I ran Combofix in safe mode with the script. No problems encounted. Log below:
ComboFix 12-03-04.01 - Mark 05/03/2012 22:54:01.4.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2736 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 23:01 . 2012-03-05 23:01 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-03-05 23:01 . 2012-03-05 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 08:28 . 2012-03-03 08:28 -------- d-----w- C:\_OTL
2012-02-26 13:17 . 2012-02-26 13:17 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-26 13:17 . 2012-02-26 13:17 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-26 13:17 . 2012-02-26 13:17 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-26 13:17 . 2012-02-26 13:17 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-26 03:14 . 2012-03-01 17:24 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-26 01:22 . 2012-03-04 22:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 00:17 . 2012-03-02 12:46 -------- d-----w- c:\users\UpdatusUser
2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 22:41 . 2011-03-14 13:06 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-03-04 02:40 . 2011-03-14 13:06 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-28 16:25 . 2011-03-14 13:08 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-26 13:17 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
pserve
vmparport
k750mdfl
delldmi
hcf_msft
knobserv
tvtpktfilter
datasvr2
amdk77
clsched
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mod.uk\www.westminster
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 23:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,f1,7f,cf,66,dd,ac,72,8d,ac,be,3a,9d,4b,e4,d9,ab,7b,d6,f6,9d,
0d,17,ea,ee,d3,da,33,d4,78,a6,c5,ea,e0,39,41,67,35,ac,cc,d6,8a,b3,9d,50,a5,\
"rkeysecu"=hex:d1,e1,fa,c4,59,30,95,93,46,98,0f,5a,99,e8,81,17
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-05 23:03:48
ComboFix-quarantined-files.txt 2012-03-05 23:03
ComboFix2.txt 2012-03-05 04:33
ComboFix3.txt 2012-02-26 03:26
.
Pre-Run: 39,307,862,016 bytes free
Post-Run: 39,200,677,888 bytes free
.
- - End Of File - - 2C64B2E244524CD89BC5C88155509D8F
ComboFix 12-03-04.01 - Mark 05/03/2012 22:54:01.4.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2736 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 23:01 . 2012-03-05 23:01 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-03-05 23:01 . 2012-03-05 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 08:28 . 2012-03-03 08:28 -------- d-----w- C:\_OTL
2012-02-26 13:17 . 2012-02-26 13:17 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-26 13:17 . 2012-02-26 13:17 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-26 13:17 . 2012-02-26 13:17 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-26 13:17 . 2012-02-26 13:17 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-26 03:14 . 2012-03-01 17:24 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-26 01:22 . 2012-03-04 22:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 00:17 . 2012-03-02 12:46 -------- d-----w- c:\users\UpdatusUser
2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 22:41 . 2011-03-14 13:06 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-03-04 02:40 . 2011-03-14 13:06 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-28 16:25 . 2011-03-14 13:08 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-26 13:17 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
pserve
vmparport
k750mdfl
delldmi
hcf_msft
knobserv
tvtpktfilter
datasvr2
amdk77
clsched
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mod.uk\www.westminster
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 23:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,f1,7f,cf,66,dd,ac,72,8d,ac,be,3a,9d,4b,e4,d9,ab,7b,d6,f6,9d,
0d,17,ea,ee,d3,da,33,d4,78,a6,c5,ea,e0,39,41,67,35,ac,cc,d6,8a,b3,9d,50,a5,\
"rkeysecu"=hex:d1,e1,fa,c4,59,30,95,93,46,98,0f,5a,99,e8,81,17
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-05 23:03:48
ComboFix-quarantined-files.txt 2012-03-05 23:03
ComboFix2.txt 2012-03-05 04:33
ComboFix3.txt 2012-02-26 03:26
.
Pre-Run: 39,307,862,016 bytes free
Post-Run: 39,200,677,888 bytes free
.
- - End Of File - - 2C64B2E244524CD89BC5C88155509D8F