WiredWX Hobby Weather ToolsLog in

 


MBAM Cannot Remove A Malware

2 posters

descriptionMBAM Cannot Remove A Malware EmptyMBAM Cannot Remove A Malware

more_horiz
Hi,

I had a Malware attack but was able to remove all malwares through MalwareBytes, except one. The location of the Trojan is C:\WINDOWS\System32\drivers and is called spnki.sys. Apparently, there is a wmpscgfs.exe reference (not the actual file) somewhere in my registry that could be driving it. I have tried a lot of force delete tools including Unlocker and File Shredder to delete it but I get a message saying "A device attached to the system is not functioning". Can you help?

Thanks,
Raven

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Hi Belahzur,

Thank you for your reply. I have pasted the two logs here. I look forward to your next steps.

Raven

EXTRAS.TXT
OTL Extras logfile created on: 5/16/2010 12:10:24 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 247.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 39.24 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.66 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP-PC
Current User Name: hp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3835418278-2600349672-3107389679-1000\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EAD1430-BA44-452C-8BAB-769F8DB8048A}" = lport=59578 | protocol=17 | dir=in | name=ut-u |
"{9E2EF22C-95D4-4E94-AC94-F3DF9248681F}" = lport=59578 | protocol=6 | dir=in | name=ut |
"{D953E726-A932-40E3-BC92-C732A9999503}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08353BCA-095B-4C7E-97E6-38B436306156}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0A3E1F98-C014-42EB-8F68-BA50D60F0A87}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{0D26767E-1200-4714-8D7B-5D0C17D364BA}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{1527A20A-9856-4DE3-852A-10E73B707B3C}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{15E80639-A7E0-45C2-A7B0-FAB9D84C925B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F01BF90-4230-48B1-A759-7E8251A1C816}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{209DD644-EE5B-41B3-9983-74E3DBF635F0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{284C5056-01E4-489B-823E-0EB9ACA9D60D}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{29FE259B-9D04-4B5E-9AB3-12335286CE44}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{344114AA-9FB4-48B5-84B2-7994E04D8AC4}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{3FC691E1-8459-498E-921B-AADFECCC4D4C}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{4F56A28C-8910-4ABE-9861-1C23A9764686}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5D4E537E-DEF2-4B74-B555-EF473F2CC5F4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5D752E3B-9435-4FE8-88BA-783E9B4F4ED7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{63909C6C-29A6-4EAA-B316-A809469D6324}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{654DA20C-F92F-4B0D-8ED1-E1A4DB4986C7}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{65AB7C18-22A4-489E-98F4-13DA8113AB3F}" = protocol=6 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"{76E2CDFA-CC47-44B4-9120-F3214297AC38}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7749002D-D747-4B78-A89A-915A1CD0A72E}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{7C3074D9-8BFC-46F2-8985-A262CEE40423}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{85E113F6-2BAD-472B-BF41-FECD2C1E6B22}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8ECF75EE-7A23-4125-9450-AD516D89B9AB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{93DEE0D6-072B-4A62-992A-DEB55E549F19}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{97C35DD8-5A0B-4BB2-8E8D-46F3ADD03644}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A25F7FF2-E6C9-4E9D-AED5-9AC6C553AC81}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE8960BC-A4D2-4B87-B132-8054F6B6D639}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{C250CA26-7020-46A8-B3C8-8F9DAD05A600}" = protocol=17 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"{DFDABD66-FC91-4665-AF02-B0EFD4A814B5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E76B4AC4-ED29-487A-AE3B-AD101B503B38}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{EC26FDE5-C510-41B1-B076-F82C513848BB}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{ECB8CCBE-75E5-427E-BF7D-F4A9FDE16A6F}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{EFC9D4AE-10C3-4692-985E-886923753284}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F4E0BFFB-526C-4E4C-97C6-2D12F963440C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5FAE2A8-D534-43B4-8A75-DFB5F4F8B543}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F68661BE-C072-4C3F-8437-B845A302674C}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{F7026D09-1190-4F05-86F8-3BF987431F4B}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{FF410DC1-9B89-450A-9149-56091397F842}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"TCP Query User{2FEAFE42-ABD4-4D47-88D1-275E04AA92BA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{3146DB0F-B595-4E43-AEEE-146D7A91D156}C:\users\hp\downloads\software\utorrent.exe" = protocol=6 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"TCP Query User{64580976-7EEB-49D2-9FAE-A1D0DE2EE058}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{80B743AA-8BE0-4F90-B498-9E37895E5CCC}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B4E6D9C6-1AB1-4974-8A32-FA5E9E7068B1}C:\users\hp\downloads\software\utorrent.exe" = protocol=6 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"UDP Query User{2B9F5592-8B18-4D18-A60E-42691C0889A1}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{8B4667C8-8825-494A-99F7-D08D45FFBB07}C:\users\hp\downloads\software\utorrent.exe" = protocol=17 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"UDP Query User{A65897CC-6943-46E9-B13E-818EE0FF8523}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{E0B0E29B-B4EF-4DC4-8C9D-7B9BA0C39F6A}C:\users\hp\downloads\software\utorrent.exe" = protocol=17 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"UDP Query User{E8903299-386D-43DC-9080-6F7BE779C075}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.20
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4B200398-CA2D-4F67-8D00-C618F04020A7}" = Open Metronome
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™️ 4.1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}" = HP User Guide 0048
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced File Shredder_is1" = Advanced File Shredder 1.14
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digsby" = Digsby
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileASSASSIN" = FileASSASSIN
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Metronome_is1" = D'Accord Metronome
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPE" = MyPhoneExplorer
"Picasa 3" = Picasa 3
"Recover My Files_is1" = Recover My Files
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Trojan Remover_is1" = Trojan Remover 6.8.1
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Updater 2.45" = Windows Updater 2.45
"Windows Updater 2010 2.45" = Windows Updater 2010 2.45
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3835418278-2600349672-3107389679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2010 9:19:25 AM | Computer Name = hp-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/15/2010 9:20:07 AM | Computer Name = hp-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/15/2010 10:06:12 AM | Computer Name = hp-PC | Source = EventSystem | ID = 4609
Description =

Error - 5/15/2010 10:18:43 AM | Computer Name = hp-PC | Source = EventSystem | ID = 4609
Description =

Error - 5/15/2010 10:22:22 AM | Computer Name = hp-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 5/15/2010 10:47:10 AM | Computer Name = hp-PC | Source = Perflib | ID = 1010
Description =

Error - 5/15/2010 10:47:11 AM | Computer Name = hp-PC | Source = Perflib | ID = 1008
Description =

Error - 5/16/2010 2:30:02 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 5/16/2010 2:30:03 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 5/16/2010 2:30:03 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3058
Description =

[ OSession Events ]
Error - 9/10/2009 4:10:52 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6666
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 11/25/2009 1:42:33 PM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 355 seconds with 300 seconds of active time. This session ended with a crash.

Error - 11/25/2009 1:59:09 PM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 349 seconds with 120 seconds of active time. This session ended with a crash.

Error - 1/24/2010 5:41:15 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1165
seconds with 720 seconds of active time. This session ended with a crash.

Error - 5/13/2010 2:51:57 PM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/15/2010 10:19:41 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/15/2010 10:19:41 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/15/2010 10:19:41 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/15/2010 10:26:47 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/15/2010 10:38:07 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/15/2010 10:38:22 AM | Computer Name = hp-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2010 10:40:58 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2010 2:31:21 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2010 2:31:21 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 5/16/2010 2:31:21 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7031
Description =


< End of report >

...OTL.txt follows in the next post

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
OTL.TXT:

OTL logfile created on: 5/16/2010 12:10:24 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 247.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 39.24 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.66 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP-PC
Current User Name: hp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/16 12:09:49 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice\OTL.exe
PRC - [2010/04/19 21:17:24 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/07 23:48:57 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/15 09:11:51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/15 09:10:28 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/09 08:22:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/25 05:04:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/25 05:04:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006/10/11 06:14:10 | 000,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe


========== Modules (SafeList) ==========

MOD - [2010/05/16 12:09:49 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice\OTL.exe
MOD - [2010/03/15 09:11:50 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
MOD - [2009/04/11 11:51:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 13:03:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AddFiltr)
SRV - [2010/05/13 22:10:09 | 001,291,544 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/15 09:11:45 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/25 06:57:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 13:08:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/25 05:04:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/25 05:04:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004/10/22 16:54:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/05/14 22:25:27 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/19 21:17:13 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/15 09:11:50 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/15 09:10:28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/04 21:23:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/10/26 19:17:34 | 004,247,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/28 02:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/04/04 12:43:38 | 000,098,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
DRV - [2007/04/04 12:43:36 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716obex.sys -- (s716obex)
DRV - [2007/04/04 12:43:36 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
DRV - [2007/04/04 12:43:34 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007/04/04 12:43:34 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/04 12:43:32 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007/04/04 12:43:20 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)
DRV - [2006/11/19 17:02:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/16 14:46:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/16 10:12:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/16 08:05:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/09 14:32:30 | 001,786,880 | ---- | M] (Intel®️ Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 15:21:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 15:21:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 15:21:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 15:21:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 15:21:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 15:21:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 15:21:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 15:20:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 15:20:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 15:20:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 15:20:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 15:20:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 15:20:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 15:20:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 15:20:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 15:20:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 15:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 15:20:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 15:20:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 15:20:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 15:20:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 15:20:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 15:20:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 15:20:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 15:20:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 15:20:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 15:20:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 15:20:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 15:20:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 15:19:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 15:19:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 15:19:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 15:19:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 15:19:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 15:19:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 13:55:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 13:54:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 13:54:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 13:54:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 13:54:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 13:54:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 13:11:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 13:06:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 13:00:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 13:00:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/06/28 23:27:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 23:24:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3835418278-2600349672-3107389679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3835418278-2600349672-3107389679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3835418278-2600349672-3107389679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/19 21:23:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 23:53:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 23:53:32 | 000,000,000 | ---D | M]

[2010/03/21 15:33:38 | 000,000,000 | ---D | M] -- C:\Users\hp\AppData\Roaming\mozilla\Extensions
[2010/05/15 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\cbkgedm1.default\extensions
[2010/03/21 15:51:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\cbkgedm1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/21 15:27:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3835418278-2600349672-3107389679-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} http://app.airtel.in/ehealthcheck/fscax.cab (F-Secure Health Check 1.1)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3835418278-2600349672-3107389679-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/18 10:42:22 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 19:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/15 20:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\AFShredder
[2010/05/15 20:22:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/15 19:18:30 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Simply Super Software
[2010/05/15 19:16:21 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010/05/15 19:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/05/15 19:16:16 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Simply Super Software
[2010/05/15 19:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/05/15 16:38:15 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/05/15 16:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/05/15 16:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2010/04/27 03:34:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/25 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\gtk-2.0
[2010/04/25 03:29:03 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\PCF-VLC
[2010/04/25 03:21:34 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Participatory Culture Foundation
[2010/04/21 22:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/04/21 22:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/17 12:32:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Karaoke

========== Files - Modified Within 30 Days ==========

[2010/05/16 12:12:49 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\spnki.sys
[2010/05/16 12:10:33 | 002,621,440 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT
[2010/05/16 12:02:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{092BFF95-2086-4851-AB13-623F4CEFF619}.job
[2010/05/16 12:00:01 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 12:00:01 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 11:59:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/16 11:59:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/16 01:24:13 | 000,524,288 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/16 01:24:13 | 000,065,536 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/16 01:23:23 | 002,430,358 | -H-- | M] () -- C:\Users\hp\AppData\Local\IconCache.db
[2010/05/16 00:35:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000UA.job
[2010/05/15 23:00:04 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/05/15 22:00:01 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/05/15 20:51:54 | 000,005,892 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2010/05/15 20:40:27 | 000,000,762 | ---- | M] () -- C:\Users\hp\Desktop\Advanced File Shredder.lnk
[2010/05/15 20:35:04 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000Core.job
[2010/05/15 17:56:41 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/05/15 16:07:28 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2010/05/15 10:57:01 | 000,183,296 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 10:32:19 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/15 10:32:19 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/15 10:32:19 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/15 10:25:52 | 059,999,323 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/05/15 02:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/05/14 20:23:13 | 000,014,184 | ---- | M] () -- C:\Users\hp\Documents\Dad Contact Numbers.xlsx
[2010/05/14 20:23:13 | 000,014,184 | ---- | M] () -- C:\Users\hp\Desktop\Dad Contact Numbers.xlsx
[2010/05/13 22:19:55 | 000,189,952 | ---- | M] () -- C:\Users\hp\Documents\Copy of Sodexo-Establishments-Gurgaon.xls
[2010/05/11 21:45:58 | 000,127,591 | ---- | M] () -- C:\Users\hp\Desktop\6M.pptx
[2010/05/11 21:27:29 | 002,595,351 | ---- | M] () -- C:\Users\hp\Desktop\CHREB5868610SYN Book.pdf
[2010/05/10 23:09:38 | 000,060,416 | ---- | M] () -- C:\Users\hp\Desktop\Saptarshi Nath--April-2010.doc
[2010/05/10 23:09:38 | 000,000,162 | -H-- | M] () -- C:\Users\hp\Desktop\~$ptarshi Nath--April-2010.doc
[2010/05/08 12:11:47 | 000,113,633 | ---- | M] () -- C:\Users\hp\Documents\Citi April full payment 2010.jpg
[2010/05/06 21:30:54 | 000,001,391 | ---- | M] () -- C:\Users\hp\Desktop\DivX Movies.lnk
[2010/05/02 23:59:27 | 000,026,344 | ---- | M] () -- C:\Users\hp\Desktop\Saptarshi Nath--April-2010.docx
[2010/05/01 17:38:18 | 000,421,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 22:04:38 | 000,779,704 | ---- | M] () -- C:\Users\hp\Desktop\AX100G_Manual.pdf
[2010/04/29 21:57:58 | 000,141,848 | ---- | M] () -- C:\Users\hp\Desktop\ax100gpresets.pdf
[2010/04/29 21:40:44 | 000,002,027 | ---- | M] () -- C:\Users\hp\Desktop\Google Chrome.lnk
[2010/04/28 20:30:40 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/04/27 03:34:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/25 12:44:10 | 000,000,218 | ---- | M] () -- C:\Users\hp\.recently-used.xbel
[2010/04/24 16:35:07 | 000,109,965 | ---- | M] () -- C:\Users\hp\Desktop\April Part Payment.jpg
[2010/04/19 21:17:13 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/17 15:25:25 | 000,063,856 | ---- | M] () -- C:\Users\hp\Desktop\JAW-Canon_in_D.pdf

========== Files Created - No Company Name ==========

[2010/05/15 20:40:27 | 000,000,762 | ---- | C] () -- C:\Users\hp\Desktop\Advanced File Shredder.lnk
[2010/05/15 19:16:21 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/05/15 19:16:21 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/05/15 19:16:21 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/05/15 19:16:21 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/05/15 17:56:41 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/05/15 16:07:28 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2010/05/15 10:30:50 | 000,014,184 | ---- | C] () -- C:\Users\hp\Documents\Dad Contact Numbers.xlsx
[2010/05/14 20:10:07 | 000,014,184 | ---- | C] () -- C:\Users\hp\Desktop\Dad Contact Numbers.xlsx
[2010/05/13 22:19:50 | 000,189,952 | ---- | C] () -- C:\Users\hp\Documents\Copy of Sodexo-Establishments-Gurgaon.xls
[2010/05/11 21:27:13 | 002,595,351 | ---- | C] () -- C:\Users\hp\Desktop\CHREB5868610SYN Book.pdf
[2010/05/11 20:29:32 | 000,127,591 | ---- | C] () -- C:\Users\hp\Desktop\6M.pptx
[2010/05/10 23:09:38 | 000,000,162 | -H-- | C] () -- C:\Users\hp\Desktop\~$ptarshi Nath--April-2010.doc
[2010/05/10 23:09:36 | 000,060,416 | ---- | C] () -- C:\Users\hp\Desktop\Saptarshi Nath--April-2010.doc
[2010/05/08 12:11:46 | 000,113,633 | ---- | C] () -- C:\Users\hp\Documents\Citi April full payment 2010.jpg
[2010/05/06 21:30:54 | 000,001,391 | ---- | C] () -- C:\Users\hp\Desktop\DivX Movies.lnk
[2010/04/29 22:04:38 | 000,779,704 | ---- | C] () -- C:\Users\hp\Desktop\AX100G_Manual.pdf
[2010/04/29 21:57:58 | 000,141,848 | ---- | C] () -- C:\Users\hp\Desktop\ax100gpresets.pdf
[2010/04/28 22:00:30 | 000,026,344 | ---- | C] () -- C:\Users\hp\Desktop\Saptarshi Nath--April-2010.docx
[2010/04/25 12:44:10 | 000,000,218 | ---- | C] () -- C:\Users\hp\.recently-used.xbel
[2010/04/24 16:35:06 | 000,109,965 | ---- | C] () -- C:\Users\hp\Desktop\April Part Payment.jpg
[2010/04/17 15:25:25 | 000,063,856 | ---- | C] () -- C:\Users\hp\Desktop\JAW-Canon_in_D.pdf
[2010/03/29 23:41:24 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\spnki.sys
[2010/01/04 00:48:20 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/26 22:33:40 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2009/11/26 22:33:40 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2009/11/26 22:33:40 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2009/11/26 22:27:24 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009/11/26 22:27:24 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/11/22 19:06:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/06 19:19:48 | 000,000,291 | ---- | C] () -- C:\Windows\System32\XMLConfig_SYSID.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/29 13:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 16:32:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 12:32:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 12:32:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 05:28:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/08 09:36:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/17 01:54:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Hello.

  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

MBAM Cannot Remove A Malware CF_download_FF

MBAM Cannot Remove A Malware 2aflf5z

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Hi Belahzur,

Thank you for your prompt reply. Here's the info from Combofix, I look forward to hearing from you again.

Raven

Combofix log:

ComboFix 10-05-16.02 - hp 05/17/2010 22:34:08.1.2 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.1.1033.18.1013.308 [GMT 5.5:30]
Running from: c:\users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\spnki.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_spnki
-------\Service_spnki


((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-17 17:17 . 2010-05-17 17:23 -------- d-----w- c:\users\hp\AppData\Local\temp
2010-05-17 17:17 . 2010-05-17 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-16 16:53 . 2010-05-16 16:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-16 16:53 . 2010-05-16 16:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-16 16:53 . 2010-05-16 16:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-16 16:53 . 2010-05-16 16:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-16 16:53 . 2010-05-17 16:50 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-15 15:10 . 2010-05-15 15:10 -------- d-----w- c:\program files\AFShredder
2010-05-15 14:52 . 2010-05-15 14:52 -------- d-----w- c:\windows\Sun
2010-05-15 13:46 . 2006-06-19 06:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-15 13:46 . 2006-05-25 09:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-15 13:46 . 2005-08-25 19:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-15 13:46 . 2003-02-02 13:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-15 13:46 . 2002-03-05 18:30 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\program files\Trojan Remover
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\users\hp\AppData\Roaming\Simply Super Software
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\programdata\Simply Super Software
2010-05-15 11:08 . 2010-05-15 11:08 -------- d-----w- C:\VundoFix Backups
2010-05-15 10:51 . 2010-05-15 10:51 -------- d-----w- c:\program files\Unlocker
2010-05-15 10:37 . 2010-05-15 10:37 -------- d-----w- c:\program files\FileASSASSIN
2010-05-12 17:30 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-25 07:07 . 2010-04-25 07:07 -------- d-----w- c:\users\hp\AppData\Roaming\gtk-2.0
2010-04-24 21:59 . 2010-04-27 03:16 -------- d-----w- c:\users\hp\AppData\Roaming\PCF-VLC
2010-04-24 21:51 . 2010-04-24 21:51 -------- d-----w- c:\users\hp\AppData\Roaming\Participatory Culture Foundation
2010-04-21 17:29 . 2010-04-21 17:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-21 17:23 . 2010-05-06 16:14 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 16:58 . 2010-01-26 08:06 5892 ----a-w- c:\users\hp\AppData\Local\d3d9caps.dat
2010-05-16 19:11 . 2009-09-05 07:09 -------- d-----w- c:\users\hp\AppData\Roaming\uTorrent
2010-05-16 16:49 . 2009-11-16 20:23 -------- d-----w- c:\programdata\avg9
2010-05-16 14:33 . 2010-01-16 15:50 -------- d-----w- c:\users\hp\AppData\Roaming\vlc
2010-05-15 12:26 . 2009-09-04 18:54 -------- d-----w- c:\program files\Opera
2010-05-15 12:01 . 2010-01-10 19:17 -------- d-----w- c:\program files\Fiat
2010-05-14 16:58 . 2010-05-14 16:58 63488 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-14 16:58 . 2010-04-06 19:25 117760 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-14 16:55 . 2010-04-06 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-12 18:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-08 15:49 . 2006-12-18 04:32 -------- d-----w- c:\programdata\Roxio
2010-05-08 06:36 . 2010-05-08 06:36 688920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2010-05-06 16:14 . 2010-04-21 17:30 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-06 16:00 . 2010-05-06 16:00 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-06 16:00 . 2006-12-18 05:12 -------- d-----w- c:\program files\DivX
2010-05-06 16:00 . 2010-05-06 16:00 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-05-06 16:00 . 2010-05-06 16:00 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-06 15:54 . 2010-04-21 17:30 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-06 15:54 . 2010-04-21 17:30 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-06 05:06 . 2009-10-03 05:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-21 17:29 . 2010-04-21 17:29 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-21 17:29 . 2010-04-21 17:29 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-21 17:29 . 2010-04-21 17:29 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-19 15:47 . 2010-04-19 15:47 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-19 15:43 . 2010-04-19 15:43 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-19 09:29 . 2010-04-19 09:29 255472 ----a-w- c:\users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-04-17 07:03 . 2006-12-18 04:56 -------- d-----w- c:\programdata\CyberLink
2010-04-10 08:28 . 2010-04-10 08:28 155648 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Installer\{4B200398-CA2D-4F67-8D00-C618F04020A7}\oMetronome_WAV.exe
2010-04-10 08:28 . 2010-04-10 08:28 -------- d-----w- c:\program files\Open Metronome
2010-04-10 08:18 . 2010-04-10 08:18 -------- d-----w- c:\program files\D'Accord Metronome
2010-04-10 06:03 . 2010-04-10 06:03 -------- d-----w- c:\users\hp\AppData\Roaming\AVG9
2010-04-09 16:42 . 2010-04-09 16:42 -------- d-----w- c:\programdata\WindowsSearch
2010-04-08 16:57 . 2010-04-08 16:57 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-08 16:57 . 2010-04-08 16:57 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-08 16:57 . 2010-04-08 16:57 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-07 16:16 . 2006-12-18 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-07 16:13 . 2010-04-07 16:13 -------- d-----w- c:\users\hp\AppData\Roaming\GTek
2010-04-06 19:25 . 2010-04-06 19:25 52224 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-06 19:23 . 2010-04-06 19:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-06 19:23 . 2010-04-06 19:23 -------- d-----w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com
2010-04-06 19:22 . 2010-04-06 19:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-01 16:36 . 2010-04-01 16:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-01 16:35 . 2010-04-01 16:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-01 16:26 . 2010-04-01 16:25 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-01 16:25 . 2010-02-06 09:47 -------- d-----w- c:\programdata\Lavasoft
2010-04-01 16:25 . 2010-02-06 09:47 -------- d-----w- c:\program files\Lavasoft
2010-03-30 18:22 . 2010-01-01 17:19 197900 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-30 18:18 . 2010-03-30 17:51 -------- d-----w- c:\program files\MicroSoft
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\programdata\Malwarebytes
2010-03-29 19:21 . 2010-01-26 08:37 -------- d-----w- c:\program files\QuickTime
2010-03-29 19:20 . 2010-03-28 18:49 -------- d-----w- c:\program files\iTunes
2010-03-29 16:13 . 2010-01-03 17:08 -------- d-----w- c:\program files\Carbonite
2010-03-29 09:54 . 2010-03-30 18:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 09:54 . 2010-03-30 18:08 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 18:49 . 2010-03-28 18:49 -------- d-----w- c:\program files\iPod
2010-03-28 18:49 . 2009-09-10 16:07 -------- d-----w- c:\program files\Common Files\Apple
2010-03-28 18:30 . 2010-03-28 18:30 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-28 11:00 . 2010-02-20 09:06 -------- d-----w- c:\program files\Nero
2010-03-28 11:00 . 2010-02-20 09:05 -------- d-----w- c:\program files\Common Files\Nero
2010-03-28 10:18 . 2010-02-20 09:05 -------- d-----w- c:\programdata\Nero
2010-03-28 06:05 . 2006-12-18 04:10 -------- d-----w- c:\program files\CONEXANT
2010-03-26 18:30 . 2010-03-26 18:30 -------- d-----w- c:\program files\Trend Micro
2010-03-23 20:06 . 2009-12-28 16:10 -------- d-----w- c:\users\hp\AppData\Roaming\Skype
2010-03-23 18:32 . 2009-12-28 16:12 -------- d-----w- c:\users\hp\AppData\Roaming\skypePM
2010-03-05 14:01 . 2010-04-14 16:08 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 16:53 . 2009-08-26 04:58 119144 ----a-w- c:\users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 11:10 . 2010-04-14 16:08 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 16:08 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 16:08 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-30 23:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 23:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-30 23:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-30 23:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 21:30 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 21:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 21:30 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-18 14:07 . 2010-04-14 16:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-14 16:08 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:07 . 2010-04-14 16:08 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 13:30 . 2010-04-14 16:07 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-14 16:07 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2005-11-29 10:47 . 2005-11-29 10:47 24848 ----a-w- c:\program files\opera\program\plugins\cgpcfg.dll
2005-11-29 10:47 . 2005-11-29 10:47 74000 ----a-w- c:\program files\opera\program\plugins\cgpcore.dll
2005-11-29 10:47 . 2005-11-29 10:47 45328 ----a-w- c:\program files\opera\program\plugins\icalogon.dll
2005-11-29 10:47 . 2005-11-29 10:47 28944 ----a-w- c:\program files\opera\program\plugins\pscript.dll
2005-11-29 10:47 . 2005-11-29 10:47 69904 ----a-w- c:\program files\opera\program\plugins\sslsdk_b.dll
2005-11-29 10:47 . 2005-11-29 10:47 24848 ----a-w- c:\program files\opera\program\plugins\tcppserv.dll
.

Code:

<pre>
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-27 1165192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\23850
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 19:34 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-05-16 16:52 2064736 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 05:34 133104 ----atw- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:17 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2006-11-28 23:42 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2006-11-22 00:36 1474560 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 12:37 141608 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 09:54 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-09-25 18:01 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-11-24 23:33 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 17:38 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a9,fa,3a,d9,fe,7a,ca,01

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-13 1291544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-05-16 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-05-16 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-14 68168]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-16 308064]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 07:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 05:34]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 05:34]

2010-05-17 c:\windows\Tasks\User_Feed_Synchronization-{092BFF95-2086-4851-AB13-623F4CEFF619}.job
- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://app.airtel.in/ehealthcheck/fscax.cab
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\cbkgedm1.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\npican.dll
FF - plugin: c:\users\hp\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 22:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,e6,58,99,5e,9b,d0,42,8d,88,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,e6,58,99,5e,9b,d0,42,8d,88,95,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-17 23:03:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-17 17:33

Pre-Run: 41,342,943,232 bytes free
Post-Run: 41,415,688,192 bytes free

- - End Of File - - DD50E4FABFE0EF1A3305A8605876703B

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    KILLALL::

    RenV::
    c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
    c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
    c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
    c:\program files\Java\jre6\bin\jusched .exe
    c:\program files\Synaptics\SynTP\syntpenh .exe

    DDS::
    uStart Page = about:blank

    File::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]


  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    MBAM Cannot Remove A Malware Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Thanks again! Here's the log, I look forward to your next guidance:

ComboFix 10-05-16.02 - hp 05/18/2010 20:09:39.2.2 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.1.1033.18.1013.213 [GMT 5.5:30]
Running from: c:\users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice\ComboFix.exe
Command switches used :: c:\users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 14:52 . 2010-05-18 15:00 -------- d-----w- c:\users\hp\AppData\Local\temp
2010-05-18 14:52 . 2010-05-18 14:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-18 14:52 . 2010-05-18 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-16 16:53 . 2010-05-16 16:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-16 16:53 . 2010-05-16 16:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-16 16:53 . 2010-05-16 16:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-16 16:53 . 2010-05-16 16:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-16 16:53 . 2010-05-18 14:36 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-15 15:10 . 2010-05-15 15:10 -------- d-----w- c:\program files\AFShredder
2010-05-15 14:52 . 2010-05-15 14:52 -------- d-----w- c:\windows\Sun
2010-05-15 13:46 . 2006-06-19 06:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-15 13:46 . 2006-05-25 09:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-15 13:46 . 2005-08-25 19:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-15 13:46 . 2003-02-02 13:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-15 13:46 . 2002-03-05 18:30 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\program files\Trojan Remover
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\users\hp\AppData\Roaming\Simply Super Software
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\programdata\Simply Super Software
2010-05-15 11:08 . 2010-05-15 11:08 -------- d-----w- C:\VundoFix Backups
2010-05-15 10:51 . 2010-05-15 10:51 -------- d-----w- c:\program files\Unlocker
2010-05-15 10:37 . 2010-05-15 10:37 -------- d-----w- c:\program files\FileASSASSIN
2010-05-12 17:30 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-25 07:07 . 2010-04-25 07:07 -------- d-----w- c:\users\hp\AppData\Roaming\gtk-2.0
2010-04-24 21:59 . 2010-04-27 03:16 -------- d-----w- c:\users\hp\AppData\Roaming\PCF-VLC
2010-04-24 21:51 . 2010-04-24 21:51 -------- d-----w- c:\users\hp\AppData\Roaming\Participatory Culture Foundation
2010-04-21 17:29 . 2010-04-21 17:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-21 17:23 . 2010-05-06 16:14 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 18:40 . 2009-09-05 07:09 -------- d-----w- c:\users\hp\AppData\Roaming\uTorrent
2010-05-17 17:57 . 2010-01-26 08:06 5892 ----a-w- c:\users\hp\AppData\Local\d3d9caps.dat
2010-05-16 16:49 . 2009-11-16 20:23 -------- d-----w- c:\programdata\avg9
2010-05-16 14:33 . 2010-01-16 15:50 -------- d-----w- c:\users\hp\AppData\Roaming\vlc
2010-05-15 12:26 . 2009-09-04 18:54 -------- d-----w- c:\program files\Opera
2010-05-15 12:01 . 2010-01-10 19:17 -------- d-----w- c:\program files\Fiat
2010-05-14 16:58 . 2010-05-14 16:58 63488 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-14 16:58 . 2010-04-06 19:25 117760 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-14 16:55 . 2010-04-06 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-12 18:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-08 15:49 . 2006-12-18 04:32 -------- d-----w- c:\programdata\Roxio
2010-05-08 06:36 . 2010-05-08 06:36 688920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2010-05-06 16:14 . 2010-04-21 17:30 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-06 16:00 . 2010-05-06 16:00 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-06 16:00 . 2006-12-18 05:12 -------- d-----w- c:\program files\DivX
2010-05-06 16:00 . 2010-05-06 16:00 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-05-06 16:00 . 2010-05-06 16:00 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-06 15:54 . 2010-04-21 17:30 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-06 15:54 . 2010-04-21 17:30 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-06 05:06 . 2009-10-03 05:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-21 17:29 . 2010-04-21 17:29 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-21 17:29 . 2010-04-21 17:29 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-21 17:29 . 2010-04-21 17:29 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-19 15:47 . 2010-04-19 15:47 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-19 15:43 . 2010-04-19 15:43 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-19 09:29 . 2010-04-19 09:29 255472 ----a-w- c:\users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-04-17 07:03 . 2006-12-18 04:56 -------- d-----w- c:\programdata\CyberLink
2010-04-10 08:28 . 2010-04-10 08:28 155648 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Installer\{4B200398-CA2D-4F67-8D00-C618F04020A7}\oMetronome_WAV.exe
2010-04-10 08:28 . 2010-04-10 08:28 -------- d-----w- c:\program files\Open Metronome
2010-04-10 08:18 . 2010-04-10 08:18 -------- d-----w- c:\program files\D'Accord Metronome
2010-04-10 06:03 . 2010-04-10 06:03 -------- d-----w- c:\users\hp\AppData\Roaming\AVG9
2010-04-09 16:42 . 2010-04-09 16:42 -------- d-----w- c:\programdata\WindowsSearch
2010-04-08 16:57 . 2010-04-08 16:57 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-08 16:57 . 2010-04-08 16:57 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-08 16:57 . 2010-04-08 16:57 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-07 16:16 . 2006-12-18 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-07 16:13 . 2010-04-07 16:13 -------- d-----w- c:\users\hp\AppData\Roaming\GTek
2010-04-06 19:25 . 2010-04-06 19:25 52224 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-06 19:23 . 2010-04-06 19:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-06 19:23 . 2010-04-06 19:23 -------- d-----w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com
2010-04-06 19:22 . 2010-04-06 19:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-01 16:36 . 2010-04-01 16:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-01 16:35 . 2010-04-01 16:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-01 16:26 . 2010-04-01 16:25 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-01 16:25 . 2010-02-06 09:47 -------- d-----w- c:\programdata\Lavasoft
2010-04-01 16:25 . 2010-02-06 09:47 -------- d-----w- c:\program files\Lavasoft
2010-03-30 18:22 . 2010-01-01 17:19 197900 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-30 18:18 . 2010-03-30 17:51 -------- d-----w- c:\program files\MicroSoft
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\programdata\Malwarebytes
2010-03-29 19:21 . 2010-01-26 08:37 -------- d-----w- c:\program files\QuickTime
2010-03-29 19:20 . 2010-03-28 18:49 -------- d-----w- c:\program files\iTunes
2010-03-29 16:13 . 2010-01-03 17:08 -------- d-----w- c:\program files\Carbonite
2010-03-29 09:54 . 2010-03-30 18:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 09:54 . 2010-03-30 18:08 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 18:49 . 2010-03-28 18:49 -------- d-----w- c:\program files\iPod
2010-03-28 18:49 . 2009-09-10 16:07 -------- d-----w- c:\program files\Common Files\Apple
2010-03-28 18:30 . 2010-03-28 18:30 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-28 11:00 . 2010-02-20 09:06 -------- d-----w- c:\program files\Nero
2010-03-28 11:00 . 2010-02-20 09:05 -------- d-----w- c:\program files\Common Files\Nero
2010-03-28 10:18 . 2010-02-20 09:05 -------- d-----w- c:\programdata\Nero
2010-03-28 06:05 . 2006-12-18 04:10 -------- d-----w- c:\program files\CONEXANT
2010-03-26 18:30 . 2010-03-26 18:30 -------- d-----w- c:\program files\Trend Micro
2010-03-23 20:06 . 2009-12-28 16:10 -------- d-----w- c:\users\hp\AppData\Roaming\Skype
2010-03-23 18:32 . 2009-12-28 16:12 -------- d-----w- c:\users\hp\AppData\Roaming\skypePM
2010-03-05 14:01 . 2010-04-14 16:08 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 16:53 . 2009-08-26 04:58 119144 ----a-w- c:\users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 11:10 . 2010-04-14 16:08 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 16:08 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 16:08 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-30 23:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 23:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-30 23:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-30 23:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 21:30 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 21:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 21:30 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-18 14:07 . 2010-04-14 16:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-14 16:08 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:07 . 2010-04-14 16:08 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 13:30 . 2010-04-14 16:07 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-14 16:07 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2005-11-29 10:47 . 2005-11-29 10:47 24848 ----a-w- c:\program files\opera\program\plugins\cgpcfg.dll
2005-11-29 10:47 . 2005-11-29 10:47 74000 ----a-w- c:\program files\opera\program\plugins\cgpcore.dll
2005-11-29 10:47 . 2005-11-29 10:47 45328 ----a-w- c:\program files\opera\program\plugins\icalogon.dll
2005-11-29 10:47 . 2005-11-29 10:47 28944 ----a-w- c:\program files\opera\program\plugins\pscript.dll
2005-11-29 10:47 . 2005-11-29 10:47 69904 ----a-w- c:\program files\opera\program\plugins\sslsdk_b.dll
2005-11-29 10:47 . 2005-11-29 10:47 24848 ----a-w- c:\program files\opera\program\plugins\tcppserv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-27 1165192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 19:34 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-05-16 16:52 2064736 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 05:34 133104 ----atw- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:17 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2006-11-28 23:42 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2006-11-22 00:36 1474560 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 12:37 141608 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 09:54 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-09-25 18:01 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-11-24 23:33 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 17:38 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a9,fa,3a,d9,fe,7a,ca,01

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-13 1291544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-05-16 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-05-16 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-14 68168]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-16 308064]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 07:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 05:34]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 05:34]

2010-05-18 c:\windows\Tasks\User_Feed_Synchronization-{092BFF95-2086-4851-AB13-623F4CEFF619}.job
- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]
.
.
------- Supplementary Scan -------
.
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://app.airtel.in/ehealthcheck/fscax.cab
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\cbkgedm1.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\npican.dll
FF - plugin: c:\users\hp\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 20:30
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,e6,58,99,5e,9b,d0,42,8d,88,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,e6,58,99,5e,9b,d0,42,8d,88,95,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-18 20:36:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-18 15:06
ComboFix2.txt 2010-05-17 17:33

Pre-Run: 41,437,614,080 bytes free
Post-Run: 41,412,186,112 bytes free

- - End Of File - - 8AF7ACB80C6B8FA908B74F59F885812B

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Hi,

When I was trying to uninstall Combofix, I received this message: Alert, it is not safe to continue. The contents of the Combofix package have been compromised. Please download a fresh copy from. ....

....may be infected with virus "virut".

I did manage to uninstall after this message. Am posting the log shortly.
Thanks,
Raven

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Okay, standing by.

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Hi Belahzur,

Sorry I had to keep the scan running all night! A log file wasn't saved though, but I saved a different txt file with details of the removed malware. Here it is:
C:\Users\hp\Downloads\Software\MyPhoneExplorer_Setup_v1.7.4.exe Win32/Adware.ADON application deleted - quarantined
C:\Users\hp\Downloads\Software\Nero 9 All Products - Crack.exe probably a variant of Win32/PSW.Agent trojan cleaned by deleting - quarantined
C:\Users\hp\Downloads\Software\MediaMonkey Gold v.3.1.1.1261-CORE[H33T][Frapmat212]\keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\Users\hp\Downloads\Software\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application deleted - quarantined

Here is an already existing log file which is not what you were looking for, I think:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

I think my laptop is clean now. Thanks a billion! :-)

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Please download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Hi,

Here is the log I got:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\hp games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\hp games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
c:\program files\hp games\jewel quest\audio\st_win3_crackle.ogg
c:\program files\hp games\word symphony\resources\ball\eggcrack.wjp
c:\program files\hp games\word symphony\resources\ball\eggcrack_a.wjp
c:\users\hp\downloads\software\nero 7.10.1.0\keygen.exe
c:\users\hp\downloads\software\nero 9.4.26.0+keygen [gr420]\nero-9.4.26.0_update.exe
c:\users\hp\downloads\software\nero 9.4.26.0+keygen [gr420]\trial.txt
c:\users\hp\downloads\utorrent\completed\spss 17\keygen.exe
c:\users\hp\downloads\utorrent\downloading\guitarpro v5.2 incl. keygen.rar
c:\users\hp\downloads\utorrent\torrent files\[isohunt] guitarpro v5.2 incl. keygen.rar.torrent
scanner sequence 3.EF.11
----- EOF -----

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    c:\users\hp\downloads\utorrent
    c:\users\hp\AppData\Roaming\uTorrent
    C:\VundoFix Backups
    c:\users\hp\downloads\software\nero 7.10.1.0


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionMBAM Cannot Remove A Malware EmptyRe: MBAM Cannot Remove A Malware

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum