 01:28 . 2011-03-25 01:28 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-03-25 01:26 . 2011-03-25 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2011-03-25 01:26 . 2011-03-25 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2011-03-25 01:26 . 2011-03-25 01:26 -------- d-----w- c:\program files\NOS

2011-03-22 17:50 . 2011-03-25 01:14 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Conduit

2011-03-22 17:50 . 2011-03-22 17:50 -------- d-----w- c:\program files\Conduit

2011-03-22 17:50 . 2011-03-25 01:14 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\BitTorrentBar

2011-03-22 17:50 . 2011-03-22 17:50 -------- d-----w- c:\program files\BitTorrentBar

2011-03-09 19:24 . 2011-03-09 19:24 -------- d-----w- c:\documents and settings\Bill\Application Data\AnvSoft

2011-03-09 19:24 . 2011-03-09 19:49 -------- d-----w- c:\program files\Any Video Converter

2011-03-07 19:49 . 2011-03-07 19:49 -------- d-----w- c:\program files\ConvertHelper

2011-03-07 19:41 . 2011-03-07 19:41 -------- d-----w- c:\documents and settings\Bill\dwhelper

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-24 23:25 . 2009-11-10 12:04 172928 ----a-w- c:\windows\system32\drivers\vidstub.sys

2011-02-09 13:53 . 2003-03-31 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2003-03-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2009-11-07 19:30 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2009-11-07 19:30 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2003-03-31 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2003-03-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2003-03-31 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-01-27 04:11 . 2011-01-19 02:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2006-05-03 16:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 17:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 19:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 16:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2010-12-09 16:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-11-20 160592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2007-04-10 53248]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]

"BootSkin Startup Jobs"="c:\program files\Tools\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogoff"= 01000000

"NoSMMyPictures"= 01000000

"NoSMMyDocs"= 01000000

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonuiX.exe"

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reboot.exe

backup=c:\windows\pss\Reboot.exeCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Capture Remote Control.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TV Capture Remote Control.lnk

backup=c:\windows\pss\TV Capture Remote Control.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Bill^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Bill\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Bill^Start Menu^Programs^Startup^SonyPDA USB Switcher.lnk]

path=c:\documents and settings\Bill\Start Menu\Programs\Startup\SonyPDA USB Switcher.lnk

backup=c:\windows\pss\SonyPDA USB Switcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2009-03-05 23:41 98304 -c--a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 05:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 03:12 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-29 01:21 141600 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-11-12 03:07 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]

2004-03-18 14:33 892928 -c--a-w- c:\program files\Logitech\iTouch\iTouch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Apple Mobile Device"=2 (0x2)

"Bonjour Service"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

S2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [11/8/2009 2:56 AM 266180]

S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [11/8/2009 2:57 AM 18944]

S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [11/8/2009 2:58 AM 13308]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4/23/2010 9:27 PM 233472]

S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [3/31/2003 8:00 AM 14336]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/23/2010 9:27 PM 36608]

S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2010 5:26 PM 136176]

S3 Normandy;Normandy SR2; [x]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2010-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 21:26]

.

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 21:26]

.

2011-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-73586283-1897051121-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

.

2011-02-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-1897051121-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392

uInternet Settings,ProxyOverride = *.local

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: intuit.com\ttlc

FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\rwb404ic.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll

HKCU-Run-Jfucagogagimog - c:\windows\acedlgn.dll

HKLM-Run-Rhecuzafavin - c:\windows\ufoyamuz.dll

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-Jfucagogagimog - c:\windows\acedlgn.dll

MSConfigStartUp-LogonStudio - c:\program files\WinCustomize\LogonStudio\logonstudio.exe

MSConfigStartUp-Rhecuzafavin - c:\windows\ufoyamuz.dll

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

AddRemove-BootSkin - c:\progra~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE

AddRemove-LogonStudio - c:\progra~1\WINCUS~1\LOGONS~1\UNWISE.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-29 15:45

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1952)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2011-03-29 15:50:35 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-29 19:50

.

Pre-Run: 34,910,265,344 bytes free

Post-Run: 44,389,515,264 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 199E4FF5585F0B09589841CAD54BDB14

Link to post
Share on other sites

Hello and thanks for the rapid response. The machine will not boot to normal mode, I get the typical blue screen that says if you have loaded new hardware or software lately to remove it as it may be causing your machine not to start ETC. I then reboot to Safe Mode with Network ability and it seems to be 100%. All the programs seem to run OK and all files seem to be in place. I am anxious for your next procedure, thank you.

Link to post
Share on other sites

Lets see if we can find out a bit more about the BSOD. Also, please let me know exactly at which point it happens.

We Need to Diagnose Your BlueScreen

  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
    disableautomaticrestart.png
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    bsod_c.jpg

Please post me the error(s).

Link to post
Share on other sites

Hello, you are making me feel quite humble as you are a very nice person to help a stranger with a computer problem. Even though you may enjoy working with the sort of problems that occur, one would think it must get tiring. I hope you live your life as you do being the helping person that you are online. To the Blue Screen of Death; This fault happens right after bios does it's thing. It goes from the black screen with white letters of the bios, to a millisecond of black screen with white writing in the middle (not a DOS Prompt) might be a Windows thing, to the BSOD.

IRQL_NOT_LESS_OR_EQUAL

STOP: 0X000000A (0X1728FFFF, 0X00000002, 0X00000000, 0X80527F00)

Thank you so much for your work.

Link to post
Share on other sites

You must be at your work station currently. Yes the BSOD started the next bootup after the download which infected my computer. After the download, I continued to use the machine for several hours without any problems. Looking back at the files the download was 3-25-2011 and was disguised as an Adobe update and also with it was a genuine McAfee virus detection software. I say genuine in that it was listed and removed from my hardware list. I don't know if that helps, I am trying to give all the information I can.

Link to post
Share on other sites

Do you remember if McAfee detected anything and if so what?

At what point does the BSOD occur? How long do you see the windows splash screen, does the welcome wallpaper show up afterwards, or does the screen stay black for a short time before the BSOD comes up.

All this information can help us determine what is causing the BSOD and how to fix it. :)

Link to post
Share on other sites

Hello and thank you for helping. McAfee never ran, it was some way assimilated into what the virus came with. When I realized that what happened wasn't a real Adobe update, I began looking at things. I looked at installed programs and knew that McAfee was not a program I previously had and deleted it. There was no update listed for Adobe and I knew something wasn't right. After the bios runs, a very brief (millisecond) glimpse of a black screen with about two lines of type show I cannot recognize it but it is not a DOS screen or (prompt). There is no sign of anything Windows related just the BSOD. Nothing after the BSOD it just sits at the BSOD. Something new to startup now the black screen no longer shows up. With your request for further information, I started the machine a few times to see just what was going on. Not once did the black screen show up again. It is now just Bios then BSOD. I wish I had something more for you to work with! Sorry :(

Link to post
Share on other sites

Are you sue it wasn't a Java update? The latest Java update does come with the McAfee Security Scanner, which checks your computer's security status.

For now, please run the following scan.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

No sorry it was Adobe. Here is the ESET results

C:\Program Files\Tools\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined

C:\Program Files\VideoScavenger_1eEI\Installr\4.bin\1eEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

Thank you

Link to post
Share on other sites

Please click Start > Run, type devmgmt.msc and press enter.

Click the + sign in front of Display Adapters. Right click on the listed display adapter and select Disable. Now reboot in normal mode. Let me know if the BSOD still occurs or if anything has changed.

Link to post
Share on other sites

In that case lets run an additional scan to see what can be causing this.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the Quick Scan button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Thanks again, here are the OTL reports;

OTL Extras logfile created on: 4/2/2011 10:59:05 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bill\Start Menu\Programs\Accessories\Malware Removal

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.89 Gb Total Space | 41.24 Gb Free Space | 73.79% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Bill | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-73586283-1897051121-725345543-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping

"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping

"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe

"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software

"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{07473686-FC3A-4825-9CA9-97D269145F62}" = Motorola Phone Tools

"{079664E1-EEB7-4C84-983A-4033D62C3E83}" = 2100_Help

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK

"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2

"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices

"{32BEE0E2-AC9E-46EC-9282-07EFDF38AF78}" = 2100

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{39C16060-EAA2-012B-ADFC-000000000000}" = TurboTax 2009 wmiiper

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1

"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder

"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config

"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour

"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2

"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)

"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2010.build.42

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C14201FD-245D-4CA9-A582-47D842C6AC59}" = TurboTax 2010 wmiiper

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0

"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes

"{D8CEB09B-2586-46A9-BF26-F530E45B067D}" = 2100Tour

"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver

"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = PhoneTools

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{EF2AA69F-67E4-4721-89F9-04F4A177F9C5}" = Motorola Phone Tools

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

"7-Zip" = 7-Zip 4.65

"ActiveHome" = ActiveHome

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AI RoboForm" = AI RoboForm (All Users)

"AIM_7" = AIM 7

"Any Video Converter_is1" = Any Video Converter 3.2.0

"Audacity_is1" = Audacity 1.2.6

"AviSynth" = AviSynth 2.5

"BitTorrent" = BitTorrent

"BitTorrentBar Toolbar" = BitTorrentBar Toolbar

"conduitEngine" = Conduit Engine

"CreataCard Plus 2" = CreataCard Plus 2

"DVD Flick_is1" = DVD Flick 1.3.0.7

"ENTERPRISER" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]

"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81

"GENEUIDE" = USB Storage Driver

"HaaliMkx" = Haali Media Splitter

"HP Document Viewer" = HP Document Viewer 5.3

"HP Imaging Device Functions" = HP Imaging Device Functions 5.3

"HP OfficeJet-PSC Scrubber" = HP OfficeJet/PSC Scrubber

"HP Photo & Imaging" = HP Image Zone 5.3

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

"HPExtendedCapabilities" = HP Extended Capabilities 5.3

"ie8" = Windows Internet Explorer 8

"ImgBurn" = ImgBurn

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705

"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"PeerGuardian_is1" = PeerGuardian 2.0

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"SiS VGA Driver" = SiS VGA Utilities

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Spell Checker For OE 2.1" = Spell Checker For OE 2.1

"SUPER

Link to post
Share on other sites

I think I might have found the problem.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


Driver::
BootScreen

File::
C:\WINDOWS\Hhabukog.dat
C:\WINDOWS\System32\drivers\vidstub.sys
C:\WINDOWS\Fwuhexominopafeb.bin

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

I hope this is the fix! Thank you.

ComboFix 11-03-28.05 - Bill 04/03/2011 21:45:26.2.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1087.845 [GMT -4:00]

Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Bill\Desktop\CFScript.txt

.

- REDUCED FUNCTIONALITY MODE -

.

FILE ::

"c:\windows\Fwuhexominopafeb.bin"

"c:\windows\Hhabukog.dat"

"c:\windows\System32\drivers\vidstub.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\Fwuhexominopafeb.bin

c:\windows\Hhabukog.dat

c:\windows\System32\drivers\vidstub.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))

.

.

2011-04-02 02:53 . 2011-04-02 02:53 -------- d-----w- c:\program files\ESET

2011-03-26 04:40 . 2011-03-26 04:40 -------- d-----w- c:\windows\system32\wbem\Repository

2011-03-26 04:04 . 2011-03-26 04:04 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes

2011-03-26 04:04 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-26 04:04 . 2011-03-26 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-03-26 04:04 . 2011-03-26 04:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-03-26 04:04 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-25 01:37 . 2011-03-25 01:38 -------- d-----w- c:\program files\Common Files\Adobe

2011-03-25 01:28 . 2011-03-25 01:28 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-03-25 01:26 . 2011-03-25 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2011-03-25 01:26 . 2011-03-25 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2011-03-25 01:26 . 2011-03-25 01:26 -------- d-----w- c:\program files\NOS

2011-03-22 17:50 . 2011-03-25 01:14 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\Conduit

2011-03-22 17:50 . 2011-03-22 17:50 -------- d-----w- c:\program files\Conduit

2011-03-22 17:50 . 2011-03-25 01:14 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\BitTorrentBar

2011-03-22 17:50 . 2011-03-22 17:50 -------- d-----w- c:\program files\BitTorrentBar

2011-03-09 19:24 . 2011-03-09 19:24 -------- d-----w- c:\documents and settings\Bill\Application Data\AnvSoft

2011-03-09 19:24 . 2011-03-09 19:49 -------- d-----w- c:\program files\Any Video Converter

2011-03-07 19:49 . 2011-03-07 19:49 -------- d-----w- c:\program files\ConvertHelper

2011-03-07 19:41 . 2011-03-07 19:41 -------- d-----w- c:\documents and settings\Bill\dwhelper

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-09 13:53 . 2003-03-31 12:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53 . 2003-03-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 07:58 . 2009-11-07 19:30 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2009-11-07 19:30 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2003-03-31 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-07 14:09 . 2003-03-31 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-01-27 04:11 . 2011-01-19 02:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2006-05-03 16:06 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 17:47 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 19:30 216064 --sh--r- c:\windows\system32\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 16:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

2010-12-09 16:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-11-20 160592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-12 149280]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"SiSPower"="SiSPower.dll" [2007-04-10 53248]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Reboot.exe [2006-12-28 409088]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogoff"= 01000000

"NoSMMyPictures"= 01000000

"NoSMMyDocs"= 01000000

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonuiX.exe"

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Capture Remote Control.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TV Capture Remote Control.lnk

backup=c:\windows\pss\TV Capture Remote Control.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Bill^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\documents and settings\Bill\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Bill^Start Menu^Programs^Startup^SonyPDA USB Switcher.lnk]

path=c:\documents and settings\Bill\Start Menu\Programs\Startup\SonyPDA USB Switcher.lnk

backup=c:\windows\pss\SonyPDA USB Switcher.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 16:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]

2009-03-05 23:41 98304 -c--a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 00:12 110592 ------w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]

2004-04-26 21:21 270336 ----a-w- c:\program files\Tools\Stardock\WinCustomize\BootSkin\BootSkin.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-27 05:47 31016 -c--a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 03:12 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-10-29 01:21 141600 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2010-12-20 22:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Microsoft Office Groove Audit Service"=3 (0x3)

"iPod Service"=3 (0x3)

"IntuitUpdateService"=2 (0x2)

"gupdate"=3 (0x3)

"btwdins"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

S2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [11/8/2009 2:56 AM 266180]

S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [11/8/2009 2:57 AM 18944]

S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [11/8/2009 2:58 AM 13308]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [4/23/2010 9:27 PM 233472]

S2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [3/31/2003 8:00 AM 14336]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/23/2010 9:27 PM 36608]

S3 Normandy;Normandy SR2; [x]

S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/21/2010 5:26 PM 136176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2010-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 21:26]

.

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-21 21:26]

.

2011-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-73586283-1897051121-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

.

2011-02-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-1897051121-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392

uInternet Settings,ProxyOverride = *.local

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: intuit.com\ttlc

FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\rwb404ic.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-04-03 21:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2011-04-03 21:50:14

ComboFix-quarantined-files.txt 2011-04-04 01:50

ComboFix2.txt 2011-03-29 19:50

.

Pre-Run: 44,265,951,232 bytes free

Post-Run: 44,259,692,544 bytes free

.

- - End Of File - - EBC3D0A94AF0F59AE5CE86751AC95516

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.