Inactive Cannot remove malware

[h.tony]

ComboFix 14-07-17.03 - New 07/18/2014 19:52:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1881 [GMT -4:00]
Running from: c:\documents and settings\New\My Documents\Downloads\Programs\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\pptvsetup_3.3.2.0077_convert.exe.tpp
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Regedit.exe.exe
c:\windows\system32\wpcap.dll
c:\windows\wc98pp.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Legacy_NPF
-------\Legacy_XLDOCTOR_SERVICES
-------\Service_abp470n5
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-06-19 to 2014-07-19 )))))))))))))))))))))))))))))))
.
.
2014-07-18 20:30 . 2014-07-18 20:30 -------- d-----w- c:\documents and settings\New\Application Data\ImgBurn
2014-07-18 15:51 . 2014-07-18 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SystemRequirementsLab
2014-07-18 14:55 . 2014-07-18 14:48 880040 ----a-w- c:\windows\system32\npdeployJava1.dll
2014-07-18 14:55 . 2014-07-18 14:48 802728 ----a-w- c:\windows\system32\deployJava1.dll
2014-07-18 14:54 . 2014-07-18 14:54 -------- d-----w- c:\documents and settings\New\Application Data\Oracle
2014-07-18 14:54 . 2014-07-18 14:54 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Sun
2014-07-18 14:49 . 2014-07-18 14:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-18 14:38 . 2014-07-18 14:38 -------- d-----w- c:\windows\LastGood.Tmp
2014-07-18 14:37 . 2014-07-18 16:18 -------- d-----w- c:\documents and settings\New\Application Data\IDM
2014-07-18 14:37 . 2014-07-18 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\IDM
2014-07-18 14:37 . 2014-07-18 23:45 -------- d-----w- c:\documents and settings\New\Application Data\DMCache
2014-07-18 14:36 . 2014-07-18 14:37 -------- d-----w- c:\program files\Internet Download Manager
2014-07-18 14:15 . 2014-07-18 14:19 -------- d-----w- C:\FRST
2014-07-18 02:02 . 2014-07-18 02:02 -------- d-----w- c:\program files\ImgBurn
2014-07-13 14:57 . 2014-07-13 14:57 -------- d-----w- c:\program files\ESET
2014-07-13 01:19 . 2014-07-13 01:19 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Evernote
2014-07-13 01:18 . 2014-07-13 01:18 -------- d-----w- c:\program files\Evernote
2014-07-11 16:07 . 2014-07-11 16:07 -------- d-----w- c:\program files\Cheat Engine 6.4
2014-07-11 14:36 . 2014-07-11 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-07-11 03:04 . 2014-07-11 03:05 -------- d-----w- c:\documents and settings\New\Application Data\360Login
2014-07-11 03:04 . 2014-07-11 03:05 -------- d-----w- c:\documents and settings\New\Application Data\360CloudUI
2014-07-11 03:04 . 2014-07-11 03:04 -------- d-----w- c:\program files\360
2014-07-11 02:13 . 2014-07-11 02:13 -------- d-----w- c:\program files\Kap.ACTc
2014-07-10 16:36 . 2014-07-10 16:36 1409 ----a-w- c:\windows\system32\tmpF6D6A.FOT
2014-07-10 16:36 . 2014-07-10 16:36 1409 ----a-w- c:\windows\system32\tmpF4D6A.FOT
2014-07-10 16:36 . 2014-07-10 16:36 1409 ----a-w- c:\windows\system32\tmp04D6A.FOT
2014-07-10 16:36 . 2014-07-10 16:36 1409 ----a-w- c:\windows\system32\tmp02D6A.FOT
2014-07-10 15:24 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-10 15:23 . 2014-07-10 15:32 -------- d-----w- C:\AdwCleaner
2014-07-10 14:51 . 2014-06-09 08:40 121440 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2014-07-09 15:48 . 2014-07-09 15:48 1409 ----a-w- c:\windows\system32\tmp71C47.FOT
2014-07-09 15:48 . 2014-07-09 15:48 1409 ----a-w- c:\windows\system32\tmp70C47.FOT
2014-07-09 15:48 . 2014-07-09 15:48 1409 ----a-w- c:\windows\system32\tmp62C47.FOT
2014-07-09 15:48 . 2014-07-09 15:48 1409 ----a-w- c:\windows\system32\tmp8EB47.FOT
2014-07-08 17:57 . 2014-07-08 17:57 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\UWebKit151
2014-07-08 17:57 . 2014-07-08 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2014-07-07 17:17 . 2014-07-16 13:12 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-07 17:17 . 2014-07-11 02:11 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-07 17:17 . 2014-07-07 17:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-07 17:17 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-06 19:48 . 2014-07-06 19:48 1409 ----a-w- c:\windows\system32\tmp546EC.FOT
2014-07-06 19:48 . 2014-07-06 19:48 1409 ----a-w- c:\windows\system32\tmp536EC.FOT
2014-07-06 19:48 . 2014-07-06 19:48 1409 ----a-w- c:\windows\system32\tmp476EC.FOT
2014-07-06 19:48 . 2014-07-06 19:48 1409 ----a-w- c:\windows\system32\tmp466EC.FOT
2014-07-01 20:31 . 2014-07-01 22:58 -------- d-sh--r- c:\documents and settings\New\9p2garka7ur3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-18 14:48 . 2012-08-03 16:45 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-10 20:55 . 2013-07-03 15:41 262704 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 21:52 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\New\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\New\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\New\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\New\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-07-10 3931728]
.
c:\documents and settings\New\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\New\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33400136]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2014-6-17 1109344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"enableTaskMgr"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKLM\~\startupfolder\C:^Documents and Settings^New^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\New\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT ACR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPAP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4482ED119AA9951FC5D5053474B8E8995690963D._service_run]
2014-07-15 09:24 860488 ----a-w- c:\documents and settings\New\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-04-07 01:17 1028608 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2014-04-07 01:17 544256 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-10-09 15:53 4441920 -c--a-w- c:\documents and settings\New\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copy]
2014-06-19 13:54 13449872 ----a-w- c:\documents and settings\New\Application Data\Copy\CopyAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-04-06 23:22 189440 ----a-w- c:\documents and settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-12 13:20 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-04-07 01:17 223744 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-12 13:20 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\imscinst.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-12 13:21 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-12 13:21 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 17:00 24197928 -c--a-w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-04-07 01:17 1873408 -c--a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 18:31 81920 -c--a-w- c:\windows\system32\PCLECoInst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XLDoctor Services"=3 (0x3)
"RichVideo"=2 (0x2)
"PdiService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"npggsvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"DTSRVC"=2 (0x2)
"Bonjour Service"=3 (0x3)
"AdvancedSystemCareService6"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"= c:\\program files\\skype\\phone\\skype.exe
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Documents and Settings\\New\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Documents and Settings\\New\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe"=
"c:\\Documents and Settings\\New\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\New\\Desktop\\ACDSEE32.EXE"=
"c:\\Documents and Settings\\New\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DW20.EXE"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\ATH.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\SyncServer.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\AAM Updates Notifier.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceHelper.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\distnoted.exe"=
"c:\\Documents and Settings\\New\\Application Data\\Copy\\CopyAgent.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\system32\\xp_eos.exe"=
"c:\\AAA\\ACDSEE32.EXE"=
"c:\\Documents and Settings\\New\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Google\\Update\\1.3.24.15\\GoogleCrashHandler.exe"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_Plugin.exe"=
"c:\\Program Files\\Malwarebytes Anti-Malware\\mbam.exe"=
"c:\\PROGRA~1\\winrar\\winrar.exe"=
"c:\\Program Files\\Cheat Engine 6.4\\cheatengine-i386.exe"=
"c:\\Program Files\\Malwarebytes Anti-Malware\\mbamservice.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
"57496:TCP"= 57496:TCPando Media Booster
"57496:UDP"= 57496:UDPando Media Booster
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [7/10/2014 10:51 AM 121440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [7/7/2014 1:17 PM 1809720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [7/7/2014 1:17 PM 930104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/7/2014 1:17 PM 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [7/7/2014 1:17 PM 110296]
S0 cerc6;cerc6; [x]
S0 erdnrxx;erdnrxx;c:\windows\system32\drivers\mfpiix.sys --> c:\windows\system32\drivers\mfpiix.sys [?]
S3 EagleXNt;EagleXNt; [x]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 619496]
S3 vwwredzk;vwwredzk;vwwredzk.sys --> vwwredzk.sys [?]
S3 xofhsekc;xofhsekc; [x]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 PdiService;Portrait Displays SDK Service; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 14:22]
.
2014-07-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-06 21:52]
.
2014-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-20 23:29]
.
2014-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-20 23:29]
.
2014-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003Core.job
- c:\documents and settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-05-09 23:22]
.
2014-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003UA.job
- c:\documents and settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-05-09 23:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
Trusted Zone: gamerage.com\grandchase
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
txtfile=c:\windows\system32\notepad.exe "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-iFunBox Price Watch - c:\program files\iFunbox 2014\iFunBox2014.exe
c:\documents and settings\New\Start Menu\Programs\Startup\start.lnk - c:\documents and settings\New\9p2garka7ur3\69890.vbs
MSConfigStartUp-Advanced SystemCare 6 - c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
MSConfigStartUp-HP Component Manager - c:\program files\hp\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-iFunBox Price Watch - c:\program files\iFunbox 2014\iFunBox2014.exe
AddRemove-EXCEL - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-MathExam - c:\progra~1\Funny\MathExam\UNWISE.EXE
AddRemove-ONENOTE - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-POWERPOINT - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-PRJPRO - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-PUBLISHER - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-Sketchpad - c:\progra~1\SKETCH~1\UNWISE.EXE
AddRemove-VISPRO - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-WORD - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-18 20:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
c:\documents and settings\New\Application Data\Copy\overlay\Brt.dll
c:\documents and settings\New\Application Data\Copy\overlay\MSVCP110.dll
c:\documents and settings\New\Application Data\Copy\overlay\MSVCR110.dll
c:\documents and settings\New\Application Data\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\MsPMSPSv.exe
c:\documents and settings\New\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\TEMP\wtuql.exe
c:\windows\TEMP\winqgua.exe
c:\windows\TEMP\winaiylt.exe
c:\windows\TEMP\vvph.exe
.
**************************************************************************
.
Completion time: 2014-07-18 20:08:19 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-19 00:08
.
Pre-Run: 76,264,886,272 bytes free
Post-Run: 77,609,414,656 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A26C93AAF054A620842C01B52C781593
8F558EB6672622401DA993E1E865C861

 

[Superdave1941]

Any change?

 

[h.tony]

Task manager and Registry Tool are now enabled! Awesome! Thanks! I haven't tried booting up in safe mode yet but everything looks great. I will post if I find anything else

 

[Superdave1941]

Awesome. I will await more good news.

 

[h.tony]

Hmm, this is weird. Task manage was enabled for about 2-3 hours then got disabled again. This virus seems to keep coming back.

 

[Superdave1941]

Please run ComboFix again and see if anything is picked up.

 

[h.tony]

The second time I ran ComboFix

ComboFix 14-07-19.01 - New 07/20/2014 10:51:39.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2033 [GMT -4:00]
Running from: c:\documents and settings\New\My Documents\Downloads\Programs\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
((((((((((((((((((((((((( Files Created from 2014-06-20 to 2014-07-20 )))))))))))))))))))))))))))))))
.
.
2014-07-19 19:12 . 2014-07-19 19:12 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-19 19:12 . 2014-07-19 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2014-07-18 20:30 . 2014-07-18 20:30 -------- d-----w- c:\documents and settings\New\Application Data\ImgBurn
2014-07-18 15:51 . 2014-07-18 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SystemRequirementsLab
2014-07-18 14:55 . 2014-07-18 14:48 880040 ----a-w- c:\windows\system32\npdeployJava1.dll
2014-07-18 14:55 . 2014-07-18 14:48 802728 ----a-w- c:\windows\system32\deployJava1.dll
2014-07-18 14:54 . 2014-07-18 14:54 -------- d-----w- c:\documents and settings\New\Application Data\Oracle
2014-07-18 14:54 . 2014-07-18 14:54 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Sun
2014-07-18 14:49 . 2014-07-18 14:48 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-18 14:37 . 2014-07-19 23:21 -------- d-----w- c:\documents and settings\New\Application Data\IDM
2014-07-18 14:37 . 2014-07-18 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\IDM
2014-07-18 14:37 . 2014-07-20 14:49 -------- d-----w- c:\documents and settings\New\Application Data\DMCache
2014-07-18 14:36 . 2014-07-18 14:37 -------- d-----w- c:\program files\Internet Download Manager
2014-07-18 14:15 . 2014-07-18 14:19 -------- d-----w- C:\FRST
2014-07-18 02:02 . 2014-07-18 02:02 -------- d-----w- c:\program files\ImgBurn
2014-07-13 14:57 . 2014-07-13 14:57 -------- d-----w- c:\program files\ESET
2014-07-13 01:19 . 2014-07-13 01:19 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\Evernote
2014-07-13 01:18 . 2014-07-13 01:18 -------- d-----w- c:\program files\Evernote
2014-07-11 16:07 . 2014-07-11 16:07 -------- d-----w- c:\program files\Cheat Engine 6.4
2014-07-11 14:36 . 2014-07-11 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-07-11 03:04 . 2014-07-11 03:05 -------- d-----w- c:\documents and settings\New\Application Data\360Login
2014-07-11 03:04 . 2014-07-11 03:05 -------- d-----w- c:\documents and settings\New\Application Data\360CloudUI
2014-07-11 03:04 . 2014-07-11 03:04 -------- d-----w- c:\program files\360
2014-07-11 02:13 . 2014-07-11 02:13 -------- d-----w- c:\program files\Kap.ACTc
2014-07-10 16:36 . 2014-07-10 16:36 1409 ----a-w- c:\windows\system32\tmpF6D6A.FOT
2014-07-10 16:36 . 2014-07-10 16:36 1409 ----a-w- c:\windows\system32\tmpF4D6A.FOT
2014-07-10 16:36 . 2014-07-10 16:36 1409 ----a-w- c:\windows\system32\tmp04D6A.FOT
2014-07-10 16:36 . 2014-07-10 16:36 1409 ----a-w- c:\windows\system32\tmp02D6A.FOT
2014-07-10 15:24 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-10 15:23 . 2014-07-10 15:32 -------- d-----w- C:\AdwCleaner
2014-07-10 14:51 . 2014-06-09 08:40 121440 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2014-07-09 15:48 . 2014-07-09 15:48 1409 ----a-w- c:\windows\system32\tmp71C47.FOT
2014-07-09 15:48 . 2014-07-09 15:48 1409 ----a-w- c:\windows\system32\tmp70C47.FOT
2014-07-09 15:48 . 2014-07-09 15:48 1409 ----a-w- c:\windows\system32\tmp62C47.FOT
2014-07-09 15:48 . 2014-07-09 15:48 1409 ----a-w- c:\windows\system32\tmp8EB47.FOT
2014-07-08 17:57 . 2014-07-08 17:57 -------- d-----w- c:\documents and settings\New\Local Settings\Application Data\UWebKit151
2014-07-08 17:57 . 2014-07-08 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2014-07-07 17:17 . 2014-07-20 14:08 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-07 17:17 . 2014-07-11 02:11 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-07 17:17 . 2014-07-07 17:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-07 17:17 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-06 19:48 . 2014-07-06 19:48 1409 ----a-w- c:\windows\system32\tmp546EC.FOT
2014-07-06 19:48 . 2014-07-06 19:48 1409 ----a-w- c:\windows\system32\tmp536EC.FOT
2014-07-06 19:48 . 2014-07-06 19:48 1409 ----a-w- c:\windows\system32\tmp476EC.FOT
2014-07-06 19:48 . 2014-07-06 19:48 1409 ----a-w- c:\windows\system32\tmp466EC.FOT
2014-07-01 20:31 . 2014-07-01 22:58 -------- d-sh--r- c:\documents and settings\New\9p2garka7ur3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-18 14:48 . 2012-08-03 16:45 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-10 20:55 . 2013-07-03 15:41 262704 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-06 21:52 260976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1aCopyShExtError]
@="{83BEA36E-7680-4598-A4DF-994426F6E78D}"
[HKEY_CLASSES_ROOT\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2aCopyShExtSynced]
@="{845B7388-6F85-4F32-9FD5-F02DC7882B89}"
[HKEY_CLASSES_ROOT\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3aCopyShExtSyncing]
@="{F6378A7A-F753-449B-AE1B-997A96132E61}"
[HKEY_CLASSES_ROOT\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4aCopyShExtSyncingProg1]
@="{3A511828-777D-46F8-82F4-5B530C1B3D9E}"
[HKEY_CLASSES_ROOT\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5aCopyShExtSyncingProg2]
@="{C8C88204-5B14-40EC-BA72-8AEBC762047E}"
[HKEY_CLASSES_ROOT\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6aCopyShExtSyncingProg3]
@="{ACFF45C3-3EEB-4351-86C2-6696BA264239}"
[HKEY_CLASSES_ROOT\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7aCopyShExtSyncingProg4]
@="{29AF997F-488B-46F0-AE78-7146F1B89CC3}"
[HKEY_CLASSES_ROOT\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8aCopyShExtSyncingProg5]
@="{03F9AD29-1C78-4B66-8890-B177B5430C53}"
[HKEY_CLASSES_ROOT\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53}]
2014-06-12 02:15 3050496 ----a-w- c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\New\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\New\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\New\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\documents and settings\New\Application Data\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2014-07-10 3931728]
.
c:\documents and settings\New\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\New\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33400136]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2014-6-17 1178976]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"enableTaskMgr"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKLM\~\startupfolder\C:^Documents and Settings^New^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\New\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4482ED119AA9951FC5D5053474B8E8995690963D._service_run]
2014-07-15 09:24 860488 ----a-w- c:\documents and settings\New\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-04-07 01:17 1028608 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2014-04-07 01:17 544256 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-10-09 15:53 4441920 -c--a-w- c:\documents and settings\New\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copy]
2014-06-19 13:54 13449872 ----a-w- c:\documents and settings\New\Application Data\Copy\CopyAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-04-06 23:22 189440 ----a-w- c:\documents and settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-12 13:20 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-04-07 01:17 223744 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-12 13:20 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\imscinst.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-12 13:21 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-12 13:21 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-11 17:00 24197928 -c--a-w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-04-07 01:17 1873408 -c--a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
2006-11-06 18:31 81920 -c--a-w- c:\windows\system32\PCLECoInst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XLDoctor Services"=3 (0x3)
"RichVideo"=2 (0x2)
"PdiService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"npggsvc"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"MBAMService"=2 (0x2)
"MBAMScheduler"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"DTSRVC"=2 (0x2)
"Bonjour Service"=3 (0x3)
"AdvancedSystemCareService6"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"= c:\\program files\\skype\\phone\\skype.exe
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Documents and Settings\\New\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\EXCEL.EXE"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Documents and Settings\\New\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\WINDOWS\\system32\\igfxext.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe"=
"c:\\Documents and Settings\\New\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\New\\Desktop\\ACDSEE32.EXE"=
"c:\\Documents and Settings\\New\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\DW20.EXE"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\ATH.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\SyncServer.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\AAM Updates Notifier.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceHelper.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\distnoted.exe"=
"c:\\Documents and Settings\\New\\Application Data\\Copy\\CopyAgent.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\system32\\xp_eos.exe"=
"c:\\AAA\\ACDSEE32.EXE"=
"c:\\Documents and Settings\\New\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Google\\Update\\1.3.24.15\\GoogleCrashHandler.exe"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_Plugin.exe"=
"c:\\Program Files\\Malwarebytes Anti-Malware\\mbam.exe"=
"c:\\PROGRA~1\\winrar\\winrar.exe"=
"c:\\Program Files\\Cheat Engine 6.4\\cheatengine-i386.exe"=
"c:\\Program Files\\Malwarebytes Anti-Malware\\mbamservice.exe"=
"c:\\WINDOWS\\TEMP\\gelje.exe"=
"c:\\WINDOWS\\TEMP\\dpadfn.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
"57496:TCP"= 57496:TCPando Media Booster
"57496:UDP"= 57496:UDPando Media Booster
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [7/10/2014 10:51 AM 121440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [7/7/2014 1:17 PM 1809720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [7/7/2014 1:17 PM 930104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/7/2014 1:17 PM 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [7/7/2014 1:17 PM 110296]
S0 cerc6;cerc6; [x]
S0 erdnrxx;erdnrxx;c:\windows\system32\drivers\mfpiix.sys --> c:\windows\system32\drivers\mfpiix.sys [?]
S3 EagleXNt;EagleXNt; [x]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 619496]
S3 vwwredzk;vwwredzk;vwwredzk.sys --> vwwredzk.sys [?]
S3 xofhsekc;xofhsekc; [x]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 PdiService;Portrait Displays SDK Service; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ABP470N5
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 14:22]
.
2014-07-20 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-06 21:52]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-20 23:29]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-562591055-1801674531-1003Core.job
- c:\documents and settings\New\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-05-09 23:22]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
Trusted Zone: gamerage.com\grandchase
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
txtfile=c:\windows\system32\notepad.exe "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-20 11:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2120)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\documents and settings\New\Application Data\Copy\overlay\CopyShExt.dll
c:\documents and settings\New\Application Data\Copy\overlay\Brt.dll
c:\documents and settings\New\Application Data\Copy\overlay\MSVCP110.dll
c:\documents and settings\New\Application Data\Copy\overlay\MSVCR110.dll
c:\documents and settings\New\Application Data\Dropbox\bin\DropboxExt.22.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\New\Application Data\Dropbox\bin\Dropbox.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\TEMP\gelje.exe
c:\windows\TEMP\dpadfn.exe
.
**************************************************************************
.
Completion time: 2014-07-20 11:07:13 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-20 15:07
ComboFix2.txt 2014-07-19 00:08
.
Pre-Run: 76,055,117,824 bytes free
Post-Run: 77,121,912,832 bytes free
.
- - End Of File - - 836438C882B521878A2D24FD597BEA44
8F558EB6672622401DA993E1E865C861

 

[Superdave1941]

I have bad news if it is actually the Sality infection. Please read below.
Read about the Sality virus infection: This is the malware that exploits the .lnk vulnerability.
Sality is a family of file infecting viruses that spread by infecting exe and scr files. The virus also includes an autorun worm component that allows it to spread to any removable or discoverable drive. In addition, Sality includes a downloader trojan component that installs additional malware via the Web
It then creates and starts a service to load the driver. The driver blocks access to a variety of security software vendor web sites.The virus then disables security software services and ends security software processes. It also disables registry editing and the task manager.
Sality
Additional information about Sality:
Windows fails to correctly parse shortcut files, identified by the ".lnk" extension. The flaw has been exploited most frequently using USB flash drives. By crafting a malicious .lnk file, hackers can hijack a Windows PC with little user interaction: All that's necessary is that the user views the contents of the USB drive with a file manager like Windows Explorer.
Tests showed that the exploit works even when AutoRun and AutoPlay -- two functions that have previously been used by attackers to commandeer PCs using infected flash drives -- are disabled. The rootkit also bypasses all security mechanisms in Windows, including the User Account Control (UAC) prompts in Vista and Windows 7, ...
Worm is named Win32/Stuxnet.A.
Because of these actions, We recommend you do a reformat/reinstall. Attempts to clean this virus to include the backdoor capability usually fail.

 

[h.tony]

Hi there, after running combofix for the second time, the task manager problem seemed to be fixed. Do you have any other handy malware removal tools as I still suspect I have viruses on my PC. Thanks!

 

[Superdave1941]

Did you read the warning about Sality?

 

[h.tony]

Hi Dave
I did read on it but I do not think I have the sality virus. I did however run a Microsoft Windows Malicious software removal tool which took over 10 hours to scan and got over 5000 "infected files" on my first scan. Is this normal?

 

[Superdave1941]

This is very possible with this type of infection. It is self-replicating and if you ran it again, it would probably come up with a great amount again. At this point, wiping the drive and re-installing the OS is your safest bet.