CoboFix ran fine I did not have to use Rkill. Here is the log:
ComboFix 12-05-25.03 - New 2 05/25/2012 20:39:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1969 [GMT -7:00]
Running from: c:\users\New 2\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\windows\$NtUninstallKB27935$\3549970808\L\qnbwvoto
c:\windows\2017564883
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\
c:\windows\system32\cwafadmincontroller.dll
c:\windows\system32\dds_log_ad13.cmd
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\shsvcs.dll.vgorg
c:\windows\system32\themeui.dll.vgorg
c:\windows\system32\uxtheme.dll.vgorg
c:\windows\system32\drivers\ . . . . Failed to delete
.
Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected
Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - c:\program files\Google\Update\
.
Infected copy of c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe was found and disinfected
Restored copy from - c:\program files\Hewlett-Packard\HP Health Check\
.
Infected copy of c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe was found and disinfected
Restored copy from - c:\program files\Hewlett-Packard\Shared\
.
c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe . . . is infected!!
c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected
Restored copy from - c:\program files\iPod\bin\
.
Infected copy of c:\program files\Common Files\LightScribe\LSSrvc.exe was found and disinfected
Restored copy from - c:\program files\Common Files\LightScribe\
.
c:\windows\system32\nvvsvc.exe . . . is infected!!
c:\windows\system32\nvvsvc.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\SMINST\BLService.exe . . . is infected!!
c:\windows\SMINST\BLService.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe was found and disinfected
Restored copy from - c:\program files\NVIDIA Corporation\3D Vision\
.
c:\program files\Viewpoint\Common\ViewpointService.exe . . . is infected!!
c:\program files\Viewpoint\Common\ViewpointService.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\windows\system32\DRIVERS\xaudio.exe was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\hpqherzm.inf_8705e467\XAudio.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
-------\Service_PCKeeperService
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 04:18 . 2012-05-26 04:50 -------- d-----w- c:\users\New 2\AppData\Local\temp
2012-05-26 04:18 . 2012-05-26 04:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 04:18 . 2012-05-26 04:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-26 00:42 . 2012-05-26 00:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-25 21:46 . 2012-05-25 21:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-25 20:32 . 2012-05-25 20:44 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-05-25 06:29 . 2012-05-25 06:30 -------- d-----w- c:\program files\ForGayViruses
2012-05-25 05:57 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-25 05:44 . 2012-05-25 05:44 -------- d-----w- c:\users\New 2\AppData\Roaming\Malwarebytes
2012-05-25 05:44 . 2012-05-25 05:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 23:43 . 2012-05-05 23:43 -------- d-----w- c:\program files\Sierra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 21:47 . 2008-01-21 02:23 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-04-05 12:37 . 2012-04-05 12:37 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-08 17:55 . 2011-08-08 17:54 23277339 ----a-w- c:\program files\codeblocks-10.05-setup.exe
2009-03-16 21:36 . 2009-03-16 21:36 1691464 ----a-w- c:\program files\dsetup32.dll
2009-03-16 21:35 . 2009-03-16 21:35 525128 ----a-w- c:\program files\DXSETUP.exe
2009-03-16 21:35 . 2009-03-16 21:35 94024 ----a-w- c:\program files\DSETUP.dll
2012-02-21 16:09 . 2011-04-02 14:48 0 ----a-w- c:\program files\opera\program\plugins\dapop.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2011-07-11 18:13 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cracked Steam Service"="c:\program files\steam\Cracked Steam.exe" [2011-04-26 337496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GameBooster.exe"="c:\program files\IObit\Game Booster\GameBooster.exe" [2011-10-28 2185560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-15 913752]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Exportit
vnxservice
EACSvrMngr
ifxtcs
Si3132
MTDVC2
AppnApi
dtsrvc
bocdrive
rootmodem
sentinel
roxliveshare9
mcshield
pensup
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 04:08]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 04:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{64EC8E6B-09C2-473E-8DDC-CD3ED2726172}: NameServer = 205.188.146.145
TCP: Interfaces\{A8EFB6DA-AF84-4C34-A8BF-9501C03258F2}: NameServer = 205.188.146.145
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKU-Default-Run-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
HKU-Default-Run-DownloadAccelerator - c:\program files\DAP\DAP.EXE
HKU-Default-Run-HKCU - c:\windows\System32\install\winchk.exe
HKU-Default-Run-AOL Fast Start - c:\program files\AOL 9.0a\AOL.EXE
HKU-Default-Explorer_Run-Policies - c:\windows\System32\install\winchk.exe
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
SafeBoot-15610563.sys
MSConfigStartUp-Cracked Steam - (no file)
MSConfigStartUp-ehTray - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-05-25 21:50
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:95,db,4a,fd,b4,f6,da,34,10,31,95,4c,79,69,73,6a,a6,a3,fe,e2,61,b4,86,
2e,10,90,8d,4e,7a,4a,89,d6,49,e8,5d,52,09,7d,f0,f4,b3,01,b5,25,f2,dc,c9,10,\
"??"=hex:dd,a1,0c,94,ce,1e,e7,50,fe,a5,4a,82,98,89,ca,bb
.
[HKEY_USERS\S-1-5-21-3319729882-385008171-2775926612-1006\Software\SecuROM\License information*]
"datasecu"=hex:51,f5,eb,1b,e0,d2,cd,39,6d,57,da,42,6c,3f,5e,60,37,2e,e5,fd,34,
0f,e4,6a,67,11,d1,1a,98,49,12,06,c3,d3,3d,06,74,be,fd,a7,55,f8,54,81,b3,e7,\
"rkeysecu"=hex:b4,47,27,73,ba,8f,7d,1f,e8,ad,6d,b4,3d,b4,8b,03
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-05-25 22:01:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 05:01
.
Pre-Run: 41,791,078,400 bytes free
Post-Run: 41,408,897,024 bytes free
.
- - End Of File - - 67D2CA3BA79C56D45D3B5A7E1F1641F8
Whats next Broni?