TechSpot

Fake AV and IE Popups when running Firefox on Vista

By wesatx2010
Jan 25, 2011
  1. Hi,

    Vista has IE popups when running Firefox, and a fake AV program was installed but MalwareBytes seems to have disabled that. Logs attached.

    TIA

    Robert

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5594

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    1/25/2011 10:38:14 AM
    mbam-log-2011-01-25 (10-38-14).txt

    Scan type: Quick scan
    Objects scanned: 164442
    Time elapsed: 5 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\CL2GFOKBC9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-25 11:25:39
    Windows 6.0.6001 Service Pack 1
    Running: 7gwfe6vh.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247e5db9e0
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00247e5db9e0 (not active ControlSet)
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADEB6F05-AA39-AB0E-D21E-2DD2648EEC1E}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADEB6F05-AA39-AB0E-D21E-2DD2648EEC1E}@hakdjkbcckngaejg 0x6A 0x61 0x69 0x67 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADEB6F05-AA39-AB0E-D21E-2DD2648EEC1E}@iamdhdmgmjhkfbcndm 0x6B 0x61 0x70 0x67 ...

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Robert at 11:26:11.25 on Tue 01/25/2011
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4092.1685 [GMT -6:00]

    AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\STacSV64.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\vfsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\SMINST\BLService.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\ScrumWorksBasic\bin\ScrumworksService.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\DeskNotes 2.2.2\DeskNotes.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\program files (x86)\avira\antivir desktop\avcenter.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\dds\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyServer = http=127.0.0.1:8592
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKNO~1.LNK - C:\Windows\Installer\{68CDF733-DD46-4462-A13C-CEED33BF36F5}\_02F552641734ACD485B5F1.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
    LSA: Notification Packages = scecli DPPWDFLT
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
    mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\u0t90zfb.default\
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\u0t90zfb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\u0t90zfb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-11-25 402992]
    R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-11-25 334384]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-11-25 583296]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110125.001\IDSviA64.sys [2011-1-25 476792]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/24 10:28:14];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [2010-11-24 89088]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-25 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-11-25 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-11-25 83120]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
    R2 MsDtsServer;SQL Server Integration Services;C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
    R2 MSOLAP$ABRAXAS;SQL Server Analysis Services (ABRAXAS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2005-10-14 14557912]
    R2 MSSQL$ABRAXAS;SQL Server (ABRAXAS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
    R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-11-25 117640]
    R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-2-12 365952]
    R2 ReportServer$ABRAXAS;SQL Server Reporting Services (ABRAXAS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2007-2-10 17264]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-25 810320]
    R2 ScrumWorks Basic;ScrumWorks Basic;C:\ScrumWorksBasic\bin\ScrumworksService.exe [2010-11-24 53248]
    R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-11-18 721712]
    R2 VisualSVNServer;VisualSVN Server;C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2010-7-13 23840]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-11-15 592120]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-2-12 193840]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-10-23 128352]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-11-24 4745216]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2008-9-24 58912]
    R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008000.029\symndisv.sys [2010-11-25 56880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 msftesql$ABRAXAS;SQL Server FullText Search (ABRAXAS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2005-8-26 92880]
    S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 SQLAgent$ABRAXAS;SQL Server Agent (ABRAXAS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 318680]
    S3 WMSvc;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2008-1-20 12288]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-11-25 93184]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]

    =============== Created Last 30 ================

    2011-01-25 17:03:21 -------- d-----w- C:\dds
    2011-01-25 16:36:09 -------- d-----w- C:\tfc
    2011-01-25 16:35:41 -------- d-----w- C:\gmer
    2011-01-25 15:58:16 -------- d-----w- C:\HijackThis
    2011-01-25 15:38:30 -------- d-----r- C:\Program Files (x86)\Norton Support
    2011-01-25 15:37:46 -------- d-----w- C:\Users\Robert\AppData\Local\Symantec
    2011-01-25 11:23:08 209920 ----a-w- C:\Windows\Tvuria.exe
    2011-01-25 08:10:01 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F6E9A286-D0F9-4BA8-A22B-6CF2DBD36508}\mpengine.dll
    2011-01-24 23:27:49 49152 ----a-r- C:\Users\Robert\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
    2011-01-24 23:26:01 335872 ----a-r- C:\Users\Robert\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
    2011-01-24 23:22:42 57344 ----a-r- C:\Users\Robert\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
    2011-01-24 23:19:17 -------- d-----w- C:\Program Files (x86)\Common Files\Nikon
    2011-01-24 23:18:53 -------- d-----w- C:\Program Files (x86)\Nikon
    2011-01-24 22:49:44 -------- d-----w- C:\Users\Robert\Photos
    2011-01-17 22:54:47 -------- d-----w- C:\tempVS
    2011-01-16 22:27:46 -------- d-----w- C:\pebuilder3110a
    2011-01-16 22:27:06 -------- d-----w- C:\DriveKey
    2011-01-16 22:26:24 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-01-16 22:26:24 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-01-16 22:26:24 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2011-01-16 22:26:24 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-01-16 22:26:21 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2011-01-16 03:58:29 -------- d-----w- C:\Users\Robert\AppData\Local\Apps
    2011-01-16 03:58:28 -------- d-----w- C:\Users\Robert\AppData\Local\Deployment
    2011-01-14 23:21:31 -------- d-----w- C:\SvnBackup
    2011-01-13 00:53:25 -------- d-----w- C:\Program Files (x86)\UMLStudio 8.0
    2011-01-11 21:21:46 -------- d-----w- C:\bk0111
    2011-01-11 05:58:47 -------- d-----w- C:\Program Files\Paint.NET
    2011-01-11 05:58:11 -------- d-----w- C:\Users\Robert\AppData\Local\Paint.NET
    2011-01-07 13:48:20 -------- d-----w- C:\Program Files\MediaCoder
    2011-01-07 13:38:43 -------- d-----w- C:\Users\Robert\AppData\Local\Broad Intelligence
    2011-01-07 13:38:36 -------- d-----w- C:\Users\Robert\AppData\Roaming\Broad Intelligence
    2011-01-07 13:17:33 -------- d-----w- C:\Users\Robert\AppData\Roaming\AnvSoft
    2011-01-04 10:40:33 -------- d-----w- C:\Password Manager
    2011-01-01 11:48:53 -------- d-----w- C:\Users\Robert\AppData\Roaming\MB
    2011-01-01 11:48:10 -------- d-----w- C:\Users\Robert\AppData\Local\MB
    2011-01-01 11:46:20 -------- d-----w- C:\Program Files (x86)\DeskNotes 2.2.2

    ==================== Find3M ====================

    2010-12-30 19:38:50 198656 ----a-w- C:\Windows\SysWow64\Comdlg32.ocx
    2010-12-28 15:26:13 462848 ----a-w- C:\Windows\System32\odbc32.dll
    2010-12-28 14:57:35 409600 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2010-12-21 00:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-14 16:20:18 1251840 ----a-w- C:\Windows\System32\sdclt.exe
    2010-11-29 23:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 23:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-27 00:39:34 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2010-11-25 09:25:30 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2010-11-25 09:24:53 583296 ----a-w- C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys
    2010-11-25 09:24:53 334384 ----a-w- C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys
    2010-11-24 18:34:12 1066544 ----a-w- C:\Windows\SysWow64\MFC71.dll
    2010-11-15 18:38:14 130808 ----a-w- C:\Windows\SysWow64\vpnweb.ocx
    2010-11-15 18:37:30 8952 ----a-w- C:\Windows\SysWow64\vpncategories.dll
    2010-11-15 18:36:48 28920 ----a-w- C:\Windows\SysWow64\vpnevents.dll
    2010-11-15 18:19:12 22752 ----a-w- C:\Windows\System32\drivers\vpnva64.sys
    2010-11-06 11:10:13 357376 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-06 11:10:13 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-06 04:35:53 499712 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-06 04:35:30 655872 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-06 04:35:30 410112 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-06 04:35:16 854528 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-05 00:53:47 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-04 21:16:05 267776 ----a-w- C:\Windows\System32\taskeng.exe
    2010-10-28 15:18:38 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-28 15:02:24 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-28 13:23:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-28 13:17:36 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-28 13:03:07 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-28 12:56:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    ============= FINISH: 11:27:00.21 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/24/2010 12:14:23 PM
    System Uptime: 1/25/2011 10:40:19 AM (1 hours ago)

    Motherboard: Quanta | | 3610
    Processor: Intel(R) Core(TM)2 Quad CPU Q9100 @ 2.26GHz | CPU | 1600/1066mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 239 GiB total, 58.05 GiB free.
    D: is FIXED (NTFS) - 49 GiB total, 26.382 GiB free.
    E: is FIXED (NTFS) - 11 GiB total, 1.778 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 346 GiB total, 66.533 GiB free.
    H: is FIXED (NTFS) - 293 GiB total, 41.764 GiB free.
    I: is FIXED (NTFS) - 293 GiB total, 19.425 GiB free.
    J: is FIXED (NTFS) - 346 GiB total, 4.583 GiB free.
    K: is FIXED (NTFS) - 293 GiB total, 103.306 GiB free.
    L: is FIXED (NTFS) - 293 GiB total, 48.827 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    aaa
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Apple Application Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Cisco AnyConnect VPN Client
    Conduit Engine
    CyberLink DVD Suite
    Dell Driver Download Manager
    DeskNotes 2.2.2
    DVD Flick 1.3.0.7
    ESU for Microsoft Vista
    File Uploader
    GIMP 2.6.11
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Help and Support
    HP MediaSmart DVD
    HP MediaSmart Live TV
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SlingPlayer
    HP MediaSmart Webcam
    HP Quick Launch Buttons 6.40 H2
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HP USB Disk Storage Format Tool
    HP User Guides 0116
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HTML Help Workshop
    IDT Audio
    Java(TM) 6 Update 7
    JMicron JMB38X Flash Media Controller Driver
    Juno Preloader
    LabelPrint
    Malwarebytes' Anti-Malware
    MediaCoder x64 0.7.5.4799
    Microsoft .NET Compact Framework 1.0 SP3 Developer
    Microsoft .NET Compact Framework 2.0
    Microsoft Device Emulator version 1.0 - ENU
    Microsoft Document Explorer 2005
    Microsoft Live Search Toolbar
    Microsoft Office 2003 Web Components
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 (ABRAXAS)
    Microsoft SQL Server 2005 Analysis Services (ABRAXAS)
    Microsoft SQL Server 2005 Books Online (English)
    Microsoft SQL Server 2005 Integration Services
    Microsoft SQL Server 2005 Notification Services
    Microsoft SQL Server 2005 Reporting Services (ABRAXAS)
    Microsoft SQL Server 2005 Tools
    Microsoft SQL Server 2005 Upgrade Advisor (English)
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual Studio 2005 Professional Edition - ENU
    Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
    Mozilla Firefox (3.6.13)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    NetZero Preloader
    Nikon Message Center
    Norton Internet Security
    NUnit 2.5.8
    PE Builder 3.1.10a
    PhotoNow!
    Picture Control Utility
    Power2Go
    PowerDirector
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    ScrumWorks Basic Client
    ScrumWorks Basic Server 1.8.4
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Service Pack 2 for SQL Server Reporting Services 2005 ENU (KB921896)
    Service Pack 2 for SQL Server Tools and Workstation Components 2005 ENU (KB921896)
    Slingbox - Watch Your TV Anywhere
    SlingPlayer
    Spybot - Search & Destroy
    UMLStudio 8.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232)
    ViewNX
    Visual Studio 2005 Extensions for Windows Workflow Foundation
    VisualSVN Server 2.1.3
    VLC media player 0.9.2
    Vuze
    Vuze Remote Toolbar
    Winamp
    Windows Media Player Firefox Plugin
    WinRAR archiver

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================================

    You're running two AV programs, Avira and Norton.
    One of them has to go.
    If Norton, use this tool to remove it: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    ======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. wesatx2010

    wesatx2010 TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Ultimate Edition
    Windows Information: Service Pack 1 (build 6001), 64-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP HDX18 Notebook PC
    Logical Drives Mask: 0x00000ffc

    Kernel Drivers (total 222):
    0x02005000 \SystemRoot\system32\ntoskrnl.exe
    0x02518000 \SystemRoot\system32\hal.dll
    0x00602000 \SystemRoot\system32\kdcom.dll
    0x0060C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00639000 \SystemRoot\system32\PSHED.dll
    0x0064D000 \SystemRoot\system32\CLFS.SYS
    0x006AA000 \SystemRoot\system32\CI.dll
    0x0080B000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E5000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F3000 \SystemRoot\system32\drivers\acpi.sys
    0x00949000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x00952000 \SystemRoot\system32\drivers\msisadrv.sys
    0x0095C000 \SystemRoot\system32\drivers\pci.sys
    0x0098C000 \SystemRoot\system32\drivers\isapnp.sys
    0x00995000 \SystemRoot\system32\drivers\mpio.sys
    0x009B7000 \SystemRoot\System32\drivers\partmgr.sys
    0x009CC000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x009D0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x009DC000 \SystemRoot\system32\drivers\volmgr.sys
    0x0075C000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009F0000 \SystemRoot\system32\drivers\intelide.sys
    0x007C2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x009F8000 \SystemRoot\system32\drivers\aliide.sys
    0x00800000 \SystemRoot\system32\drivers\amdide.sys
    0x007D2000 \SystemRoot\system32\drivers\cmdide.sys
    0x007DA000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00A08000 \SystemRoot\system32\drivers\msdsm.sys
    0x00A26000 \SystemRoot\system32\drivers\nvraid.sys
    0x00A49000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x00A75000 \SystemRoot\system32\drivers\pciide.sys
    0x00A7C000 \SystemRoot\system32\drivers\viaide.sys
    0x00A84000 \SystemRoot\system32\drivers\iastorv.sys
    0x00B4B000 \SystemRoot\system32\drivers\atapi.sys
    0x00B53000 \SystemRoot\system32\drivers\ataport.SYS
    0x00B77000 \SystemRoot\system32\drivers\lsi_scsi.sys
    0x00B95000 \SystemRoot\system32\drivers\storport.sys
    0x00BF2000 \SystemRoot\system32\drivers\msahci.sys
    0x007ED000 \SystemRoot\system32\drivers\hpcisss.sys
    0x00C02000 \SystemRoot\system32\drivers\adp94xx.sys
    0x00C7B000 \SystemRoot\system32\drivers\adpahci.sys
    0x00CD1000 \SystemRoot\system32\drivers\adpu160m.sys
    0x00CF2000 \SystemRoot\system32\drivers\SCSIPORT.SYS
    0x00D20000 \SystemRoot\system32\drivers\adpu320.sys
    0x00D4F000 \SystemRoot\system32\drivers\djsvs.sys
    0x00D67000 \SystemRoot\system32\drivers\arc.sys
    0x00D80000 \SystemRoot\system32\drivers\arcsas.sys
    0x00E05000 \SystemRoot\system32\drivers\elxstor.sys
    0x00EA8000 \SystemRoot\system32\drivers\i2omp.sys
    0x00EB3000 \SystemRoot\system32\drivers\iirsp.sys
    0x00EC4000 \SystemRoot\system32\drivers\iteatapi.sys
    0x00ED1000 \SystemRoot\system32\drivers\iteraid.sys
    0x00EDE000 \SystemRoot\system32\drivers\lsi_fc.sys
    0x00EFC000 \SystemRoot\system32\drivers\lsi_sas.sys
    0x00F18000 \SystemRoot\system32\drivers\megasas.sys
    0x00F24000 \SystemRoot\system32\drivers\megasr.sys
    0x00FEB000 \SystemRoot\system32\drivers\mraid35x.sys
    0x00D99000 \SystemRoot\system32\drivers\nfrd960.sys
    0x00DA9000 \SystemRoot\system32\drivers\nvstor.sys
    0x01000000 \SystemRoot\system32\drivers\ql2300.sys
    0x01152000 \SystemRoot\system32\drivers\ql40xx.sys
    0x011B0000 \SystemRoot\system32\drivers\sisraid2.sys
    0x011BE000 \SystemRoot\system32\drivers\sisraid4.sys
    0x011D4000 \SystemRoot\system32\drivers\symc8xx.sys
    0x011E2000 \SystemRoot\system32\drivers\sym_hi.sys
    0x011EF000 \SystemRoot\system32\drivers\sym_u3.sys
    0x0120F000 \SystemRoot\system32\drivers\uliahci.sys
    0x01258000 \SystemRoot\system32\drivers\ulsata.sys
    0x01287000 \SystemRoot\system32\drivers\ulsata2.sys
    0x012C9000 \SystemRoot\system32\drivers\vsmraid.sys
    0x012F0000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01336000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0134A000 \SystemRoot\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS
    0x01405000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x0160A000 \SystemRoot\system32\drivers\ndis.sys
    0x0148C000 \SystemRoot\system32\drivers\msrpc.sys
    0x014DC000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01807000 \SystemRoot\System32\drivers\tcpip.sys
    0x0197B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01A0B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01B8F000 \SystemRoot\system32\drivers\wd.sys
    0x01B97000 \SystemRoot\system32\drivers\volsnap.sys
    0x01BDB000 \SystemRoot\System32\Drivers\spldr.sys
    0x01BE3000 \SystemRoot\system32\drivers\sbp2port.sys
    0x019A7000 \SystemRoot\System32\Drivers\mup.sys
    0x019B9000 \SystemRoot\System32\drivers\ecache.sys
    0x01A00000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x017CD000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x019E5000 \SystemRoot\system32\drivers\disk.sys
    0x017F6000 \SystemRoot\system32\drivers\crcdisk.sys
    0x01561000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x0156D000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x01576000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x019F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x03007000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x03A0D000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03AEC000 \SystemRoot\System32\drivers\watchdog.sys
    0x03AFB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x03B07000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03B4D000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03B5E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03C0B000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
    0x0409C000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x040CA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x040DC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x040EC000 \SystemRoot\system32\DRIVERS\jmcr.sys
    0x0410E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x04124000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x04130000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0413E000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x04182000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04184000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04190000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x041AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x041C8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x041D1000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x041DD000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
    0x03B71000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x041F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03BA9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03BCC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03940000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03BD8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03971000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03BE8000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0420E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0x042A8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x042BA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x042BC000 \SystemRoot\system32\DRIVERS\ks.sys
    0x042F0000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x04301000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x0430C000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0431C000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04363000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04377000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x0398F000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x039CA000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x043EB000 \SystemRoot\system32\drivers\ksthunk.sys
    0x01589000 \SystemRoot\system32\drivers\nvhda64v.sys
    0x043F1000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x039ED000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04200000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x03C00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x07806000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS
    0x07BBF000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x078A4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x07BF5000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x078C0000 \SystemRoot\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS
    0x078D4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x078DE000 \SystemRoot\System32\Drivers\Null.SYS
    0x078E7000 \SystemRoot\System32\drivers\vga.sys
    0x078F5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x0791A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x07923000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0792C000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x07937000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x07948000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x07951000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0796E000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS
    0x079BA000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS
    0x079CA000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS
    0x0159D000 \SystemRoot\system32\DRIVERS\smb.sys
    0x07C05000 \SystemRoot\system32\drivers\afd.sys
    0x07C72000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x07CB6000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x07CD4000 \SystemRoot\system32\DRIVERS\SymIMv.sys
    0x07CDF000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x07CEE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x07D09000 \??\C:\Windows\system32\Drivers\vmm.sys
    0x07D56000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x07DA4000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x07E04000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110125.001\IDSvia64.sys
    0x07E7F000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x07EF5000 \SystemRoot\system32\drivers\csc.sys
    0x07F6B000 \SystemRoot\System32\Drivers\dfsc.sys
    0x08005000 \SystemRoot\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
    0x08098000 \SystemRoot\system32\drivers\NISx64\1008000.029\BHDrvx64.sys
    0x08111000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x08126000 \SystemRoot\system32\DRIVERS\WinUSB.sys
    0x08136000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x08160000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x08605000 \SystemRoot\System32\Drivers\bthport.sys
    0x086B3000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x086E4000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x086F1000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x08710000 \SystemRoot\system32\drivers\btwavdt.sys
    0x0816E000 \SystemRoot\system32\drivers\btwaudio.sys
    0x08780000 \SystemRoot\system32\DRIVERS\btwrchid.sys
    0x08784000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x08792000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x0879E000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x087A8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00010000 \SystemRoot\System32\win32k.sys
    0x087BB000 \SystemRoot\System32\drivers\Dxapi.sys
    0x087C7000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00490000 \SystemRoot\System32\TSDDD.dll
    0x00630000 \SystemRoot\System32\cdd.dll
    0x087DA000 \SystemRoot\system32\drivers\luafv.sys
    0x07F88000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x0CA01000 \SystemRoot\system32\drivers\spsys.sys
    0x0CA9B000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0CAAF000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0CAE3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0CAEE000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0CB06000 \SystemRoot\system32\drivers\HTTP.sys
    0x0CBA5000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0CBCE000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07FA5000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x07FBF000 \SystemRoot\system32\drivers\mrxdav.sys
    0x07DB0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x013B1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x07DD9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x015B8000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0D207000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0D29D000 \SystemRoot\system32\drivers\peauth.sys
    0x0D353000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0D35E000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0D36D000 \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
    0x0D398000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x07A00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110125.003\EX64.SYS
    0x0D3D4000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110125.003\ENG64.SYS
    0x772C0000 \Windows\System32\ntdll.dll

    Processes (total 92):
    0 System Idle Process
    4 System
    536 C:\Windows\System32\smss.exe
    652 csrss.exe
    704 C:\Windows\System32\wininit.exe
    724 csrss.exe
    764 C:\Windows\System32\services.exe
    776 C:\Windows\System32\lsass.exe
    784 C:\Windows\System32\lsm.exe
    892 C:\Windows\System32\winlogon.exe
    976 C:\Windows\System32\svchost.exe
    312 C:\Windows\System32\nvvsvc.exe
    388 C:\Windows\System32\svchost.exe
    632 C:\Windows\System32\svchost.exe
    780 C:\Windows\System32\svchost.exe
    352 C:\Windows\System32\svchost.exe
    1036 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\stacsv64.exe
    1152 C:\Windows\System32\audiodg.exe
    1292 C:\Windows\System32\SLsvc.exe
    1312 C:\Windows\System32\svchost.exe
    1412 C:\Windows\System32\hpservice.exe
    1524 C:\Windows\System32\rundll32.exe
    1548 C:\Windows\System32\vfsFPService.exe
    1656 C:\Windows\System32\svchost.exe
    1736 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    1924 C:\Windows\System32\spoolsv.exe
    1948 C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    2036 C:\Windows\System32\svchost.exe
    2132 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
    2180 C:\Windows\System32\svchost.exe
    2192 C:\Windows\System32\svchost.exe
    2216 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    2284 C:\Windows\System32\inetsrv\inetinfo.exe
    2380 C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
    2588 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
    2600 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    2620 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    2700 C:\Windows\System32\svchost.exe
    2716 C:\Program Files (x86)\SMINST\BLService.exe
    2936 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    3016 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    3052 C:\ScrumWorksBasic\bin\ScrumworksService.exe
    1744 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    2876 C:\Windows\System32\svchost.exe
    3140 C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
    3296 C:\Windows\System32\svchost.exe
    3312 C:\Windows\System32\svchost.exe
    3336 C:\Windows\System32\SearchIndexer.exe
    3492 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    3828 C:\Windows\System32\taskeng.exe
    3860 VisualSVNServer.exe
    4528 dllhost.exe
    4552 WmiPrvSE.exe
    4592 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    4680 C:\Windows\System32\taskeng.exe
    4692 C:\Windows\System32\dwm.exe
    4828 C:\Windows\explorer.exe
    4492 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3000 C:\Program Files\IDT\WDM\sttray64.exe
    4144 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    4624 C:\Program Files\Windows Defender\MSASCui.exe
    4620 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    3884 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    1144 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    4804 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    2140 C:\Program Files (x86)\DeskNotes 2.2.2\DeskNotes.exe
    1480 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    2888 C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    2008 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    5140 C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    5248 C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
    5276 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    5344 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    5356 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    5404 C:\Program Files (x86)\Winamp\winampa.exe
    5496 WmiPrvSE.exe
    5828 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    5388 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    5636 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    5944 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4256 C:\Windows\System32\wbem\unsecapp.exe
    6268 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    6472 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    6808 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    7044 C:\Windows\System32\wuauclt.exe
    7016 C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
    516 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    7140 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    3536 C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
    2032 C:\Windows\System32\LogonUI.exe
    6412 C:\Malware Cleanup\MBRCheck\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`ae300000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000047`e3300000 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
    \\.\H: --> \\.\PhysicalDrive1 at offset 0x00000056`64c00000 (NTFS)
    \\.\I: --> \\.\PhysicalDrive1 at offset 0x0000009f`a2c00000 (NTFS)
    \\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
    \\.\K: --> \\.\PhysicalDrive2 at offset 0x00000056`64d00000 (NTFS)
    \\.\L: --> \\.\PhysicalDrive2 at offset 0x0000009f`a2d00000 (NTFS)

    PhysicalDrive0 Model Number: ST9320421AS, Rev: HP14
    PhysicalDrive1 Model Number: WDC WD1001FALS-00J7B1, Rev:
    PhysicalDrive2 Model Number: WDC WD1001FALS-00J7B1, Rev:

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: E6CCDBFD8F5B3DAA80CE1AA64C67955A606A347D
    931 GB \\.\PhysicalDrive1 RE: Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    931 GB \\.\PhysicalDrive2 RE: Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    ComboFix 11-01-24.02 - Robert 01/25/2011 12:26:40.1.4 - x64
    Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4092.1793 [GMT -6:00]
    Running from: c:\users\Robert\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-25 to 2011-01-25 )))))))))))))))))))))))))))))))
    .

    2011-01-25 18:12 . 2011-01-25 18:14 -------- d-----w- C:\Malware Cleanup
    2011-01-25 15:38 . 2011-01-25 15:38 -------- d-----r- c:\program files (x86)\Norton Support
    2011-01-25 15:37 . 2011-01-25 15:37 -------- d-----w- c:\users\Robert\AppData\Local\Symantec
    2011-01-25 11:23 . 2011-01-25 10:47 209920 ----a-w- c:\windows\Tvuria.exe
    2011-01-25 10:48 . 2011-01-25 10:48 -------- d-----w- c:\windows\Sun
    2011-01-25 08:10 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E9A286-D0F9-4BA8-A22B-6CF2DBD36508}\mpengine.dll
    2011-01-24 23:27 . 2011-01-24 23:27 49152 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
    2011-01-24 23:26 . 2011-01-24 23:26 335872 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
    2011-01-24 23:22 . 2011-01-24 23:22 57344 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
    2011-01-24 23:21 . 2011-01-24 23:21 -------- d-----w- c:\users\Robert\AppData\Roaming\Nikon
    2011-01-24 23:19 . 2011-01-24 23:27 -------- d-----w- c:\program files (x86)\Common Files\Nikon
    2011-01-24 23:18 . 2011-01-24 23:18 -------- d-----w- c:\program files (x86)\Nikon
    2011-01-24 23:17 . 2011-01-24 23:17 -------- d-----w- c:\programdata\Ultima_T15
    2011-01-24 23:17 . 2011-01-24 23:17 -------- d-----w- c:\programdata\EnterNHelp
    2011-01-24 22:49 . 2011-01-24 22:54 -------- d-----w- c:\users\Robert\Photos
    2011-01-17 22:54 . 2011-01-17 22:58 -------- d-----w- C:\tempVS
    2011-01-16 22:27 . 2011-01-16 23:44 -------- d-----w- C:\pebuilder3110a
    2011-01-16 22:27 . 2011-01-16 22:27 -------- d-----w- C:\DriveKey
    2011-01-16 22:26 . 2001-09-05 10:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2011-01-16 22:26 . 2001-09-05 10:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2011-01-16 22:26 . 2001-09-05 10:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2011-01-16 22:26 . 2001-09-05 10:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2011-01-16 22:26 . 2001-09-05 09:24 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2011-01-16 03:58 . 2011-01-16 03:58 -------- d-----w- c:\users\Robert\AppData\Local\Apps
    2011-01-16 03:58 . 2011-01-16 03:59 -------- d-----w- c:\users\Robert\AppData\Local\Deployment
    2011-01-14 23:21 . 2011-01-15 00:20 -------- d-----w- C:\SvnBackup
    2011-01-13 00:53 . 2011-01-13 00:53 -------- d-----w- c:\program files (x86)\UMLStudio 8.0
    2011-01-11 21:21 . 2011-01-11 21:22 -------- d-----w- C:\bk0111
    2011-01-11 05:58 . 2011-01-11 05:59 -------- d-----w- c:\program files\Paint.NET
    2011-01-11 05:58 . 2011-01-11 06:01 -------- d-----w- c:\users\Robert\AppData\Local\Paint.NET
    2011-01-07 13:48 . 2011-01-07 13:48 -------- d-----w- c:\program files\MediaCoder
    2011-01-07 13:38 . 2011-01-07 13:54 -------- d-----w- c:\users\Robert\AppData\Local\Broad Intelligence
    2011-01-07 13:38 . 2011-01-09 22:08 -------- d-----w- c:\users\Robert\AppData\Roaming\Broad Intelligence
    2011-01-07 13:17 . 2011-01-07 13:17 -------- d-----w- c:\users\Robert\AppData\Roaming\AnvSoft
    2011-01-04 10:40 . 2011-01-04 10:40 -------- d-----w- C:\Password Manager
    2011-01-01 11:48 . 2011-01-01 11:48 -------- d-----w- c:\users\Robert\AppData\Roaming\MB
    2011-01-01 11:48 . 2011-01-01 11:48 -------- d-----w- c:\users\Robert\AppData\Local\MB
    2011-01-01 11:46 . 2011-01-01 11:46 -------- d-----w- c:\program files (x86)\DeskNotes 2.2.2

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-22 02:43 . 2010-12-02 20:18 165232 ---ha-w- c:\users\Robert\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2010-12-30 19:38 . 2001-05-21 17:46 198656 ----a-w- c:\windows\SysWow64\Comdlg32.ocx
    2010-12-21 00:09 . 2010-12-11 03:43 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-21 00:08 . 2010-12-11 03:43 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-25 09:25 . 2010-11-24 16:53 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2010-11-25 09:24 . 2010-11-25 09:24 583296 ----a-w- c:\windows\system32\drivers\NISx64\1008000.029\cchpx64.sys
    2010-11-25 09:24 . 2010-11-25 09:24 334384 ----a-w- c:\windows\system32\drivers\NISx64\1008000.029\BHDrvx64.sys
    2010-11-25 04:12 . 2010-11-25 04:12 5632 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{EFD31E4F-4EDA-4758-AAA7-8E625BA76A48}\nunit_icon.exe
    2010-11-24 18:34 . 2009-02-12 09:28 1066544 ----a-w- c:\windows\SysWow64\MFC71.dll
    2010-11-15 18:38 . 2010-11-15 18:38 130808 ----a-w- c:\windows\SysWow64\vpnweb.ocx
    2010-11-15 18:37 . 2010-11-15 18:37 8952 ----a-w- c:\windows\SysWow64\vpncategories.dll
    2010-11-15 18:36 . 2010-11-15 18:36 28920 ----a-w- c:\windows\SysWow64\vpnevents.dll
    2010-11-15 18:19 . 2010-11-15 18:19 22752 ----a-w- c:\windows\system32\drivers\vpnva64.sys
    2010-11-06 11:10 . 2010-12-15 20:44 357376 ----a-w- c:\windows\SysWow64\taskschd.dll
    2010-11-06 11:10 . 2010-12-15 20:44 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2010-11-06 04:35 . 2010-12-15 20:44 499712 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-06 04:35 . 2010-12-15 20:44 655872 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-06 04:35 . 2010-12-15 20:44 410112 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-06 04:35 . 2010-12-15 20:44 854528 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-05 00:53 . 2010-12-15 20:44 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
    2010-11-04 21:16 . 2010-12-15 20:44 267776 ----a-w- c:\windows\system32\taskeng.exe
    2010-10-28 15:18 . 2010-12-15 20:47 48128 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-28 15:02 . 2010-12-15 20:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2010-10-28 13:23 . 2010-12-15 20:47 367104 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-28 13:17 . 2010-12-15 20:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-28 13:03 . 2010-12-15 20:47 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
    2010-10-28 12:56 . 2010-12-15 20:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-24 3908192]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-24 00:55 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2010-11-24 00:55 3908192 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-11-24 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-24 3908192]

    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
    "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
    "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
    "UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
    "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2008-12-11 842816]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-02 202032]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
    "UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2008-04-01 36352]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856]
    DeskNotes.lnk - c:\windows\Installer\{68CDF733-DD46-4462-A13C-CEED33BF36F5}\_02F552641734ACD485B5F1.exe [2011-1-1 209254]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 msftesql$ABRAXAS;SQL Server FullText Search (ABRAXAS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2005-08-26 92880]
    R3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [2008-01-21 3154432]
    R3 SQLAgent$ABRAXAS;SQL Server Agent (ABRAXAS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 318680]
    R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-21 12288]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2006-10-04 273408]
    R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-09-23 4476096]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [2010-01-20 402992]
    S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-11-25 334384]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [2010-11-25 583296]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110125.001\IDSvia64.sys [2010-11-23 476792]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/11/24 10:28];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 02:04 146928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [2008-06-27 89088]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-19 23040]
    S2 MsDtsServer;SQL Server Integration Services;c:\program files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
    S2 MSOLAP$ABRAXAS;SQL Server Analysis Services (ABRAXAS);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2005-10-14 14557912]
    S2 MSSQL$ABRAXAS;SQL Server (ABRAXAS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
    S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-18 365952]
    S2 ReportServer$ABRAXAS;SQL Server Reporting Services (ABRAXAS);c:\program files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2007-02-10 17264]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
    S2 ScrumWorks Basic;ScrumWorks Basic;c:\scrumworksbasic\bin\ScrumworksService.exe [2010-02-17 53248]
    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-11-18 721712]
    S2 VisualSVNServer;VisualSVN Server;c:\program files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2010-07-13 23840]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-11-15 592120]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 64000]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 128352]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2008-08-28 4745216]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2008-09-25 58912]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [2010-01-20 56880]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 14:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
    "combofix"="c:\combofix\CF6861.cfxxe" [X]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 15959584]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 82464]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-17 1561384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyServer = http=127.0.0.1:8592
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\u0t90zfb.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray64.exe
    HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    AddRemove-KB921896_RS9 - c:\windows\RS9_KB921896_ENU\Hotfix.exe
    AddRemove-KB921896_SQLTools9 - c:\windows\SQLTools9_KB921896_ENU\Hotfix.exe
    AddRemove-aaa - c:\windows\system32\javaws.exe
    AddRemove-ScrumWorks Basic Client - c:\windows\system32\javaws.exe



    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql$ABRAXAS]
    "ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:ABRAXAS"
    --

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1626570519-558537335-2832409400-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADEB6F05-AA39-AB0E-D21E-2DD2648EEC1E}*]
    "hakdjkbcckngaejg"=hex:6a,61,69,67,70,6f,70,6b,61,6f,64,70,64,66,6f,70,6c,67,
    67,62,00,67
    "iamdhdmgmjhkfbcndm"=hex:6b,61,70,67,6b,6f,65,61,66,62,66,67,63,64,63,63,66,6f,
    68,6f,66,63,00,6f

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\windows\SysWOW64\DllHost.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    c:\program files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-25 12:47:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-25 18:47

    Pre-Run: 63,232,708,608 bytes free
    Post-Run: 62,615,089,152 bytes free

    - - End Of File - - 9F434AA353B586E626882439C3AE68BC
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We need to double check your MBR. It looks suspicious.

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  5. wesatx2010

    wesatx2010 TS Rookie Topic Starter

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Ultimate Edition Service Pack 1 (build 6001)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: b23e5cbb74b4fcefd775b490fc8131e6

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We need to fix it.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.

    **Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.
     
  7. wesatx2010

    wesatx2010 TS Rookie Topic Starter

    Boots from CD. Allows me to proceed up to key board entry. After I accept the default English keyboard the program errors out and says cannot find CD-ROM drive.

    CD burns and verifies correctly - I have tried a couple now. Boots fine. I a;lso removed all peripherals. No joy.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Let's try different method...

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    2. Boot from created disk.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
  9. wesatx2010

    wesatx2010 TS Rookie Topic Starter

    ok boot rec is fixed now.


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Ultimate Edition
    Windows Information: Service Pack 1 (build 6001), 64-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP HDX18 Notebook PC
    Logical Drives Mask: 0x00000ffc

    Kernel Drivers (total 222):
    0x02054000 \SystemRoot\system32\ntoskrnl.exe
    0x0200E000 \SystemRoot\system32\hal.dll
    0x00601000 \SystemRoot\system32\kdcom.dll
    0x0060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00638000 \SystemRoot\system32\PSHED.dll
    0x0064C000 \SystemRoot\system32\CLFS.SYS
    0x006A9000 \SystemRoot\system32\CI.dll
    0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x008F0000 \SystemRoot\system32\drivers\acpi.sys
    0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys
    0x00959000 \SystemRoot\system32\drivers\pci.sys
    0x00989000 \SystemRoot\system32\drivers\isapnp.sys
    0x00992000 \SystemRoot\system32\drivers\mpio.sys
    0x009B4000 \SystemRoot\System32\drivers\partmgr.sys
    0x009C9000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x009CD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x009D9000 \SystemRoot\system32\drivers\volmgr.sys
    0x0075B000 \SystemRoot\System32\drivers\volmgrx.sys
    0x009ED000 \SystemRoot\system32\drivers\intelide.sys
    0x007C1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x009F5000 \SystemRoot\system32\drivers\aliide.sys
    0x00800000 \SystemRoot\system32\drivers\amdide.sys
    0x007D1000 \SystemRoot\system32\drivers\cmdide.sys
    0x007D9000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00A07000 \SystemRoot\system32\drivers\msdsm.sys
    0x00A25000 \SystemRoot\system32\drivers\nvraid.sys
    0x00A48000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x00A74000 \SystemRoot\system32\drivers\pciide.sys
    0x00A7B000 \SystemRoot\system32\drivers\viaide.sys
    0x00A83000 \SystemRoot\system32\drivers\iastorv.sys
    0x00B4A000 \SystemRoot\system32\drivers\atapi.sys
    0x00B52000 \SystemRoot\system32\drivers\ataport.SYS
    0x00B76000 \SystemRoot\system32\drivers\lsi_scsi.sys
    0x00B94000 \SystemRoot\system32\drivers\storport.sys
    0x00BF1000 \SystemRoot\system32\drivers\msahci.sys
    0x007EC000 \SystemRoot\system32\drivers\hpcisss.sys
    0x00C0C000 \SystemRoot\system32\drivers\adp94xx.sys
    0x00C85000 \SystemRoot\system32\drivers\adpahci.sys
    0x00CDB000 \SystemRoot\system32\drivers\adpu160m.sys
    0x00CFC000 \SystemRoot\system32\drivers\SCSIPORT.SYS
    0x00D2A000 \SystemRoot\system32\drivers\adpu320.sys
    0x00D59000 \SystemRoot\system32\drivers\djsvs.sys
    0x00D71000 \SystemRoot\system32\drivers\arc.sys
    0x00D8A000 \SystemRoot\system32\drivers\arcsas.sys
    0x00E0F000 \SystemRoot\system32\drivers\elxstor.sys
    0x00EB2000 \SystemRoot\system32\drivers\i2omp.sys
    0x00EBD000 \SystemRoot\system32\drivers\iirsp.sys
    0x00ECE000 \SystemRoot\system32\drivers\iteatapi.sys
    0x00EDB000 \SystemRoot\system32\drivers\iteraid.sys
    0x00EE8000 \SystemRoot\system32\drivers\lsi_fc.sys
    0x00F06000 \SystemRoot\system32\drivers\lsi_sas.sys
    0x00F22000 \SystemRoot\system32\drivers\megasas.sys
    0x00F2E000 \SystemRoot\system32\drivers\megasr.sys
    0x00E00000 \SystemRoot\system32\drivers\mraid35x.sys
    0x00DA3000 \SystemRoot\system32\drivers\nfrd960.sys
    0x00DB3000 \SystemRoot\system32\drivers\nvstor.sys
    0x0100C000 \SystemRoot\system32\drivers\ql2300.sys
    0x0115E000 \SystemRoot\system32\drivers\ql40xx.sys
    0x011BC000 \SystemRoot\system32\drivers\sisraid2.sys
    0x011CA000 \SystemRoot\system32\drivers\sisraid4.sys
    0x011E0000 \SystemRoot\system32\drivers\symc8xx.sys
    0x011EE000 \SystemRoot\system32\drivers\sym_hi.sys
    0x00DC3000 \SystemRoot\system32\drivers\sym_u3.sys
    0x01209000 \SystemRoot\system32\drivers\uliahci.sys
    0x01252000 \SystemRoot\system32\drivers\ulsata.sys
    0x01281000 \SystemRoot\system32\drivers\ulsata2.sys
    0x012C3000 \SystemRoot\system32\drivers\vsmraid.sys
    0x012EA000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01330000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01344000 \SystemRoot\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS
    0x01404000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01602000 \SystemRoot\system32\drivers\ndis.sys
    0x0148B000 \SystemRoot\system32\drivers\msrpc.sys
    0x014DB000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01806000 \SystemRoot\System32\drivers\tcpip.sys
    0x0197A000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01A09000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01B8D000 \SystemRoot\system32\drivers\wd.sys
    0x01B95000 \SystemRoot\system32\drivers\volsnap.sys
    0x01BD9000 \SystemRoot\System32\Drivers\spldr.sys
    0x01BE1000 \SystemRoot\system32\drivers\sbp2port.sys
    0x019A6000 \SystemRoot\System32\Drivers\mup.sys
    0x019B8000 \SystemRoot\System32\drivers\ecache.sys
    0x019E4000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x017C5000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01533000 \SystemRoot\system32\drivers\disk.sys
    0x019EE000 \SystemRoot\system32\drivers\crcdisk.sys
    0x01570000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x01A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x0157C000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x01BFB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0300A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x03A09000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03AE8000 \SystemRoot\System32\drivers\watchdog.sys
    0x03AF7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x03B03000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03B49000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03B5A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03C0B000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
    0x0409C000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
    0x040CA000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x040DC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x040EC000 \SystemRoot\system32\DRIVERS\jmcr.sys
    0x0410E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x04124000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x04130000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0413E000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x04182000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04184000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04190000 \SystemRoot\system32\DRIVERS\enecir.sys
    0x041AC000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x041C8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x041D1000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x041DD000 \SystemRoot\system32\DRIVERS\VMNetSrv.sys
    0x03B6D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x041F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03BA5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x03BC8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03943000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x03BD4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03974000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03BE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04200000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0x0429A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x042AC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x042AE000 \SystemRoot\system32\DRIVERS\ks.sys
    0x042E2000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x042F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x042FE000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0430E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04355000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04369000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x03992000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x043DD000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x03C00000 \SystemRoot\system32\drivers\ksthunk.sys
    0x039CD000 \SystemRoot\system32\drivers\nvhda64v.sys
    0x039E1000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x039EC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x03A00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x03000000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0158F000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x07A07000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS
    0x07C0B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110127.032\EX64.SYS
    0x07DC5000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x07A85000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110127.032\ENG64.SYS
    0x07AA5000 \SystemRoot\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS
    0x07C00000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x07AB9000 \SystemRoot\System32\Drivers\Null.SYS
    0x07AC2000 \SystemRoot\System32\drivers\vga.sys
    0x07AD0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x07AF5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x07B11000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x07B1A000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x07B23000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x07B2C000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x07B37000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x07B48000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x07B51000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x07B6E000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS
    0x07BBA000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS
    0x07BCA000 \SystemRoot\System32\Drivers\NISx64\1008000.029\SYMFW.SYS
    0x0159A000 \SystemRoot\system32\DRIVERS\smb.sys
    0x08002000 \SystemRoot\system32\drivers\afd.sys
    0x0806F000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x080B3000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x080D1000 \SystemRoot\system32\DRIVERS\SymIMv.sys
    0x080DC000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x080EB000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x08106000 \??\C:\Windows\system32\Drivers\vmm.sys
    0x08153000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x081A1000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0820E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110127.001\IDSvia64.sys
    0x08289000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x082FF000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x08324000 \SystemRoot\system32\drivers\csc.sys
    0x0839A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x08402000 \SystemRoot\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
    0x08495000 \SystemRoot\system32\drivers\NISx64\1008000.029\BHDrvx64.sys
    0x084EC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x08501000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x0852B000 \SystemRoot\system32\DRIVERS\WinUSB.sys
    0x0853B000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x08549000 \SystemRoot\System32\Drivers\bthport.sys
    0x083B7000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x083E8000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x081AD000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x08A0F000 \SystemRoot\system32\drivers\btwavdt.sys
    0x08A7F000 \SystemRoot\system32\drivers\btwaudio.sys
    0x08B03000 \SystemRoot\system32\DRIVERS\btwrchid.sys
    0x08B07000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x08B15000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x08B21000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x08B2B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x000F0000 \SystemRoot\System32\win32k.sys
    0x08B3E000 \SystemRoot\System32\drivers\Dxapi.sys
    0x08B4A000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00430000 \SystemRoot\System32\TSDDD.dll
    0x006A0000 \SystemRoot\System32\cdd.dll
    0x08B5D000 \SystemRoot\system32\drivers\luafv.sys
    0x0CE02000 \SystemRoot\system32\drivers\spsys.sys
    0x0CE9C000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0CEB0000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0CEE4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0CEEF000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0CF07000 \SystemRoot\system32\drivers\HTTP.sys
    0x0CFA6000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x0CFCF000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x08B7F000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x08B99000 \SystemRoot\system32\drivers\mrxdav.sys
    0x08BC0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x015B5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x081CC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x013AB000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0D600000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0D696000 \SystemRoot\system32\drivers\peauth.sys
    0x0D74C000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0D757000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0D766000 \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
    0x0D791000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x76E90000 \Windows\System32\ntdll.dll

    Processes (total 94):
    0 System Idle Process
    4 System
    532 C:\Windows\System32\smss.exe
    656 csrss.exe
    708 C:\Windows\System32\wininit.exe
    728 csrss.exe
    764 C:\Windows\System32\winlogon.exe
    804 C:\Windows\System32\services.exe
    816 C:\Windows\System32\lsass.exe
    824 C:\Windows\System32\lsm.exe
    992 C:\Windows\System32\svchost.exe
    212 C:\Windows\System32\nvvsvc.exe
    352 C:\Windows\System32\svchost.exe
    556 C:\Windows\System32\svchost.exe
    304 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\stacsv64.exe
    1168 C:\Windows\System32\audiodg.exe
    1320 C:\Windows\System32\SLsvc.exe
    1364 C:\Windows\System32\svchost.exe
    1448 C:\Windows\System32\hpservice.exe
    1468 C:\Windows\System32\rundll32.exe
    1528 C:\Windows\System32\vfsFPService.exe
    1640 C:\Windows\System32\svchost.exe
    1696 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    1868 C:\Windows\System32\spoolsv.exe
    1896 C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    1972 C:\Windows\System32\svchost.exe
    2060 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe
    2076 C:\Windows\System32\svchost.exe
    2088 C:\Windows\System32\svchost.exe
    2100 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    2192 C:\Windows\System32\inetsrv\inetinfo.exe
    2276 C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
    2696 C:\Windows\System32\dwm.exe
    2724 C:\Windows\System32\taskeng.exe
    2788 C:\Windows\explorer.exe
    2900 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
    2916 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    2952 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    3052 C:\Windows\System32\svchost.exe
    2716 C:\Program Files (x86)\SMINST\BLService.exe
    2948 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    2992 C:\Windows\System32\taskeng.exe
    3124 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    3172 C:\ScrumWorksBasic\bin\ScrumworksService.exe
    3192 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    3232 C:\Windows\System32\svchost.exe
    3304 C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
    3376 C:\Windows\System32\rundll32.exe
    3388 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3404 C:\Program Files\IDT\WDM\sttray64.exe
    3480 C:\Windows\System32\svchost.exe
    3496 C:\Windows\System32\svchost.exe
    3520 C:\Windows\System32\SearchIndexer.exe
    3624 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    3656 C:\Windows\ehome\ehtray.exe
    3816 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    3924 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    4056 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    2520 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    280 VisualSVNServer.exe
    4172 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    4184 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    4296 C:\Program Files (x86)\DeskNotes 2.2.2\DeskNotes.exe
    4348 C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    4456 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    4468 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    4564 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    4656 C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
    4664 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    4804 C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
    4860 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    4896 C:\Program Files (x86)\Winamp\winampa.exe
    1284 C:\Windows\System32\wbem\unsecapp.exe
    3504 WmiPrvSE.exe
    2680 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    4892 dllhost.exe
    1016 WmiPrvSE.exe
    5248 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    5392 C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    5404 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    5556 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    5628 C:\Windows\ehome\ehmsas.exe
    5424 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    5764 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    6096 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    5368 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    3012 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    5484 C:\Windows\System32\SearchProtocolHost.exe
    2772 C:\Windows\System32\SearchFilterHost.exe
    2508 C:\Windows\System32\SearchProtocolHost.exe
    5076 C:\Malware Cleanup\MBRCheck\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`ae300000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000047`e3300000 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
    \\.\H: --> \\.\PhysicalDrive1 at offset 0x00000056`64c00000 (NTFS)
    \\.\I: --> \\.\PhysicalDrive1 at offset 0x0000009f`a2c00000 (NTFS)
    \\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00100000 (NTFS)
    \\.\K: --> \\.\PhysicalDrive2 at offset 0x00000056`64d00000 (NTFS)
    \\.\L: --> \\.\PhysicalDrive2 at offset 0x0000009f`a2d00000 (NTFS)

    PhysicalDrive0 Model Number: ST9320421AS, Rev: HP14
    PhysicalDrive1 Model Number: WDC WD1001FALS-00J7B1, Rev:
    PhysicalDrive2 Model Number: WDC WD1001FALS-00J7B1, Rev:

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    931 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
    931 GB \\.\PhysicalDrive2 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good job :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:8592
    uInternet Settings,ProxyOverride = <local>
    
    RegNull::
    [HKEY_USERS\S-1-5-21-1626570519-558537335-2832409400-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ADEB6F05-AA39-AB0E-D21E-2DD2648EEC1E}*]
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...