Inactive Fake AV and IE Popups when running Firefox on Vista

Status
Not open for further replies.
W

wesatx2010

Hi,

Vista has IE popups when running Firefox, and a fake AV program was installed but MalwareBytes seems to have disabled that. Logs attached.

TIA

Robert

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5594

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/25/2011 10:38:14 AM
mbam-log-2011-01-25 (10-38-14).txt

Scan type: Quick scan
Objects scanned: 164442
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CL2GFOKBC9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-25 11:25:39
Windows 6.0.6001 Service Pack 1
Running: 7gwfe6vh.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e5db9e0
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e5db9e0 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADEB6F05-AA39-AB0E-D21E-2DD2648EEC1E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADEB6F05-AA39-AB0E-D21E-2DD2648EEC1E}@hakdjkbcckngaejg 0x6A 0x61 0x69 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADEB6F05-AA39-AB0E-D21E-2DD2648EEC1E}@iamdhdmgmjhkfbcndm 0x6B 0x61 0x70 0x67 ...

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Robert at 11:26:11.25 on Tue 01/25/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4092.1685 [GMT -6:00]

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\ScrumWorksBasic\bin\ScrumworksService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\DeskNotes 2.2.2\DeskNotes.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\dds\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = http=127.0.0.1:8592
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKNO~1.LNK - C:\Windows\Installer\{68CDF733-DD46-4462-A13C-CEED33BF36F5}\_02F552641734ACD485B5F1.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
LSA: Notification Packages = scecli DPPWDFLT
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\u0t90zfb.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\u0t90zfb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\u0t90zfb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-11-25 402992]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-11-25 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-11-25 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110125.001\IDSviA64.sys [2011-1-25 476792]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/24 10:28:14];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [2010-11-24 89088]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-25 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-25 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-11-25 83120]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
R2 MsDtsServer;SQL Server Integration Services;C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 MSOLAP$ABRAXAS;SQL Server Analysis Services (ABRAXAS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2005-10-14 14557912]
R2 MSSQL$ABRAXAS;SQL Server (ABRAXAS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-11-25 117640]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-2-12 365952]
R2 ReportServer$ABRAXAS;SQL Server Reporting Services (ABRAXAS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2007-2-10 17264]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-25 810320]
R2 ScrumWorks Basic;ScrumWorks Basic;C:\ScrumWorksBasic\bin\ScrumworksService.exe [2010-11-24 53248]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-11-18 721712]
R2 VisualSVNServer;VisualSVN Server;C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2010-7-13 23840]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-11-15 592120]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-2-12 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-10-23 128352]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-11-24 4745216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2008-9-24 58912]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008000.029\symndisv.sys [2010-11-25 56880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 msftesql$ABRAXAS;SQL Server FullText Search (ABRAXAS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2005-8-26 92880]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SQLAgent$ABRAXAS;SQL Server Agent (ABRAXAS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 318680]
S3 WMSvc;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2008-1-20 12288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-11-25 93184]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]

=============== Created Last 30 ================

2011-01-25 17:03:21 -------- d-----w- C:\dds
2011-01-25 16:36:09 -------- d-----w- C:\tfc
2011-01-25 16:35:41 -------- d-----w- C:\gmer
2011-01-25 15:58:16 -------- d-----w- C:\HijackThis
2011-01-25 15:38:30 -------- d-----r- C:\Program Files (x86)\Norton Support
2011-01-25 15:37:46 -------- d-----w- C:\Users\Robert\AppData\Local\Symantec
2011-01-25 11:23:08 209920 ----a-w- C:\Windows\Tvuria.exe
2011-01-25 08:10:01 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F6E9A286-D0F9-4BA8-A22B-6CF2DBD36508}\mpengine.dll
2011-01-24 23:27:49 49152 ----a-r- C:\Users\Robert\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2011-01-24 23:26:01 335872 ----a-r- C:\Users\Robert\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2011-01-24 23:22:42 57344 ----a-r- C:\Users\Robert\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-01-24 23:19:17 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
2011-01-24 23:18:53 -------- d-----w- C:\Program Files (x86)\Nikon
2011-01-24 22:49:44 -------- d-----w- C:\Users\Robert\Photos
2011-01-17 22:54:47 -------- d-----w- C:\tempVS
2011-01-16 22:27:46 -------- d-----w- C:\pebuilder3110a
2011-01-16 22:27:06 -------- d-----w- C:\DriveKey
2011-01-16 22:26:24 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-01-16 22:26:24 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-01-16 22:26:24 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-01-16 22:26:24 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-01-16 22:26:21 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-01-16 03:58:29 -------- d-----w- C:\Users\Robert\AppData\Local\Apps
2011-01-16 03:58:28 -------- d-----w- C:\Users\Robert\AppData\Local\Deployment
2011-01-14 23:21:31 -------- d-----w- C:\SvnBackup
2011-01-13 00:53:25 -------- d-----w- C:\Program Files (x86)\UMLStudio 8.0
2011-01-11 21:21:46 -------- d-----w- C:\bk0111
2011-01-11 05:58:47 -------- d-----w- C:\Program Files\Paint.NET
2011-01-11 05:58:11 -------- d-----w- C:\Users\Robert\AppData\Local\Paint.NET
2011-01-07 13:48:20 -------- d-----w- C:\Program Files\MediaCoder
2011-01-07 13:38:43 -------- d-----w- C:\Users\Robert\AppData\Local\Broad Intelligence
2011-01-07 13:38:36 -------- d-----w- C:\Users\Robert\AppData\Roaming\Broad Intelligence
2011-01-07 13:17:33 -------- d-----w- C:\Users\Robert\AppData\Roaming\AnvSoft
2011-01-04 10:40:33 -------- d-----w- C:\Password Manager
2011-01-01 11:48:53 -------- d-----w- C:\Users\Robert\AppData\Roaming\MB
2011-01-01 11:48:10 -------- d-----w- C:\Users\Robert\AppData\Local\MB
2011-01-01 11:46:20 -------- d-----w- C:\Program Files (x86)\DeskNotes 2.2.2

==================== Find3M ====================

2010-12-30 19:38:50 198656 ----a-w- C:\Windows\SysWow64\Comdlg32.ocx
2010-12-28 15:26:13 462848 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 14:57:35 409600 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-14 16:20:18 1251840 ----a-w- C:\Windows\System32\sdclt.exe
2010-11-29 23:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-27 00:39:34 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-11-25 09:25:30 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-11-25 09:24:53 583296 ----a-w- C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys
2010-11-25 09:24:53 334384 ----a-w- C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys
2010-11-24 18:34:12 1066544 ----a-w- C:\Windows\SysWow64\MFC71.dll
2010-11-15 18:38:14 130808 ----a-w- C:\Windows\SysWow64\vpnweb.ocx
2010-11-15 18:37:30 8952 ----a-w- C:\Windows\SysWow64\vpncategories.dll
2010-11-15 18:36:48 28920 ----a-w- C:\Windows\SysWow64\vpnevents.dll
2010-11-15 18:19:12 22752 ----a-w- C:\Windows\System32\drivers\vpnva64.sys
2010-11-06 11:10:13 357376 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-06 11:10:13 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-06 04:35:53 499712 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 04:35:30 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 04:35:30 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 04:35:16 854528 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-05 00:53:47 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-04 21:16:05 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-10-28 15:18:38 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-28 15:02:24 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-28 13:23:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-28 13:17:36 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-28 13:03:07 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-28 12:56:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

============= FINISH: 11:27:00.21 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2010 12:14:23 PM
System Uptime: 1/25/2011 10:40:19 AM (1 hours ago)

Motherboard: Quanta | | 3610
Processor: Intel(R) Core(TM)2 Quad CPU Q9100 @ 2.26GHz | CPU | 1600/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 239 GiB total, 58.05 GiB free.
D: is FIXED (NTFS) - 49 GiB total, 26.382 GiB free.
E: is FIXED (NTFS) - 11 GiB total, 1.778 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 346 GiB total, 66.533 GiB free.
H: is FIXED (NTFS) - 293 GiB total, 41.764 GiB free.
I: is FIXED (NTFS) - 293 GiB total, 19.425 GiB free.
J: is FIXED (NTFS) - 346 GiB total, 4.583 GiB free.
K: is FIXED (NTFS) - 293 GiB total, 103.306 GiB free.
L: is FIXED (NTFS) - 293 GiB total, 48.827 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva

==== System Restore Points ===================


==== Installed Programs ======================

aaa
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Cisco AnyConnect VPN Client
Conduit Engine
CyberLink DVD Suite
Dell Driver Download Manager
DeskNotes 2.2.2
DVD Flick 1.3.0.7
ESU for Microsoft Vista
File Uploader
GIMP 2.6.11
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP MediaSmart DVD
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Webcam
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Total Care Setup
HP Update
HP USB Disk Storage Format Tool
HP User Guides 0116
HP Wireless Assistant
HPAsset component for HP Active Support Library
HTML Help Workshop
IDT Audio
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller Driver
Juno Preloader
LabelPrint
Malwarebytes' Anti-Malware
MediaCoder x64 0.7.5.4799
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Live Search Toolbar
Microsoft Office 2003 Web Components
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (ABRAXAS)
Microsoft SQL Server 2005 Analysis Services (ABRAXAS)
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Notification Services
Microsoft SQL Server 2005 Reporting Services (ABRAXAS)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2005 Upgrade Advisor (English)
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
NetZero Preloader
Nikon Message Center
Norton Internet Security
NUnit 2.5.8
PE Builder 3.1.10a
PhotoNow!
Picture Control Utility
Power2Go
PowerDirector
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
ScrumWorks Basic Client
ScrumWorks Basic Server 1.8.4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Service Pack 2 for SQL Server Reporting Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Tools and Workstation Components 2005 ENU (KB921896)
Slingbox - Watch Your TV Anywhere
SlingPlayer
Spybot - Search & Destroy
UMLStudio 8.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)
ViewNX
Visual Studio 2005 Extensions for Windows Workflow Foundation
VisualSVN Server 2.1.3
VLC media player 0.9.2
Vuze
Vuze Remote Toolbar
Winamp
Windows Media Player Firefox Plugin
WinRAR archiver

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================================

You're running two AV programs, Avira and Norton.
One of them has to go.
If Norton, use this tool to remove it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP HDX18 Notebook PC
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 222):
0x02005000 \SystemRoot\system32\ntoskrnl.exe
0x02518000 \SystemRoot\system32\hal.dll
0x00602000 \SystemRoot\system32\kdcom.dll
0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00639000 \SystemRoot\system32\PSHED.dll
0x0064D000 \SystemRoot\system32\CLFS.SYS
0x006AA000 \SystemRoot\system32\CI.dll
0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F3000 \SystemRoot\system32\drivers\acpi.sys
0x00949000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00952000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095C000 \SystemRoot\system32\drivers\pci.sys
0x0098C000 \SystemRoot\system32\drivers\isapnp.sys
0x00995000 \SystemRoot\system32\drivers\mpio.sys
0x009B7000 \SystemRoot\System32\drivers\partmgr.sys
0x009CC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009D0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009DC000 \SystemRoot\system32\drivers\volmgr.sys
0x0075C000 \SystemRoot\System32\drivers\volmgrx.sys
0x009F0000 \SystemRoot\system32\drivers\intelide.sys
0x007C2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009F8000 \SystemRoot\system32\drivers\aliide.sys
0x00800000 \SystemRoot\system32\drivers\amdide.sys
0x007D2000 \SystemRoot\system32\drivers\cmdide.sys
0x007DA000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A08000 \SystemRoot\system32\drivers\msdsm.sys
0x00A26000 \SystemRoot\system32\drivers\nvraid.sys
0x00A49000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A75000 \SystemRoot\system32\drivers\pciide.sys
0x00A7C000 \SystemRoot\system32\drivers\viaide.sys
0x00A84000 \SystemRoot\system32\drivers\iastorv.sys
0x00B4B000 \SystemRoot\system32\drivers\atapi.sys
0x00B53000 \SystemRoot\system32\drivers\ataport.SYS
0x00B77000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x00B95000 \SystemRoot\system32\drivers\storport.sys
0x00BF2000 \SystemRoot\system32\drivers\msahci.sys
0x007ED000 \SystemRoot\system32\drivers\hpcisss.sys
0x00C02000 \SystemRoot\system32\drivers\adp94xx.sys
0x00C7B000 \SystemRoot\system32\drivers\adpahci.sys
0x00CD1000 \SystemRoot\system32\drivers\adpu160m.sys
0x00CF2000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x00D20000 \SystemRoot\system32\drivers\adpu320.sys
0x00D4F000 \SystemRoot\system32\drivers\djsvs.sys
0x00D67000 \SystemRoot\system32\drivers\arc.sys
0x00D80000 \SystemRoot\system32\drivers\arcsas.sys
0x00E05000 \SystemRoot\system32\drivers\elxstor.sys
0x00EA8000 \SystemRoot\system32\drivers\i2omp.sys
0x00EB3000 \SystemRoot\system32\drivers\iirsp.sys
0x00EC4000 \SystemRoot\system32\drivers\iteatapi.sys
0x00ED1000 \SystemRoot\system32\drivers\iteraid.sys
0x00EDE000 \SystemRoot\system32\drivers\lsi_fc.sys
0x00EFC000 \SystemRoot\system32\drivers\lsi_sas.sys
0x00F18000 \SystemRoot\system32\drivers\megasas.sys
0x00F24000 \SystemRoot\system32\drivers\megasr.sys
0x00FEB000 \SystemRoot\system32\drivers\mraid35x.sys
0x00D99000 \SystemRoot\system32\drivers\nfrd960.sys
0x00DA9000 \SystemRoot\system32\drivers\nvstor.sys
0x01000000 \SystemRoot\system32\drivers\ql2300.sys
0x01152000 \SystemRoot\system32\drivers\ql40xx.sys
0x011B0000 \SystemRoot\system32\drivers\sisraid2.sys
0x011BE000 \SystemRoot\system32\drivers\sisraid4.sys
0x011D4000 \SystemRoot\system32\drivers\symc8xx.sys
0x011E2000 \SystemRoot\system32\drivers\sym_hi.sys
0x011EF000 \SystemRoot\system32\drivers\sym_u3.sys
0x0120F000 \SystemRoot\system32\drivers\uliahci.sys
0x01258000 \SystemRoot\system32\drivers\ulsata.sys
0x01287000 \SystemRoot\system32\drivers\ulsata2.sys
0x012C9000 \SystemRoot\system32\drivers\vsmraid.sys
0x012F0000 \SystemRoot\system32\drivers\fltmgr.sys
0x01336000 \SystemRoot\system32\drivers\fileinfo.sys
0x0134A000 \SystemRoot\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS
0x01405000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0160A000 \SystemRoot\system32\drivers\ndis.sys
0x0148C000 \SystemRoot\system32\drivers\msrpc.sys
0x014DC000 \SystemRoot\system32\drivers\NETIO.SYS
0x01807000 \SystemRoot\System32\drivers\tcpip.sys
0x0197B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A0B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B8F000 \SystemRoot\system32\drivers\wd.sys
0x01B97000 \SystemRoot\system32\drivers\volsnap.sys
0x01BDB000 \SystemRoot\System32\Drivers\spldr.sys
0x01BE3000 \SystemRoot\system32\drivers\sbp2port.sys
0x019A7000 \SystemRoot\System32\Drivers\mup.sys
0x019B9000 \SystemRoot\System32\drivers\ecache.sys
0x01A00000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x017CD000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x019E5000 \SystemRoot\system32\drivers\disk.sys
0x017F6000 \SystemRoot\system32\drivers\crcdisk.sys
0x01561000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0156D000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x01576000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x019F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03007000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03A0D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03AEC000 \SystemRoot\System32\drivers\watchdog.sys
0x03AFB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03B07000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03B4D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03B5E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C0B000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x0409C000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x040CA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x040DC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x040EC000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x0410E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04124000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x04130000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0413E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04182000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04184000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04190000 \SystemRoot\system32\DRIVERS\enecir.sys
0x041AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x041C8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x041D1000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x041DD000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0x03B71000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x041F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03BA9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03BCC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03940000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03971000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03BE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0420E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x042A8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x042BA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x042BC000 \SystemRoot\system32\DRIVERS\ks.sys
0x042F0000 \SystemRoot\system32\DRIVERS\circlass.sys
0x04301000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0430C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0431C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04363000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04377000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0398F000 \SystemRoot\system32\DRIVERS\portcls.sys
0x039CA000 \SystemRoot\system32\DRIVERS\drmk.sys
0x043EB000 \SystemRoot\system32\drivers\ksthunk.sys
0x01589000 \SystemRoot\system32\drivers\nvhda64v.sys
0x043F1000 \SystemRoot\system32\DRIVERS\hidir.sys
0x039ED000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04200000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03C00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03A00000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07806000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS
0x07BBF000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x078A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07BF5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x078C0000 \SystemRoot\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS
0x078D4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x078DE000 \SystemRoot\System32\Drivers\Null.SYS
0x078E7000 \SystemRoot\System32\drivers\vga.sys
0x078F5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0791A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x07923000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0792C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x07937000 \SystemRoot\System32\Drivers\Npfs.SYS
0x07948000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x07951000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0796E000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS
0x079BA000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS
0x079CA000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS
0x0159D000 \SystemRoot\system32\DRIVERS\smb.sys
0x07C05000 \SystemRoot\system32\drivers\afd.sys
0x07C72000 \SystemRoot\System32\DRIVERS\netbt.sys
0x07CB6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x07CD4000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x07CDF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x07CEE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x07D09000 \??\C:\Windows\system32\Drivers\vmm.sys
0x07D56000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x07DA4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x07E04000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110125.001\IDSvia64.sys
0x07E7F000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x07EF5000 \SystemRoot\system32\drivers\csc.sys
0x07F6B000 \SystemRoot\System32\Drivers\dfsc.sys
0x08005000 \SystemRoot\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
0x08098000 \SystemRoot\system32\drivers\NISx64\1008000.029\BHDrvx64.sys
0x08111000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x08126000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x08136000 \SystemRoot\System32\Drivers\usbvideo.sys
0x08160000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x08605000 \SystemRoot\System32\Drivers\bthport.sys
0x086B3000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x086E4000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x086F1000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x08710000 \SystemRoot\system32\drivers\btwavdt.sys
0x0816E000 \SystemRoot\system32\drivers\btwaudio.sys
0x08780000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x08784000 \SystemRoot\System32\Drivers\crashdmp.sys
0x08792000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0879E000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x087A8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x087BB000 \SystemRoot\System32\drivers\Dxapi.sys
0x087C7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x087DA000 \SystemRoot\system32\drivers\luafv.sys
0x07F88000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0CA01000 \SystemRoot\system32\drivers\spsys.sys
0x0CA9B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0CAAF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0CAE3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0CAEE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0CB06000 \SystemRoot\system32\drivers\HTTP.sys
0x0CBA5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0CBCE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07FA5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07FBF000 \SystemRoot\system32\drivers\mrxdav.sys
0x07DB0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x013B1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07DD9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x015B8000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0D207000 \SystemRoot\System32\DRIVERS\srv.sys
0x0D29D000 \SystemRoot\system32\drivers\peauth.sys
0x0D353000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0D35E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0D36D000 \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x0D398000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x07A00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110125.003\EX64.SYS
0x0D3D4000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110125.003\ENG64.SYS
0x772C0000 \Windows\System32\ntdll.dll

Processes (total 92):
0 System Idle Process
4 System
536 C:\Windows\System32\smss.exe
652 csrss.exe
704 C:\Windows\System32\wininit.exe
724 csrss.exe
764 C:\Windows\System32\services.exe
776 C:\Windows\System32\lsass.exe
784 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\winlogon.exe
976 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\nvvsvc.exe
388 C:\Windows\System32\svchost.exe
632 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
352 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\stacsv64.exe
1152 C:\Windows\System32\audiodg.exe
1292 C:\Windows\System32\SLsvc.exe
1312 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\hpservice.exe
1524 C:\Windows\System32\rundll32.exe
1548 C:\Windows\System32\vfsFPService.exe
1656 C:\Windows\System32\svchost.exe
1736 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1924 C:\Windows\System32\spoolsv.exe
1948 C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
2036 C:\Windows\System32\svchost.exe
2132 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
2180 C:\Windows\System32\svchost.exe
2192 C:\Windows\System32\svchost.exe
2216 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2284 C:\Windows\System32\inetsrv\inetinfo.exe
2380 C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
2588 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
2600 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2620 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
2700 C:\Windows\System32\svchost.exe
2716 C:\Program Files (x86)\SMINST\BLService.exe
2936 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
3016 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
3052 C:\ScrumWorksBasic\bin\ScrumworksService.exe
1744 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2876 C:\Windows\System32\svchost.exe
3140 C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
3296 C:\Windows\System32\svchost.exe
3312 C:\Windows\System32\svchost.exe
3336 C:\Windows\System32\SearchIndexer.exe
3492 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3828 C:\Windows\System32\taskeng.exe
3860 VisualSVNServer.exe
4528 dllhost.exe
4552 WmiPrvSE.exe
4592 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
4680 C:\Windows\System32\taskeng.exe
4692 C:\Windows\System32\dwm.exe
4828 C:\Windows\explorer.exe
4492 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3000 C:\Program Files\IDT\WDM\sttray64.exe
4144 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
4624 C:\Program Files\Windows Defender\MSASCui.exe
4620 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3884 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
1144 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
4804 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
2140 C:\Program Files (x86)\DeskNotes 2.2.2\DeskNotes.exe
1480 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2888 C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
2008 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
5140 C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
5248 C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
5276 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
5344 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
5356 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
5404 C:\Program Files (x86)\Winamp\winampa.exe
5496 WmiPrvSE.exe
5828 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
5388 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
5636 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
5944 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4256 C:\Windows\System32\wbem\unsecapp.exe
6268 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
6472 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
6808 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
7044 C:\Windows\System32\wuauclt.exe
7016 C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
516 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
7140 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
3536 C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
2032 C:\Windows\System32\LogonUI.exe
6412 C:\Malware Cleanup\MBRCheck\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`ae300000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000047`e3300000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000056`64c00000 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x0000009f`a2c00000 (NTFS)
\\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\K: --> \\.\PhysicalDrive2 at offset 0x00000056`64d00000 (NTFS)
\\.\L: --> \\.\PhysicalDrive2 at offset 0x0000009f`a2d00000 (NTFS)

PhysicalDrive0 Model Number: ST9320421AS, Rev: HP14
PhysicalDrive1 Model Number: WDC WD1001FALS-00J7B1, Rev:
PhysicalDrive2 Model Number: WDC WD1001FALS-00J7B1, Rev:

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D
931 GB \\.\PhysicalDrive1 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive2 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

ComboFix 11-01-24.02 - Robert 01/25/2011 12:26:40.1.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4092.1793 [GMT -6:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
.

2011-01-25 18:12 . 2011-01-25 18:14 -------- d-----w- C:\Malware Cleanup
2011-01-25 15:38 . 2011-01-25 15:38 -------- d-----r- c:\program files (x86)\Norton Support
2011-01-25 15:37 . 2011-01-25 15:37 -------- d-----w- c:\users\Robert\AppData\Local\Symantec
2011-01-25 11:23 . 2011-01-25 10:47 209920 ----a-w- c:\windows\Tvuria.exe
2011-01-25 10:48 . 2011-01-25 10:48 -------- d-----w- c:\windows\Sun
2011-01-25 08:10 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E9A286-D0F9-4BA8-A22B-6CF2DBD36508}\mpengine.dll
2011-01-24 23:27 . 2011-01-24 23:27 49152 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2011-01-24 23:26 . 2011-01-24 23:26 335872 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2011-01-24 23:22 . 2011-01-24 23:22 57344 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-01-24 23:21 . 2011-01-24 23:21 -------- d-----w- c:\users\Robert\AppData\Roaming\Nikon
2011-01-24 23:19 . 2011-01-24 23:27 -------- d-----w- c:\program files (x86)\Common Files\Nikon
2011-01-24 23:18 . 2011-01-24 23:18 -------- d-----w- c:\program files (x86)\Nikon
2011-01-24 23:17 . 2011-01-24 23:17 -------- d-----w- c:\programdata\Ultima_T15
2011-01-24 23:17 . 2011-01-24 23:17 -------- d-----w- c:\programdata\EnterNHelp
2011-01-24 22:49 . 2011-01-24 22:54 -------- d-----w- c:\users\Robert\Photos
2011-01-17 22:54 . 2011-01-17 22:58 -------- d-----w- C:\tempVS
2011-01-16 22:27 . 2011-01-16 23:44 -------- d-----w- C:\pebuilder3110a
2011-01-16 22:27 . 2011-01-16 22:27 -------- d-----w- C:\DriveKey
2011-01-16 22:26 . 2001-09-05 10:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-01-16 22:26 . 2001-09-05 10:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-01-16 22:26 . 2001-09-05 10:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-01-16 22:26 . 2001-09-05 10:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-01-16 22:26 . 2001-09-05 09:24 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-01-16 03:58 . 2011-01-16 03:58 -------- d-----w- c:\users\Robert\AppData\Local\Apps
2011-01-16 03:58 . 2011-01-16 03:59 -------- d-----w- c:\users\Robert\AppData\Local\Deployment
2011-01-14 23:21 . 2011-01-15 00:20 -------- d-----w- C:\SvnBackup
2011-01-13 00:53 . 2011-01-13 00:53 -------- d-----w- c:\program files (x86)\UMLStudio 8.0
2011-01-11 21:21 . 2011-01-11 21:22 -------- d-----w- C:\bk0111
2011-01-11 05:58 . 2011-01-11 05:59 -------- d-----w- c:\program files\Paint.NET
2011-01-11 05:58 . 2011-01-11 06:01 -------- d-----w- c:\users\Robert\AppData\Local\Paint.NET
2011-01-07 13:48 . 2011-01-07 13:48 -------- d-----w- c:\program files\MediaCoder
2011-01-07 13:38 . 2011-01-07 13:54 -------- d-----w- c:\users\Robert\AppData\Local\Broad Intelligence
2011-01-07 13:38 . 2011-01-09 22:08 -------- d-----w- c:\users\Robert\AppData\Roaming\Broad Intelligence
2011-01-07 13:17 . 2011-01-07 13:17 -------- d-----w- c:\users\Robert\AppData\Roaming\AnvSoft
2011-01-04 10:40 . 2011-01-04 10:40 -------- d-----w- C:\Password Manager
2011-01-01 11:48 . 2011-01-01 11:48 -------- d-----w- c:\users\Robert\AppData\Roaming\MB
2011-01-01 11:48 . 2011-01-01 11:48 -------- d-----w- c:\users\Robert\AppData\Local\MB
2011-01-01 11:46 . 2011-01-01 11:46 -------- d-----w- c:\program files (x86)\DeskNotes 2.2.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-22 02:43 . 2010-12-02 20:18 165232 ---ha-w- c:\users\Robert\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-12-30 19:38 . 2001-05-21 17:46 198656 ----a-w- c:\windows\SysWow64\Comdlg32.ocx
2010-12-21 00:09 . 2010-12-11 03:43 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2010-12-11 03:43 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-25 09:25 . 2010-11-24 16:53 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-11-25 09:24 . 2010-11-25 09:24 583296 ----a-w- c:\windows\system32\drivers\NISx64\1008000.029\cchpx64.sys
2010-11-25 09:24 . 2010-11-25 09:24 334384 ----a-w- c:\windows\system32\drivers\NISx64\1008000.029\BHDrvx64.sys
2010-11-25 04:12 . 2010-11-25 04:12 5632 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{EFD31E4F-4EDA-4758-AAA7-8E625BA76A48}\nunit_icon.exe
2010-11-24 18:34 . 2009-02-12 09:28 1066544 ----a-w- c:\windows\SysWow64\MFC71.dll
2010-11-15 18:38 . 2010-11-15 18:38 130808 ----a-w- c:\windows\SysWow64\vpnweb.ocx
2010-11-15 18:37 . 2010-11-15 18:37 8952 ----a-w- c:\windows\SysWow64\vpncategories.dll
2010-11-15 18:36 . 2010-11-15 18:36 28920 ----a-w- c:\windows\SysWow64\vpnevents.dll
2010-11-15 18:19 . 2010-11-15 18:19 22752 ----a-w- c:\windows\system32\drivers\vpnva64.sys
2010-11-06 11:10 . 2010-12-15 20:44 357376 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-06 11:10 . 2010-12-15 20:44 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-06 04:35 . 2010-12-15 20:44 499712 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-06 04:35 . 2010-12-15 20:44 655872 ----a-w- c:\windows\system32\taskschd.dll
2010-11-06 04:35 . 2010-12-15 20:44 410112 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-06 04:35 . 2010-12-15 20:44 854528 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-05 00:53 . 2010-12-15 20:44 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-04 21:16 . 2010-12-15 20:44 267776 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:18 . 2010-12-15 20:47 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 15:02 . 2010-12-15 20:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-28 13:23 . 2010-12-15 20:47 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:17 . 2010-12-15 20:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-28 13:03 . 2010-12-15 20:47 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-10-28 12:56 . 2010-12-15 20:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-24 3908192]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-24 00:55 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-11-24 00:55 3908192 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-24 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-24 3908192]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2008-12-11 842816]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-02 202032]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2008-04-01 36352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856]
DeskNotes.lnk - c:\windows\Installer\{68CDF733-DD46-4462-A13C-CEED33BF36F5}\_02F552641734ACD485B5F1.exe [2011-1-1 209254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 msftesql$ABRAXAS;SQL Server FullText Search (ABRAXAS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2005-08-26 92880]
R3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [2008-01-21 3154432]
R3 SQLAgent$ABRAXAS;SQL Server Agent (ABRAXAS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 318680]
R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-21 12288]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2006-10-04 273408]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-09-23 4476096]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [2010-01-20 402992]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-11-25 334384]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [2010-11-25 583296]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110125.001\IDSvia64.sys [2010-11-23 476792]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/24 10:28];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 02:04 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [2008-06-27 89088]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-19 23040]
S2 MsDtsServer;SQL Server Integration Services;c:\program files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
S2 MSOLAP$ABRAXAS;SQL Server Analysis Services (ABRAXAS);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2005-10-14 14557912]
S2 MSSQL$ABRAXAS;SQL Server (ABRAXAS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952]
S2 ReportServer$ABRAXAS;SQL Server Reporting Services (ABRAXAS);c:\program files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2007-02-10 17264]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S2 ScrumWorks Basic;ScrumWorks Basic;c:\scrumworksbasic\bin\ScrumworksService.exe [2010-02-17 53248]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-11-18 721712]
S2 VisualSVNServer;VisualSVN Server;c:\program files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2010-07-13 23840]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-11-15 592120]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 64000]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 128352]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2008-08-28 4745216]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2008-09-25 58912]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [2010-01-20 56880]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"combofix"="c:\combofix\CF6861.cfxxe" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 15959584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 82464]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-17 1561384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8592
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\u0t90zfb.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray64.exe
HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-KB921896_RS9 - c:\windows\RS9_KB921896_ENU\Hotfix.exe
AddRemove-KB921896_SQLTools9 - c:\windows\SQLTools9_KB921896_ENU\Hotfix.exe
AddRemove-aaa - c:\windows\system32\javaws.exe
AddRemove-ScrumWorks Basic Client - c:\windows\system32\javaws.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql$ABRAXAS]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:ABRAXAS"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1626570519-558537335-2832409400-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADEB6F05-AA39-AB0E-D21E-2DD2648EEC1E}*]
"hakdjkbcckngaejg"=hex:6a,61,69,67,70,6f,70,6b,61,6f,64,70,64,66,6f,70,6c,67,
67,62,00,67
"iamdhdmgmjhkfbcndm"=hex:6b,61,70,67,6b,6f,65,61,66,62,66,67,63,64,63,63,66,6f,
68,6f,66,63,00,6f

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-01-25 12:47:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-25 18:47

Pre-Run: 63,232,708,608 bytes free
Post-Run: 62,615,089,152 bytes free

- - End Of File - - 9F434AA353B586E626882439C3AE68BC
 
We need to double check your MBR. It looks suspicious.

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Ultimate Edition Service Pack 1 (build 6001)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: b23e5cbb74b4fcefd775b490fc8131e6

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
We need to fix it.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.
 
Boots from CD. Allows me to proceed up to key board entry. After I accept the default English keyboard the program errors out and says cannot find CD-ROM drive.

CD burns and verifies correctly - I have tried a couple now. Boots fine. I a;lso removed all peripherals. No joy.
 
Let's try different method...

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:
setup-option.jpg


Windows 7 users. At first screen click on Install now:
25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

Select your language and click next:
25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

Click the button for "Use recovery tools":
25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png


The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.
 
ok boot rec is fixed now.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP HDX18 Notebook PC
Logical Drives Mask: 0x00000ffc

Kernel Drivers (total 222):
0x02054000 \SystemRoot\system32\ntoskrnl.exe
0x0200E000 \SystemRoot\system32\hal.dll
0x00601000 \SystemRoot\system32\kdcom.dll
0x0060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00638000 \SystemRoot\system32\PSHED.dll
0x0064C000 \SystemRoot\system32\CLFS.SYS
0x006A9000 \SystemRoot\system32\CI.dll
0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F0000 \SystemRoot\system32\drivers\acpi.sys
0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys
0x00959000 \SystemRoot\system32\drivers\pci.sys
0x00989000 \SystemRoot\system32\drivers\isapnp.sys
0x00992000 \SystemRoot\system32\drivers\mpio.sys
0x009B4000 \SystemRoot\System32\drivers\partmgr.sys
0x009C9000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009CD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009D9000 \SystemRoot\system32\drivers\volmgr.sys
0x0075B000 \SystemRoot\System32\drivers\volmgrx.sys
0x009ED000 \SystemRoot\system32\drivers\intelide.sys
0x007C1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009F5000 \SystemRoot\system32\drivers\aliide.sys
0x00800000 \SystemRoot\system32\drivers\amdide.sys
0x007D1000 \SystemRoot\system32\drivers\cmdide.sys
0x007D9000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A07000 \SystemRoot\system32\drivers\msdsm.sys
0x00A25000 \SystemRoot\system32\drivers\nvraid.sys
0x00A48000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A74000 \SystemRoot\system32\drivers\pciide.sys
0x00A7B000 \SystemRoot\system32\drivers\viaide.sys
0x00A83000 \SystemRoot\system32\drivers\iastorv.sys
0x00B4A000 \SystemRoot\system32\drivers\atapi.sys
0x00B52000 \SystemRoot\system32\drivers\ataport.SYS
0x00B76000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x00B94000 \SystemRoot\system32\drivers\storport.sys
0x00BF1000 \SystemRoot\system32\drivers\msahci.sys
0x007EC000 \SystemRoot\system32\drivers\hpcisss.sys
0x00C0C000 \SystemRoot\system32\drivers\adp94xx.sys
0x00C85000 \SystemRoot\system32\drivers\adpahci.sys
0x00CDB000 \SystemRoot\system32\drivers\adpu160m.sys
0x00CFC000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x00D2A000 \SystemRoot\system32\drivers\adpu320.sys
0x00D59000 \SystemRoot\system32\drivers\djsvs.sys
0x00D71000 \SystemRoot\system32\drivers\arc.sys
0x00D8A000 \SystemRoot\system32\drivers\arcsas.sys
0x00E0F000 \SystemRoot\system32\drivers\elxstor.sys
0x00EB2000 \SystemRoot\system32\drivers\i2omp.sys
0x00EBD000 \SystemRoot\system32\drivers\iirsp.sys
0x00ECE000 \SystemRoot\system32\drivers\iteatapi.sys
0x00EDB000 \SystemRoot\system32\drivers\iteraid.sys
0x00EE8000 \SystemRoot\system32\drivers\lsi_fc.sys
0x00F06000 \SystemRoot\system32\drivers\lsi_sas.sys
0x00F22000 \SystemRoot\system32\drivers\megasas.sys
0x00F2E000 \SystemRoot\system32\drivers\megasr.sys
0x00E00000 \SystemRoot\system32\drivers\mraid35x.sys
0x00DA3000 \SystemRoot\system32\drivers\nfrd960.sys
0x00DB3000 \SystemRoot\system32\drivers\nvstor.sys
0x0100C000 \SystemRoot\system32\drivers\ql2300.sys
0x0115E000 \SystemRoot\system32\drivers\ql40xx.sys
0x011BC000 \SystemRoot\system32\drivers\sisraid2.sys
0x011CA000 \SystemRoot\system32\drivers\sisraid4.sys
0x011E0000 \SystemRoot\system32\drivers\symc8xx.sys
0x011EE000 \SystemRoot\system32\drivers\sym_hi.sys
0x00DC3000 \SystemRoot\system32\drivers\sym_u3.sys
0x01209000 \SystemRoot\system32\drivers\uliahci.sys
0x01252000 \SystemRoot\system32\drivers\ulsata.sys
0x01281000 \SystemRoot\system32\drivers\ulsata2.sys
0x012C3000 \SystemRoot\system32\drivers\vsmraid.sys
0x012EA000 \SystemRoot\system32\drivers\fltmgr.sys
0x01330000 \SystemRoot\system32\drivers\fileinfo.sys
0x01344000 \SystemRoot\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS
0x01404000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01602000 \SystemRoot\system32\drivers\ndis.sys
0x0148B000 \SystemRoot\system32\drivers\msrpc.sys
0x014DB000 \SystemRoot\system32\drivers\NETIO.SYS
0x01806000 \SystemRoot\System32\drivers\tcpip.sys
0x0197A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B8D000 \SystemRoot\system32\drivers\wd.sys
0x01B95000 \SystemRoot\system32\drivers\volsnap.sys
0x01BD9000 \SystemRoot\System32\Drivers\spldr.sys
0x01BE1000 \SystemRoot\system32\drivers\sbp2port.sys
0x019A6000 \SystemRoot\System32\Drivers\mup.sys
0x019B8000 \SystemRoot\System32\drivers\ecache.sys
0x019E4000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x017C5000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01533000 \SystemRoot\system32\drivers\disk.sys
0x019EE000 \SystemRoot\system32\drivers\crcdisk.sys
0x01570000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0157C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x01BFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0300A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03A09000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03AE8000 \SystemRoot\System32\drivers\watchdog.sys
0x03AF7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03B03000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03B49000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03B5A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C0B000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
0x0409C000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x040CA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x040DC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x040EC000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x0410E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04124000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x04130000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0413E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04182000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04184000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04190000 \SystemRoot\system32\DRIVERS\enecir.sys
0x041AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x041C8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x041D1000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x041DD000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
0x03B6D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x041F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03BA5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03BC8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03943000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BD4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03974000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03BE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04200000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x0429A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x042AC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x042AE000 \SystemRoot\system32\DRIVERS\ks.sys
0x042E2000 \SystemRoot\system32\DRIVERS\circlass.sys
0x042F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x042FE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0430E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04355000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04369000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x03992000 \SystemRoot\system32\DRIVERS\portcls.sys
0x043DD000 \SystemRoot\system32\DRIVERS\drmk.sys
0x03C00000 \SystemRoot\system32\drivers\ksthunk.sys
0x039CD000 \SystemRoot\system32\drivers\nvhda64v.sys
0x039E1000 \SystemRoot\system32\DRIVERS\hidir.sys
0x039EC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03A00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03000000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0158F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07A07000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS
0x07C0B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110127.032\EX64.SYS
0x07DC5000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x07A85000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110127.032\ENG64.SYS
0x07AA5000 \SystemRoot\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS
0x07C00000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x07AB9000 \SystemRoot\System32\Drivers\Null.SYS
0x07AC2000 \SystemRoot\System32\drivers\vga.sys
0x07AD0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x07AF5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07B11000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x07B1A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x07B23000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07B2C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x07B37000 \SystemRoot\System32\Drivers\Npfs.SYS
0x07B48000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x07B51000 \SystemRoot\system32\DRIVERS\tdx.sys
0x07B6E000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS
0x07BBA000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS
0x07BCA000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS
0x0159A000 \SystemRoot\system32\DRIVERS\smb.sys
0x08002000 \SystemRoot\system32\drivers\afd.sys
0x0806F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x080B3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x080D1000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x080DC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x080EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x08106000 \??\C:\Windows\system32\Drivers\vmm.sys
0x08153000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x081A1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0820E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110127.001\IDSvia64.sys
0x08289000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x082FF000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x08324000 \SystemRoot\system32\drivers\csc.sys
0x0839A000 \SystemRoot\System32\Drivers\dfsc.sys
0x08402000 \SystemRoot\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
0x08495000 \SystemRoot\system32\drivers\NISx64\1008000.029\BHDrvx64.sys
0x084EC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x08501000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0852B000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x0853B000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x08549000 \SystemRoot\System32\Drivers\bthport.sys
0x083B7000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x083E8000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x081AD000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x08A0F000 \SystemRoot\system32\drivers\btwavdt.sys
0x08A7F000 \SystemRoot\system32\drivers\btwaudio.sys
0x08B03000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x08B07000 \SystemRoot\System32\Drivers\crashdmp.sys
0x08B15000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x08B21000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x08B2B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x08B3E000 \SystemRoot\System32\drivers\Dxapi.sys
0x08B4A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x006A0000 \SystemRoot\System32\cdd.dll
0x08B5D000 \SystemRoot\system32\drivers\luafv.sys
0x0CE02000 \SystemRoot\system32\drivers\spsys.sys
0x0CE9C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0CEB0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0CEE4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0CEEF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0CF07000 \SystemRoot\system32\drivers\HTTP.sys
0x0CFA6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0CFCF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08B7F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08B99000 \SystemRoot\system32\drivers\mrxdav.sys
0x08BC0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x015B5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x081CC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x013AB000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0D600000 \SystemRoot\System32\DRIVERS\srv.sys
0x0D696000 \SystemRoot\system32\drivers\peauth.sys
0x0D74C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0D757000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0D766000 \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
0x0D791000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76E90000 \Windows\System32\ntdll.dll

Processes (total 94):
0 System Idle Process
4 System
532 C:\Windows\System32\smss.exe
656 csrss.exe
708 C:\Windows\System32\wininit.exe
728 csrss.exe
764 C:\Windows\System32\winlogon.exe
804 C:\Windows\System32\services.exe
816 C:\Windows\System32\lsass.exe
824 C:\Windows\System32\lsm.exe
992 C:\Windows\System32\svchost.exe
212 C:\Windows\System32\nvvsvc.exe
352 C:\Windows\System32\svchost.exe
556 C:\Windows\System32\svchost.exe
304 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\stacsv64.exe
1168 C:\Windows\System32\audiodg.exe
1320 C:\Windows\System32\SLsvc.exe
1364 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\hpservice.exe
1468 C:\Windows\System32\rundll32.exe
1528 C:\Windows\System32\vfsFPService.exe
1640 C:\Windows\System32\svchost.exe
1696 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1868 C:\Windows\System32\spoolsv.exe
1896 C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
1972 C:\Windows\System32\svchost.exe
2060 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
2076 C:\Windows\System32\svchost.exe
2088 C:\Windows\System32\svchost.exe
2100 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2192 C:\Windows\System32\inetsrv\inetinfo.exe
2276 C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
2696 C:\Windows\System32\dwm.exe
2724 C:\Windows\System32\taskeng.exe
2788 C:\Windows\explorer.exe
2900 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
2916 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2952 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
3052 C:\Windows\System32\svchost.exe
2716 C:\Program Files (x86)\SMINST\BLService.exe
2948 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
2992 C:\Windows\System32\taskeng.exe
3124 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
3172 C:\ScrumWorksBasic\bin\ScrumworksService.exe
3192 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3232 C:\Windows\System32\svchost.exe
3304 C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
3376 C:\Windows\System32\rundll32.exe
3388 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3404 C:\Program Files\IDT\WDM\sttray64.exe
3480 C:\Windows\System32\svchost.exe
3496 C:\Windows\System32\svchost.exe
3520 C:\Windows\System32\SearchIndexer.exe
3624 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3656 C:\Windows\ehome\ehtray.exe
3816 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3924 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
4056 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2520 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
280 VisualSVNServer.exe
4172 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
4184 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4296 C:\Program Files (x86)\DeskNotes 2.2.2\DeskNotes.exe
4348 C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
4456 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
4468 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
4564 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
4656 C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
4664 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
4804 C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
4860 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4896 C:\Program Files (x86)\Winamp\winampa.exe
1284 C:\Windows\System32\wbem\unsecapp.exe
3504 WmiPrvSE.exe
2680 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4892 dllhost.exe
1016 WmiPrvSE.exe
5248 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
5392 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
5404 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
5556 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
5628 C:\Windows\ehome\ehmsas.exe
5424 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
5764 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6096 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
5368 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3012 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5484 C:\Windows\System32\SearchProtocolHost.exe
2772 C:\Windows\System32\SearchFilterHost.exe
2508 C:\Windows\System32\SearchProtocolHost.exe
5076 C:\Malware Cleanup\MBRCheck\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`ae300000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000047`e3300000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000056`64c00000 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x0000009f`a2c00000 (NTFS)
\\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
\\.\K: --> \\.\PhysicalDrive2 at offset 0x00000056`64d00000 (NTFS)
\\.\L: --> \\.\PhysicalDrive2 at offset 0x0000009f`a2d00000 (NTFS)

PhysicalDrive0 Model Number: ST9320421AS, Rev: HP14
PhysicalDrive1 Model Number: WDC WD1001FALS-00J7B1, Rev:
PhysicalDrive2 Model Number: WDC WD1001FALS-00J7B1, Rev:

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
931 GB \\.\PhysicalDrive2 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
Good job :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8592
uInternet Settings,ProxyOverride = <local>

RegNull::
[HKEY_USERS\S-1-5-21-1626570519-558537335-2832409400-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADEB6F05-AA39-AB0E-D21E-2DD2648EEC1E}*]


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back