i followed Dave's steps on this topic:
http://www.geekstogo...an-t255131.html
and here are the log files:
GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-11 13:57:33
Windows 6.0.6002 Service Pack 2
Running: ghnzn078.exe; Driver: C:\Users\Timothy\AppData\Local\Temp\fwtdrfog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
Device \Driver\BTHUSB \Device\00000070 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000070 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021860371bc
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0021860371bc (not active ControlSet)
---- EOF - GMER 1.0.15 ----
ComboFix:
ComboFix 10-07-10.01 - Timothy 11/07/2010 14:52:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.1014.250 [GMT 10:00]
Running from: c:\users\Timothy\Desktop\cf.com
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.
2010-07-11 05:03 . 2010-07-11 05:07 -------- d-----w- c:\users\Timothy\AppData\Local\temp
2010-07-11 05:03 . 2010-07-11 05:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-11 04:13 . 2010-07-11 22:48 -------- d-----w- C:\cf
2010-07-09 14:20 . 2010-07-09 14:20 -------- d-----w- c:\program files\FileHippo.com
2010-07-09 10:56 . 2010-07-09 10:56 -------- d-----w- c:\users\Timothy\AppData\Roaming\Malwarebytes
2010-07-09 10:55 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 10:55 . 2010-07-09 10:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 10:55 . 2010-07-09 10:55 -------- d-----w- c:\programdata\Malwarebytes
2010-07-09 10:55 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 10:47 . 2010-07-09 10:49 -------- d-----w- c:\users\Timothy\AppData\Roaming\QuickScan
2010-07-09 06:08 . 2010-07-09 06:08 -------- d-----w- c:\windows\system32\VIRepair
2010-07-07 05:44 . 2010-07-09 06:48 -------- d-----w- c:\programdata\BitDefender
2010-07-07 05:44 . 2010-07-07 05:45 -------- d-----w- c:\users\Timothy\AppData\Roaming\BitDefender
2010-07-07 05:41 . 2010-07-09 06:48 -------- d-----w- c:\program files\Common Files\BitDefender
2010-07-05 15:40 . 2009-11-29 17:03 360499 ----a-w- c:\windows\system32\viwc.exe
2010-07-05 15:40 . 2009-09-09 11:19 146412 ------w- c:\windows\system32\vilaunch.exe
2010-07-05 15:39 . 2010-07-09 06:08 -------- d-----w- c:\windows\system32\VITrans
2010-07-05 15:39 . 2010-07-05 15:41 -------- d-----w- C:\VTPFiles
2010-07-05 15:39 . 2006-12-03 07:15 111104 ----a-w- c:\windows\system32\Uharc.exe
2010-07-05 15:39 . 2006-12-03 07:15 19968 ----a-w- c:\windows\system32\reico.exe
2010-07-05 15:39 . 2006-12-03 07:15 69632 ----a-w- c:\windows\system32\moveex.exe
2010-07-05 15:39 . 2006-12-03 07:14 8636 ----a-w- c:\windows\system32\modifype.exe
2010-07-05 15:39 . 2004-11-27 09:00 94208 ----a-w- c:\windows\system32\pskill.exe
2010-07-05 15:06 . 2009-03-23 07:39 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2010-06-26 04:15 . 2009-11-08 00:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-26 04:15 . 2009-11-08 00:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-26 04:15 . 2009-11-08 00:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-26 04:15 . 2009-11-08 00:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-26 04:15 . 2009-11-08 00:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-25 07:55 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-25 07:55 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 04:30 . 2010-06-23 04:30 -------- d-----w- c:\users\Timothy\AppData\Roaming\Template
2010-06-15 08:44 . 2010-05-31 18:58 6638080 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
2010-06-15 08:44 . 2009-09-15 19:19 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2055-09-19 06:29 . 2009-09-19 06:00 2012 ----a-w- c:\windows\system32\NAV_75_cltDynam.dat
2010-07-11 05:06 . 2010-06-02 08:44 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-11 05:04 . 2008-04-29 03:53 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-09 14:38 . 2010-04-17 05:20 -------- d-----w- c:\users\Timothy\AppData\Roaming\HpUpdate
2010-07-09 14:20 . 2010-04-17 02:21 103264 ----a-w- c:\users\Timothy\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-09 07:27 . 2010-04-20 07:41 -------- d-----w- c:\programdata\IObit
2010-07-09 07:27 . 2010-04-18 05:41 -------- d-----w- c:\program files\IObit
2010-07-09 07:13 . 2007-06-28 07:39 -------- d-----w- c:\programdata\Roxio
2010-07-09 07:13 . 2007-06-28 07:36 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-07-09 07:13 . 2007-06-28 07:36 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-09 07:04 . 2007-06-28 08:26 -------- d-----w- c:\program files\muvee Technologies
2010-07-09 07:02 . 2007-06-28 08:26 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-07-09 07:02 . 2007-06-28 07:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-09 07:00 . 2007-06-28 08:24 -------- d-----w- c:\program files\MediaRing
2010-07-09 06:02 . 2010-04-18 05:41 -------- d-----w- c:\users\Timothy\AppData\Roaming\IObit
2010-07-07 10:26 . 2010-05-16 08:29 -------- d-----w- c:\program files\Steam
2010-07-07 10:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-07-07 10:24 . 2010-05-16 07:53 -------- d-----w- c:\program files\Error Expert
2010-07-07 10:24 . 2010-04-18 05:39 -------- d-----w- c:\program files\DAP
2010-07-06 15:29 . 2010-05-09 00:35 -------- d-----w- c:\users\Timothy\AppData\Roaming\BitTorrent
2010-07-06 11:43 . 2010-04-18 05:32 -------- d-----w- c:\program files\CCleaner
2010-07-02 03:28 . 2010-04-18 06:42 95744 ----a-w- c:\programdata\SpeedBit\DAP\SDCondition.dll
2010-06-26 04:17 . 2007-06-28 08:07 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 04:23 . 2007-06-28 08:05 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 07:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 12:41 . 2010-06-09 12:41 -------- d-----w- c:\users\Timothy\AppData\Roaming\vlc
2010-06-09 12:40 . 2010-06-09 12:40 -------- d-----w- c:\program files\VideoLAN
2010-06-08 12:25 . 2010-06-08 12:19 -------- d-----w- c:\program files\Autodesk
2010-06-08 12:24 . 2010-06-08 12:24 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-08 12:24 . 2010-06-08 12:19 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-06-08 12:21 . 2010-06-02 09:01 -------- d-----w- c:\programdata\Autodesk
2010-06-05 08:14 . 2010-06-02 09:01 -------- d-----w- c:\users\Timothy\AppData\Roaming\Autodesk
2010-06-05 04:28 . 2010-04-23 08:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 09:38 . 2010-06-02 09:38 -------- d-----w- c:\programdata\FLEXnet
2010-05-26 17:06 . 2010-06-10 04:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 04:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 20:24 . 2007-06-28 08:11 -------- d-----w- c:\programdata\CyberLink
2010-05-21 04:14 . 2010-04-17 02:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 07:13 . 2010-04-18 06:48 -------- d-----w- c:\programdata\NortonInstaller
2010-05-18 07:12 . 2010-04-18 06:48 -------- d-----w- c:\programdata\Norton
2010-05-18 07:12 . 2007-06-28 07:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-17 05:42 . 2007-06-28 08:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-16 08:47 . 2010-05-16 08:47 -------- d-----w- c:\program files\Common Files\Steam
2010-05-16 08:21 . 2010-05-16 08:21 -------- d-----w- c:\users\Timothy\AppData\Roaming\Tific
2010-05-16 08:03 . 2010-05-16 07:53 -------- d-----w- c:\users\Timothy\AppData\Roaming\ErrorExpert
2010-05-15 03:12 . 2007-06-28 08:09 -------- d-----w- c:\program files\Intel
2010-05-15 02:52 . 2010-05-09 02:32 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-15 02:52 . 2010-05-15 02:52 84480 ----a-w- c:\users\Timothy\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-05-15 02:52 . 2010-05-09 02:32 -------- d-----w- c:\users\Timothy\AppData\Roaming\SystemRequirementsLab
2010-05-09 02:32 . 2010-05-09 02:32 85504 ----a-w- c:\users\Timothy\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-04 05:59 . 2010-06-10 04:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 04:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 04:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 04:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 04:38 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:18 . 2010-04-29 19:18 57344 ----a-r- c:\windows\system32\XSIChooser.exe
2010-04-23 14:13 . 2010-05-26 07:14 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-18 13:05 . 2010-04-18 07:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-18 13:05 . 2010-04-18 07:01 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-04-18 04:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-18 01:16 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-04-18 01:16 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-17 14:05 . 2010-04-17 14:05 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-04-17 13:36 . 2010-04-17 13:36 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-04-17 13:36 . 2010-04-17 13:36 270848 ----a-w- c:\windows\system32\schannel.dll
2010-04-17 11:57 . 2010-04-17 11:57 23552 ----a-w- c:\windows\system32\lpk.dll
2010-04-17 11:57 . 2010-04-17 11:57 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-04-17 11:57 . 2010-04-17 11:57 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-04-17 11:57 . 2010-04-17 11:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-04-17 11:56 . 2010-04-17 11:56 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-04-17 11:56 . 2010-04-17 11:56 272896 ----a-w- c:\windows\system32\polstore.dll
2010-04-17 11:53 . 2010-04-17 11:53 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-17 11:53 . 2010-04-17 11:53 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-17 11:50 . 2010-04-17 11:50 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-04-17 11:50 . 2010-04-17 11:50 17920 ----a-w- c:\windows\system32\netevent.dll
2010-04-17 11:50 . 2010-04-17 11:50 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-04-17 11:50 . 2010-04-17 11:50 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-04-17 11:50 . 2010-04-17 11:50 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-04-17 11:50 . 2010-04-17 11:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-04-17 11:50 . 2010-04-17 11:50 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-04-17 11:50 . 2010-04-17 11:50 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-04-17 11:50 . 2010-04-17 11:50 10240 ----a-w- c:\windows\system32\finger.exe
2010-04-17 11:47 . 2010-04-17 11:47 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-17 11:47 . 2010-04-17 11:47 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-04-17 11:47 . 2010-04-17 11:47 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-04-17 11:47 . 2010-04-17 11:47 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-17 11:47 . 2010-04-17 11:47 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-17 11:47 . 2010-04-17 11:47 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-04-17 11:47 . 2010-04-17 11:47 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-04-17 11:46 . 2010-04-17 11:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-04-17 11:46 . 2010-04-17 11:46 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-04-17 11:46 . 2010-04-17 11:46 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-04-17 11:46 . 2010-04-17 11:46 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-04-17 11:45 . 2010-04-17 11:45 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-17 11:45 . 2010-04-17 11:45 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-04-17 11:45 . 2010-04-17 11:45 9728 ----a-w- c:\windows\system32\lsass.exe
2010-04-17 11:45 . 2010-04-17 11:45 72704 ----a-w- c:\windows\system32\secur32.dll
2010-04-17 11:45 . 2010-04-17 11:45 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-04-17 11:45 . 2010-04-17 11:45 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-17 11:44 . 2010-04-17 11:44 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-04-18 2815488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):59,c1,a0,98,b0,de,ca,01
R2 .1209441276;1209441276;c:\program files\1209441276\Timothy1209441276L.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-09 86016]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-05-31 6638080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-07-11 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-18 04:11]
2010-07-11 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-04-18 07:33]
2010-07-09 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-04-18 06:18]
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3862905309-1287376007-1067990715-1000Core.job
- c:\users\Timothy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-17 03:04]
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3862905309-1287376007-1067990715-1000UA.job
- c:\users\Timothy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-17 03:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=73&bd=Pavilion&pf=laptop
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 15:07
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3784)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
.
**************************************************************************
.
Completion time: 2010-07-11 15:15:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-11 05:15
ComboFix2.txt 2010-07-11 04:38
Pre-Run: 104,399,327,232 bytes free
Post-Run: 104,119,783,424 bytes free
- - End Of File - - B84FE9DC109657FE7FF9CB28BB043A17
and i would also like to know what this log is and is
Scrambler:
"C:\Users\Timothy\AppData\Local\Temp\nsj6A10.tmp\un.package.exe" "C:\Users\Timothy\AppData\Local\Temp\nsj6A10.tmp\3\PriceGong.exe.scr" "C:\Users\Timothy\AppData\Local\Temp\nsj6A10.tmp\3\PriceGong.exe" "B"OVER
Direction:B
InputFile:C:\Users\Timothy\AppData\Local\Temp\nsj6A10.tmp\3\PriceGong.exe.scr
InputFile:C:\Users\Timothy\AppData\Local\Temp\nsj6A10.tmp\3\PriceGong.exe
OPEN-IN:The operation completed successfully.
OPEN-OUT:The operation completed successfully.
Opened Files!
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
READ:The operation completed successfully.
Reading
WRITE-OUT:The operation completed successfully.
and that is all please help.