[phon]

Hi
Have had a problem with searches using google for nearly a week now. Am running Chrome, but seems to also happen in firefox, but internet explorer seems to work fine.
I am running Comodo internet security (free version) which fails to detect anything. I have also tried tdsskiller, FixTDSS, HitmanPro35, Norton Power Eraser and spyware doctor in my quest to be rid of this annoyance but have had no joy.

Please help....

Here is my OTL log


OTL logfile created on: 3/16/2011 2:19:07 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Scott\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 25.24 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: SCOTTSLAPTOP | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/15 21:27:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Downloads\OTL.exe
PRC - [2011/01/25 17:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/09/17 09:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/10/26 15:55:19 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/15 14:14:54 | 002,334,992 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
PRC - [2009/10/14 21:15:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/10/14 20:46:01 | 001,799,952 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/10/14 20:45:07 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/04/11 19:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/03 10:23:16 | 000,176,128 | ---- | M] () -- C:\Users\Scott\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
PRC - [2009/03/20 15:32:32 | 001,312,256 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/03/09 14:44:12 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/04 12:25:12 | 000,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/02/23 11:08:10 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/02/23 11:08:10 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe
PRC - [2009/02/17 11:37:10 | 000,128,000 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/02/12 18:21:34 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/12/21 12:48:50 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/12/10 00:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2008/11/26 13:35:00 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/09/16 20:03:50 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/08/28 15:20:22 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/06/05 15:26:36 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/05/20 09:24:46 | 000,091,432 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2008/04/25 02:36:32 | 001,817,656 | ---- | M] (WiQuest Communications, Inc.) -- C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
PRC - [2008/03/20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/01/21 15:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/10/25 17:23:36 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/10/11 08:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/10/11 08:45:52 | 000,031,232 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2007/09/09 06:51:40 | 000,488,728 | ---- | M] (Dassault Systemes) -- C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
PRC - [2007/08/07 13:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/15 21:27:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Downloads\OTL.exe
MOD - [2010/09/01 04:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/10/26 15:56:20 | 000,102,400 | ---- | M] (RealPlayer) -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/04/11 19:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2008/06/05 15:26:00 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/22 06:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/22 06:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/12/16 21:45:30 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/10/14 21:15:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/14 20:45:07 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/04/11 19:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/04 12:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/02/23 11:08:10 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe -- (STacSV)
SRV - [2009/02/12 18:21:34 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/07/10 20:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 20:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/21 15:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/11 08:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


========== Driver Services (SafeList) ==========

DRV - [2011/03/15 20:20:30 | 000,076,920 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SMR162.SYS -- (SMR162)
DRV - [2009/10/15 14:16:51 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2009/10/15 14:15:27 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/10/15 14:15:25 | 000,128,888 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009/04/11 17:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/03/08 17:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/02/23 11:08:10 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/24 18:42:48 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/06/30 12:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/06/26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/05/15 12:07:00 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008/04/04 13:42:22 | 000,224,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2008/02/20 21:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/01/21 15:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/10/17 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/07 13:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {e432fb69-51f3-4fe5-9bd5-99b1a02ef78e}:1.0
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0
FF - prefs.js..extensions.enabledItems: {6ce6f000-9b3c-11dd-ad8b-0800200c9a66}:1.3.6
FF - prefs.js..keyword.URL: "http://toolbar.ask.c...7&gct=&gc=1&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/06/01 20:22:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/09 18:18:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/23 21:57:08 | 000,000,000 | ---D | M]

[2009/10/12 22:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2009/09/14 22:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/03/12 18:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4ut75wxc.default\extensions
[2009/10/13 07:54:06 | 000,000,000 | ---D | M] (RulerDark) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4ut75wxc.default\extensions\{6ce6f000-9b3c-11dd-ad8b-0800200c9a66}
[2009/10/13 07:54:06 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4ut75wxc.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2011/03/13 14:13:44 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4ut75wxc.default\extensions\{e432fb69-51f3-4fe5-9bd5-99b1a02ef78e}
[2011/03/11 15:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\i6moj8ic.default\extensions
[2011/03/13 14:13:44 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\i6moj8ic.default\extensions\{e432fb69-51f3-4fe5-9bd5-99b1a02ef78e}
[2011/03/12 18:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/23 21:57:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/10/26 15:56:20 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2009/10/13 22:56:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/09/19 10:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SJelite3Launch] C:\Users\Scott\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe ()
O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (Dassault Systemes)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Scott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Scott\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 10:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/15 20:20:30 | 000,076,920 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR162.SYS
[2011/03/15 20:20:23 | 000,000,000 | R--D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/03/15 18:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/03/15 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\NPE
[2011/03/14 18:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/03/13 22:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/03/13 13:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/13 13:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/09 18:38:36 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\T-Splines for Rhino
[2011/03/04 16:13:27 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\T-Splines tutorials
[2011/03/03 16:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TSplines
[2011/03/03 16:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-Splines for Rhino
[2011/03/03 16:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\T-Splines for Rhino
[2011/03/03 15:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Flamingo 1.1
[2011/03/03 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 4.0
[2011/03/03 15:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 3.0
[2011/02/23 21:58:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/23 21:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/23 21:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/23 21:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/22 22:16:50 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire
[2011/02/22 22:15:25 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\Rhino3D
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Scott\Desktop\*.tmp files -> C:\Users\Scott\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/16 14:19:43 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2011/03/16 14:16:43 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/16 14:16:43 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/16 14:15:41 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/16 14:09:54 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4125145035-2518940612-160353995-1000UA.job
[2011/03/16 14:09:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/16 14:09:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/15 21:05:17 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/15 20:24:24 | 000,669,244 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/15 20:24:24 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/15 20:20:32 | 000,000,020 | ---- | M] () -- C:\Windows\System32\drivers\SMR162.dat
[2011/03/15 20:20:30 | 000,076,920 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR162.SYS
[2011/03/15 20:19:19 | 3707,662,336 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/15 20:18:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/15 18:17:44 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4125145035-2518940612-160353995-1000Core.job
[2011/03/13 22:48:24 | 000,003,580 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/03/13 22:20:35 | 000,005,073 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/03/13 14:12:49 | 000,001,664 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/03/10 22:35:42 | 000,000,078 | ---- | M] () -- C:\Windows\System32\1055877960
[2011/03/09 20:09:54 | 000,179,712 | ---- | M] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/08 23:01:36 | 000,641,511 | ---- | M] () -- C:\Users\Scott\Desktop\crate.3dm
[2011/03/03 15:32:35 | 000,408,972 | ---- | M] () -- C:\Users\Scott\Desktop\Side table part 2.3dm
[2011/03/03 15:07:39 | 000,164,946 | ---- | M] () -- C:\Users\Scott\Desktop\Side table part 1.3dm
[2011/03/03 07:45:56 | 000,000,240 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher (2).lnk
[2011/03/03 07:45:53 | 000,000,240 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/22 22:16:50 | 000,001,036 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.3.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Scott\Desktop\*.tmp files -> C:\Users\Scott\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/15 20:20:30 | 000,000,020 | ---- | C] () -- C:\Windows\System32\drivers\SMR162.dat
[2011/03/13 22:48:24 | 000,003,580 | ---- | C] () -- C:\Windows\System32\.crusader
[2011/03/13 22:41:42 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/13 14:12:49 | 000,001,664 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/03/10 22:35:26 | 000,000,078 | ---- | C] () -- C:\Windows\System32\1055877960
[2011/03/08 23:01:35 | 000,641,511 | ---- | C] () -- C:\Users\Scott\Desktop\crate.3dm
[2011/03/03 16:25:55 | 000,200,704 | ---- | C] () -- C:\Windows\System32\BongoSDK.10.v40.dll
[2011/03/03 15:23:16 | 000,408,972 | ---- | C] () -- C:\Users\Scott\Desktop\Side table part 2.3dm
[2011/03/03 15:07:39 | 000,164,946 | ---- | C] () -- C:\Users\Scott\Desktop\Side table part 1.3dm
[2011/03/03 07:45:56 | 000,000,240 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher (2).lnk
[2011/03/03 07:45:53 | 000,000,240 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/23 21:54:17 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/23 21:54:17 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/23 21:54:17 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/22 22:16:50 | 000,001,036 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.3.lnk
[2010/09/14 09:09:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/09/14 09:09:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/14 09:09:04 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/11/11 19:20:13 | 000,000,234 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/26 15:58:24 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/16 16:02:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/10/14 21:21:51 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/10/13 16:49:27 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2009/10/13 07:53:01 | 000,179,712 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/12 22:13:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/10/12 21:33:13 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/10/12 21:33:12 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/10/12 21:33:12 | 000,495,376 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/10/12 21:33:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009/10/12 21:33:12 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/10/12 21:16:49 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/10/12 20:35:46 | 000,000,680 | ---- | C] () -- C:\Users\Scott\AppData\Local\d3d9caps.dat
[2008/11/17 04:54:46 | 000,081,748 | ---- | C] () -- C:\Windows\WinVerCheck.exe
[2007/04/16 03:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/03 01:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/03 01:47:43 | 001,743,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 23:33:01 | 000,669,244 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 23:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 23:33:01 | 000,126,188 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 23:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 23:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 21:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 21:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 20:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 20:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/02 11:10:25 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/11/21 19:31:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2009/04/25 16:03:04 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Broadcom
[2011/03/10 22:48:25 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\FrostWire
[2010/12/18 18:45:23 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\JAM Software
[2009/10/12 22:49:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Nokia
[2009/10/12 22:49:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PC Suite
[2009/10/20 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Transcend
[2009/10/12 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Wave Systems Corp
[2010/07/17 18:55:00 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2011/03/15 20:18:23 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

[Advertisements]

Hi phon,

Welcome to Geeks to go! My name is Blottedisk and I will be helping you with your malware issues.

• Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification). If the button says Stop Watching Topic, then you are already subscribed.
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.


Is this issue happening in Chrome as well, or just in Firefox?
Please follow these steps in order:


Step 1 | Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select "Run As Administrator" (Vista-W7).
• When prompted to run the scan, click Yes.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt)

Step 2 | Please download Rootkit Unhooker (RKU) from one of the following mirrors and save it to your desktop:


Link #1 (.exe file - recommended)
Link #2 (.zipped file)

--------------------------------------------------------------------

• Right click on RKUnhookerLE and select "Run as administrator" to run it
• Click the Report tab, then click Scan
• Check Drivers, Stealth and uncheck the rest
• Click OK
• Wait until it's finished and then go to File > Save Report
• Save the report to your Desktop
• Copy the entire contents of the report and paste it in a reply here.

Note - You may get this warning... just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

[Blottedisk]

Hi phon,

Welcome to Geeks to go! My name is Blottedisk and I will be helping you with your malware issues.

• Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification). If the button says Stop Watching Topic, then you are already subscribed.
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.


Is this issue happening in Chrome as well, or just in Firefox?
Please follow these steps in order:


Step 1 | Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select "Run As Administrator" (Vista-W7).
• When prompted to run the scan, click Yes.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt)

Step 2 | Please download Rootkit Unhooker (RKU) from one of the following mirrors and save it to your desktop:


Link #1 (.exe file - recommended)
Link #2 (.zipped file)

--------------------------------------------------------------------

• Right click on RKUnhookerLE and select "Run as administrator" to run it
• Click the Report tab, then click Scan
• Check Drivers, Stealth and uncheck the rest
• Click OK
• Wait until it's finished and then go to File > Save Report
• Save the report to your Desktop
• Copy the entire contents of the report and paste it in a reply here.

Note - You may get this warning... just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

[phon]

Hi Blottedisk
thank you for your help.

I generally use Chrome however this seems to be happening in both Chrome and firefox but not Internet explorer.

Here are the log files requested.

Thanks.
Phon



GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:49 on 16/03/2011 (Scott)
Firefox version 3.5.4 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Scott\Application Data\Mozilla\Firefox\Profiles\4ut75wxc.default\extensions\{e432fb69-51f3-4fe5-9bd5-99b1a02ef78e}" -> Success!
Deleting "C:\Users\Scott\Application Data\Mozilla\Firefox\Profiles\i6moj8ic.default\extensions\{e432fb69-51f3-4fe5-9bd5-99b1a02ef78e}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [08:54 12/10/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [07:16 21/10/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [19:00 10/12/2009]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [08:57 23/02/2011]

C:\Users\Scott\Application Data\Mozilla\Firefox\Profiles\4ut75wxc.default\extensions\
{6ce6f000-9b3c-11dd-ad8b-0800200c9a66} [18:54 12/10/2009]
{c1dffba0-628e-11d9-9669-0800200c9a66} [18:54 12/10/2009]

C:\Users\Scott\Application Data\Mozilla\Firefox\Profiles\i6moj8ic.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [09:02 12/10/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext" [02:56 26/10/2009]
"[email protected]"="C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\" [07:22 01/06/2010]

-=E.O.F=-





RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8FC09000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7225344 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82A48000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82A48000 PnpManager 3907584 bytes
0x82A48000 RAW 3907584 bytes
0x82A48000 WMIxWDM 3907584 bytes
0x90609000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3702784 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x9AA50000 Win32k 2109440 bytes
0x9AA50000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C205000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8BE72000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x90E4C000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8C00A000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x82487000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x920F6000 C:\Windows\System32\Drivers\dump_iaStor.sys 897024 bytes
0x8BC00000 C:\Windows\system32\DRIVERS\iaStor.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x91004000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8160F000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8BCDB000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x902ED000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x9040C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x90C0D000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8060E000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8BE01000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x81716000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x90D1E000 C:\Windows\system32\DRIVERS\stwrt.sys 409600 bytes (IDT, Inc., IDT PC Audio)
0x9204D000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x82435000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9ACA0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x80740000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90F62000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80697000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x90FAA000 C:\Windows\system32\DRIVERS\OA001Vid.sys 282624 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x80494000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x90562000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8BDAF000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x90E0F000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x92007000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8BFA8000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x90399000 C:\Windows\system32\DRIVERS\e1y6032.sys 237568 bytes (Intel Corporation, Intel® Gigabit Network Connection NDIS 6 deserialized driver)
0x8C18F000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8C315000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x90CE9000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82A15000 ACPI_HAL 208896 bytes
0x82A15000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x805C9000 C:\Windows\System32\drivers\FLTMGR.SYS 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x807C7000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x90533000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x90499000 C:\Windows\system32\DRIVERS\Apfiltr.sys 184320 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8078A000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x90D82000 C:\Windows\system32\DRIVERS\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8BF7D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x90CA8000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x816CF000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8240D000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8C365000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EE000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x90DAF000 C:\Windows\system32\DRIVERS\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x905D0000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x910F8000 C:\Windows\System32\DRIVERS\cmdguard.sys 139264 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0x82583000 C:\Program Files\CyberLink\PowerDVD8\000.fcl 135168 bytes (Cyberlink Corp., FCL Driver)
0x8C39D000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x910C6000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0x817CE000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x90DD4000 C:\Windows\system32\DRIVERS\OA001Ufd.sys 135168 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x91183000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C170000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x81783000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8C0F4000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8C10F000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x909AF000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x817A0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8C12A000 C:\Windows\System32\Drivers\DLAIFS_M.SYS 102400 bytes (Roxio, Drive Letter Access Component)
0x904F9000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8C1C8000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x920A8000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8C159000 C:\Windows\System32\Drivers\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0x8BD8E000 C:\Windows\System32\Drivers\DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0x905AE000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9111A000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x825A4000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8C143000 C:\Windows\System32\Drivers\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x904D1000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x911D6000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8BFE3000 C:\Windows\system32\DRIVERS\inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)
0x817B9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8C1EA000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C3E8000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90F4E000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x909D8000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x81703000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8BDED000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8C38C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x910E7000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8BD7C000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x920C8000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x816BF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807B7000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x90991000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x90C96000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x90524000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x825CC000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8C356000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80715000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x903ED000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x909C9000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x903DE000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80731000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x909A1000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9AC90000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x90FEF000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x911BF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x904EB000 C:\Windows\system32\drivers\tpm.sys 57344 bytes (Microsoft Corporation, TPM Device Driver)
0x920E9000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x910B9000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x90CDC000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8068A000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8256F000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x825DB000 C:\Windows\system32\DRIVERS\usbccid.sys 49152 bytes (Microsoft Corporation, USB CCID Driver)
0x91177000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9038D000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x921EA000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x904C6000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x909EB000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x911B4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x905C5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9113F000 C:\Windows\system32\DRIVERS\SMCLIB.SYS 45056 bytes (Microsoft Corporation, Smard Card Driver Library)
0x905A3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8C3D4000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x903D3000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80727000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x911EC000 C:\Windows\System32\DRIVERS\cmdhlp.sys 40960 bytes (COMODO, COMODO Internet Security Helper Driver)
0x921D1000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x90CD2000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x816F9000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x92043000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8BDA5000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x82565000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C3BE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9114A000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x920BF000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x920D8000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x825F0000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x911CD000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9AC70000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C3DF000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x9051B000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806DD000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x90600000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0x8048C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x91167000 C:\Windows\System32\Drivers\DLABMFSM.SYS 32768 bytes (Roxio, Drive Letter Access Component)
0x920E1000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E6000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x911A4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x911AC000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x911F6000 C:\Windows\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x8C34E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8257B000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x9115A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x92000000 C:\Windows\System32\Drivers\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x91170000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80404000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x91153000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x921F6000 C:\Windows\System32\Drivers\DLAOPIOM.SYS 24576 bytes (Roxio, Drive Letter Access Component)
0x91161000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0x90511000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x90517000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x82483000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x80724000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x921FC000 C:\Windows\System32\Drivers\DLAPoolM.SYS 12288 bytes (Roxio, Drive Letter Access Component)
0x8BD8C000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0x90CA6000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91131000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x921F5000 C:\Windows\System32\Drivers\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
==============================================
>Stealth
==============================================

[phon]

I am now getting this message from COMODO upon opening gmail which I have never had before so I have been blocking it.
rundll32.exe is trying to execute gcswf32.dll.

[Blottedisk]

Hi Phon,

I am now getting this message from COMODO upon opening gmail which I have never had before so I have been blocking it.
rundll32.exe is trying to execute gcswf32.dll.

The file belongs to Chrome, this is just a false positive. People from Comodo will probably solve this issue soon.


Can you please check if the redirects are still happening in Firefox?


After that, please download MBRCheck.exe to your desktop.

• Be sure to disable your security programs
• Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
• A window will open on your desktop
• if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
• If nothing unusual is found just press Enter
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
• Please post the contents of that file.

[phon]

Hi Blottedisk

Firefox seems to be ok now
Chrome still having problems though.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Latitude E6400
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 171):
0x82A48000 \SystemRoot\system32\ntkrnlpa.exe
0x82A15000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047B000 \SystemRoot\system32\PSHED.dll
0x8048C000 \SystemRoot\system32\BOOTVID.dll
0x80494000 \SystemRoot\system32\CLFS.SYS
0x804D5000 \SystemRoot\system32\CI.dll
0x805C9000 \SystemRoot\System32\drivers\FLTMGR.SYS
0x8060E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8068A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80697000 \SystemRoot\system32\drivers\acpi.sys
0x806DD000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E6000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EE000 \SystemRoot\system32\drivers\pci.sys
0x80715000 \SystemRoot\System32\drivers\partmgr.sys
0x80724000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80727000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80731000 \SystemRoot\system32\drivers\volmgr.sys
0x80740000 \SystemRoot\System32\drivers\volmgrx.sys
0x8078A000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807B7000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8BCDB000 \SystemRoot\system32\drivers\iastorv.sys
0x8BD7C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BD8C000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8BD8E000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x8BDA5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8BE01000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BE72000 \SystemRoot\system32\drivers\ndis.sys
0x8BF7D000 \SystemRoot\system32\drivers\msrpc.sys
0x8BFA8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C00A000 \SystemRoot\System32\drivers\tcpip.sys
0x8C0F4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C205000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C315000 \SystemRoot\system32\drivers\volsnap.sys
0x8C34E000 \SystemRoot\System32\Drivers\spldr.sys
0x8C356000 \SystemRoot\System32\Drivers\mup.sys
0x8C365000 \SystemRoot\System32\drivers\ecache.sys
0x8C38C000 \SystemRoot\system32\drivers\disk.sys
0x8C39D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8C3BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C3D4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8C3DF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8FC09000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x902ED000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9038D000 \SystemRoot\System32\drivers\watchdog.sys
0x90399000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x903D3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BDAF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x903DE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9040C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90609000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x90991000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x909A1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x909AF000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x909C9000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x909D8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90499000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x909EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x904C6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x904EB000 \SystemRoot\system32\drivers\tpm.sys
0x90600000 \SystemRoot\system32\drivers\Afc.sys
0x904F9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90511000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90517000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9051B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90524000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90533000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90562000 \SystemRoot\system32\DRIVERS\storport.sys
0x905A3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x905AE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x905C5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x905D0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x903ED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C3E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C1EA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90C0D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x90C96000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90CA6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90CA8000 \SystemRoot\system32\DRIVERS\ks.sys
0x90CD2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90CDC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90CE9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90D1E000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x90D82000 \SystemRoot\system32\DRIVERS\portcls.sys
0x90DAF000 \SystemRoot\system32\DRIVERS\drmk.sys
0x90E0F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90E4C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x91004000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x910B9000 \SystemRoot\system32\drivers\modem.sys
0x910C6000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x910E7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x910F8000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x9111A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91131000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9113F000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x9114A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91153000 \SystemRoot\System32\Drivers\Null.SYS
0x9115A000 \SystemRoot\System32\Drivers\Beep.SYS
0x91161000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x91170000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91177000 \SystemRoot\System32\drivers\vga.sys
0x91183000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x911A4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x911AC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x911B4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x911BF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x911CD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x911D6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x911EC000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x90F4E000 \SystemRoot\system32\DRIVERS\smb.sys
0x90F62000 \SystemRoot\system32\drivers\afd.sys
0x90FAA000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x807C7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90DD4000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x904D1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BFE3000 \SystemRoot\system32\DRIVERS\inspect.sys
0x90FEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BDED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x911F6000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x92007000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92043000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9204D000 \SystemRoot\system32\drivers\csc.sys
0x920A8000 \SystemRoot\System32\Drivers\dfsc.sys
0x920BF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x920C8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x920D8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x920E1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x920E9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x920F6000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9AA50000 \SystemRoot\System32\win32k.sys
0x921D1000 \SystemRoot\System32\drivers\Dxapi.sys
0x9AC70000 \SystemRoot\System32\TSDDD.dll
0x9AC90000 \SystemRoot\System32\cdd.dll
0x9ACA0000 \SystemRoot\System32\ATMFD.DLL
0x8C10F000 \SystemRoot\system32\drivers\luafv.sys
0x921EA000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x921F5000 \SystemRoot\System32\Drivers\DLADResM.SYS
0x8C12A000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0x921F6000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0x921FC000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0x91167000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0x92000000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0x8C143000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0x8C159000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0x8160F000 \SystemRoot\system32\drivers\spsys.sys
0x816BF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x816CF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x816F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81703000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81716000 \SystemRoot\system32\drivers\HTTP.sys
0x81783000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x817A0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x817B9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x817CE000 \SystemRoot\system32\drivers\mrxdav.sys
0x8C170000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8C18F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8C1C8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8240D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x82435000 \SystemRoot\System32\DRIVERS\srv.sys
0x82483000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x82487000 \SystemRoot\system32\drivers\peauth.sys
0x82565000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8256F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8257B000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x82583000 \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl
0x825A4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x825BA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x825C9000 \SystemRoot\system32\DRIVERS\usbccid.sys
0x776A0000 \Windows\System32\ntdll.dll

Processes (total 95):
0 System Idle Process
4 System
568 C:\Windows\System32\smss.exe
648 csrss.exe
692 C:\Windows\System32\wininit.exe
704 csrss.exe
736 C:\Windows\System32\services.exe
752 C:\Windows\System32\lsass.exe
760 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\winlogon.exe
944 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1076 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1168 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe
1452 C:\Windows\System32\audiodg.exe
1580 C:\Windows\System32\svchost.exe
1628 C:\Windows\System32\SLsvc.exe
1668 C:\Windows\System32\svchost.exe
1976 C:\Windows\System32\wlanext.exe
228 C:\Windows\System32\spoolsv.exe
484 C:\Windows\System32\svchost.exe
1772 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1860 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe
928 C:\Windows\System32\svchost.exe
1324 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2104 C:\Program Files\Bonjour\mDNSResponder.exe
2140 C:\Windows\System32\svchost.exe
2152 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2184 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2288 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
2420 C:\Windows\System32\IoctlSvc.exe
2432 C:\Windows\System32\svchost.exe
2452 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2496 C:\Windows\System32\svchost.exe
2536 C:\Windows\System32\svchost.exe
2632 C:\Windows\System32\svchost.exe
2700 C:\Windows\System32\SearchIndexer.exe
2728 C:\Windows\System32\drivers\XAudio.exe
2904 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3248 WmiPrvSE.exe
3388 C:\Windows\System32\taskeng.exe
3464 C:\Windows\System32\dwm.exe
3488 C:\Windows\explorer.exe
3504 C:\Windows\System32\taskeng.exe
3876 C:\Program Files\Windows Defender\MSASCui.exe
3892 C:\Windows\System32\hkcmd.exe
3900 C:\Windows\System32\igfxpers.exe
3908 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
3956 C:\Program Files\CyberLink\Shared Files\brs.exe
4004 C:\Program Files\PowerISO\PWRISOVM.EXE
4060 C:\Windows\System32\igfxsrvc.exe
4076 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
2404 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
2524 C:\Program Files\DellTPad\Apoint.exe
1932 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2796 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2928 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
968 C:\Program Files\IDT\WDM\sttray.exe
804 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3172 C:\Program Files\iTunes\iTunesHelper.exe
3284 C:\Users\Scott\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
3348 C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
3480 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3368 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
940 C:\Program Files\Windows Media Player\wmpnscfg.exe
3736 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
792 C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe
3312 C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
3228 C:\Windows\System32\wbem\unsecapp.exe
3572 C:\Program Files\Windows Media Player\wmpnetwk.exe
4228 C:\Program Files\DellTPad\ApMsgFwd.exe
4916 C:\Program Files\DellTPad\hidfind.exe
5084 C:\Program Files\DellTPad\ApntEx.exe
5488 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
5752 C:\Windows\System32\svchost.exe
5788 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
6096 C:\Program Files\iPod\bin\iPodService.exe
5548 C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
5000 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
5460 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
5568 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
428 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
636 C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
4744 C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
3076 C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
5212 C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
3884 C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
5848 C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
5064 C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
2740 C:\Users\Scott\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

[Blottedisk]

Hi

That's interesting. Let's have a look at your Google Chrome extensions.

• Please open a new Google Chrome window or tab.
• Copy and paste or write the following line in the URL address box in order to open the extensions page: chrome://extensions/
• Press the following key combination in order to open the JavaScript console: Shift + Ctrl + J
• Copy the following code, paste it in the console and press Enter:
  

  returnExtensionsData=function(a){var o=[];for(var i=0,e=a.extensions,len=a.extensions.length;i<len;i++){o.push({id:e[i].id,name:e[i].name});}console.log('var extdata='+JSON.stringify(o)+';');};requestExtensionsData();

• Once you have pressed Enter, a code will be generated and displayed in the console. Please copy and paste it in your next reply.

Click on the image to resize it.

[phon]

This is what I got

var extdata=[{"id":"pmhkcjebpkenmhcgjokjacnjmbookdgj","name":"Default Extension"}];

[phon]

My apologies for my slow response. Thought i had done it straight away but must have failed to click POST.

Edited by phon, 24 March 2011 - 08:33 PM.

[Blottedisk]

Hi,


Sorry for the delay.

Please download Combofix from either of the links below but rename it to landscape.exe before saving it to your desktop.

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

• Right-click and choose "Run as administrator" on the renamed Combofix.exe & follow the prompts. When finished, it will produce a report for you.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

If you need help, see this link:
http://www.bleepingc...to-use-combofix

[phon]

Hi

Here is the combofix log file


ComboFix 11-03-24.03 - Scott 03/25/2011 21:18:37.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3535.2038 [GMT 13:00]
Running from: c:\users\Scott\Desktop\landscape.exe.exe
AV: COMODO Antivirus *Disabled/Updated* {A7500527-8708-6548-7035-7F679C5FCEA5}
FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.LNK
.
c:\windows\system32\userinit.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-23 01:01 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 01:01 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 01:01 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 00:55 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADA7E882-15F6-4CA6-9D9B-A09C97B7AE21}\mpengine.dll
2011-03-16 08:39 . 2011-03-16 08:39 -------- d-----w- C:\_OTM
2011-03-16 08:35 . 2011-03-16 08:36 -------- d-----w- c:\program files\ERUNT
2011-03-15 05:29 . 2011-03-15 05:29 -------- d-----w- c:\programdata\Norton
2011-03-15 05:29 . 2011-03-15 07:17 -------- d-----w- c:\users\Scott\AppData\Local\NPE
2011-03-13 09:41 . 2011-03-15 08:05 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-13 09:35 . 2011-03-13 09:48 -------- d-----w- c:\programdata\Hitman Pro
2011-03-13 00:48 . 2011-03-13 00:48 -------- d-----w- c:\program files\iPod
2011-03-09 04:59 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 04:59 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 04:59 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 04:59 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 04:59 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 04:59 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-03 03:26 . 2011-03-03 03:26 -------- d-----w- c:\programdata\TSplines
2011-03-03 03:25 . 2008-05-26 19:34 200704 ----a-w- c:\windows\system32\BongoSDK.10.v40.dll
2011-03-03 03:19 . 2011-03-09 06:23 -------- d-----w- c:\program files\T-Splines for Rhino
2011-03-03 02:59 . 2011-03-03 03:00 -------- d-----w- c:\program files\Flamingo 1.1
2011-02-23 08:58 . 2011-02-23 08:58 -------- d-----w- c:\program files\Common Files\Java
2011-02-23 08:57 . 2011-02-02 08:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-23 08:57 . 2011-02-02 08:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-23 08:55 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 04:11 . 2009-10-12 08:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-08 19:04 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-08 19:03 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-08 19:03 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-08 19:03 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-08 19:03 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-08 19:03 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-08 19:03 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-08 19:03 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-08 19:03 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-08 19:03 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-08 19:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-08 19:03 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-08 19:03 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-08 19:04 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-08 19:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-08 19:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-08 19:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-08 19:04 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-08 19:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-08 19:04 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-08 19:04 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-08 19:04 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-08 19:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-08 19:03 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-08 19:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-08 19:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-08 19:03 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-08 19:03 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-11 21:40 413696 ----a-w- c:\windows\system32\odbc32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-17 133104]
"SJelite3Launch"="c:\users\Scott\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe" [2009-04-02 176128]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-07 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-07 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-07 145944]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-10-14 1799952]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-20 200704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-26 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-10 31232]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Wireless USB Manager.lnk - c:\program files\Dell\Dell WUSB\WQ_Tray2.exe [2008-4-25 1817656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 136176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-28 29736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-10-15 128888]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-10-15 29520]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-14 61424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\aestsrv.exe [2009-02-12 81920]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-04-04 224384]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-05 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
rsmsvcs REG_MULTI_SZ ntmssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 23:50]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 23:50]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125145035-2518940612-160353995-1000Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 05:09]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125145035-2518940612-160353995-1000UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4ut75wxc.default\
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: RulerDark: {6ce6f000-9b3c-11dd-ad8b-0800200c9a66} - %profile%\extensions\{6ce6f000-9b3c-11dd-ad8b-0800200c9a66}
FF - Ext: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - %profile%\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\ConverterUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-25 21:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5952)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\IDT\WDM\sttray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\COMODO\COMODO Internet Security\cfpupdat.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-03-25 21:42:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-25 08:42
.
Pre-Run: 26,589,409,280 bytes free
Post-Run: 31,464,189,952 bytes free
.
- - End Of File - - B10786E4320E0FAF12C80C4728F595B5

[Blottedisk]

Hi,


Please do the following:


ComboFix - CFScript

WARNING !
This script is for THIS user and computer ONLY!
Using this tool incorrectly could damage your Operating System... preventing it from starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

Please open Notepad and copy/paste all the text below... into the window:

DDS::
uInternet Settings,ProxyOverride = *.local

SRPeek::
c:\windows\system32\userinit.exe

• Save it to your desktop as CFScript.txt
• Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
• Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
  
  
  
  This will cause ComboFix to run again.
  Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
  Do Not touch your computer when ComboFix is running!
  When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
• Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

[phon]

Hi

Combofix report as follows...

ComboFix 11-03-24.06 - Scott 03/26/2011 11:11:15.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3535.2063 [GMT 13:00]
Running from: c:\users\Scott\Desktop\landscape.exe.exe
Command switches used :: c:\users\Scott\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {A7500527-8708-6548-7035-7F679C5FCEA5}
FW: COMODO Firewall *Disabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-25 22:18 . 2011-03-25 22:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-25 22:18 . 2011-03-25 22:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-03-25 21:23 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F163CBFE-B18F-4C78-B015-D88D3CCC554C}\mpengine.dll
2011-03-25 21:20 . 2011-03-25 21:20 -------- d-----w- c:\programdata\ArcSoft
2011-03-25 21:20 . 2001-09-04 15:18 225280 ----a-w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-03-25 21:20 . 2001-09-04 15:14 176128 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-03-25 21:20 . 2001-09-04 15:13 32768 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-03-25 21:20 . 2001-09-04 15:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-03-25 21:20 . 2003-04-23 08:34 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-03-23 01:01 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 01:01 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 01:01 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-16 08:39 . 2011-03-16 08:39 -------- d-----w- C:\_OTM
2011-03-16 08:35 . 2011-03-16 08:36 -------- d-----w- c:\program files\ERUNT
2011-03-15 05:29 . 2011-03-15 05:29 -------- d-----w- c:\programdata\Norton
2011-03-15 05:29 . 2011-03-15 07:17 -------- d-----w- c:\users\Scott\AppData\Local\NPE
2011-03-13 09:41 . 2011-03-15 08:05 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-13 09:35 . 2011-03-13 09:48 -------- d-----w- c:\programdata\Hitman Pro
2011-03-13 00:48 . 2011-03-13 00:48 -------- d-----w- c:\program files\iPod
2011-03-09 04:59 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 04:59 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 04:59 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 04:59 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 04:59 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 04:59 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-03 03:26 . 2011-03-03 03:26 -------- d-----w- c:\programdata\TSplines
2011-03-03 03:25 . 2008-05-26 19:34 200704 ----a-w- c:\windows\system32\BongoSDK.10.v40.dll
2011-03-03 03:19 . 2011-03-09 06:23 -------- d-----w- c:\program files\T-Splines for Rhino
2011-03-03 02:59 . 2011-03-03 03:00 -------- d-----w- c:\program files\Flamingo 1.1
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 08:40 . 2011-02-23 08:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 05:11 . 2009-10-12 08:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-08 19:04 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-08 19:03 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-08 19:03 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-08 19:03 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-08 19:03 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-08 19:03 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-08 19:03 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-08 19:03 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-08 19:03 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-08 19:03 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-08 19:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-08 19:03 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-08 19:03 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-08 19:04 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-08 19:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-08 19:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-08 19:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-08 19:04 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-08 19:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-08 19:04 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-08 19:04 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-08 19:04 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-08 19:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-08 19:03 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-08 19:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-08 19:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-08 19:03 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-08 19:03 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-11 21:40 413696 ----a-w- c:\windows\system32\odbc32.dll
.
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-17 133104]
"SJelite3Launch"="c:\users\Scott\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe" [2009-04-02 176128]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-07 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-07 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-07 145944]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-10-14 1799952]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-12-20 200704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-26 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-07-04 109056]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Wireless USB Manager.lnk - c:\program files\Dell\Dell WUSB\WQ_Tray2.exe [2008-4-25 1817656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 136176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-28 29736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-10-15 128888]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-10-15 29520]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-14 61424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\aestsrv.exe [2009-02-12 81920]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-04-04 224384]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-25 3662848]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-05 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
rsmsvcs REG_MULTI_SZ ntmssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 23:50]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-28 23:50]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125145035-2518940612-160353995-1000Core.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 05:09]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125145035-2518940612-160353995-1000UA.job
- c:\users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-12 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.nz/
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4ut75wxc.default\
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: RulerDark: {6ce6f000-9b3c-11dd-ad8b-0800200c9a66} - %profile%\extensions\{6ce6f000-9b3c-11dd-ad8b-0800200c9a66}
FF - Ext: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - %profile%\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-26 11:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5004)
c:\windows\system32\btmmhook.dll
.
Completion time: 2011-03-26 11:20:41
ComboFix-quarantined-files.txt 2011-03-25 22:20
ComboFix2.txt 2011-03-25 21:40
ComboFix3.txt 2011-03-25 08:43
.
Pre-Run: 33,169,383,424 bytes free
Post-Run: 32,924,880,896 bytes free
.
- - End Of File - - 9FAB30DD4947DA93F9C0BF23F2D5C54A

[Blottedisk]

Hi phon,


Please follow these steps:


Step 1 | There's an infected file in your computer that's needs to be replaced with a clean copy from your Vista DVD.
Please insert the Windows Vista DVD in the DVD-ROM and do the following:

• Click Start and then type cmd in the Start Search box.
• In the results area, right-click cmd.exe, and then click Run as administrator. You will be prompted to type the password for an administrator account. Click Continue if you are the administrator or type the administrator password. Then, click Continue.
• In the command prompt type in the command as below and press enter:
  
  expand d:\i386\userinit.ex_ c:\windows\system32\userinit.exe
  
  Note: d:\ represents the CD\DVD-ROM drive letter.
  
• Now restart.

Step 2 | Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

--------------------------------------------------------------------

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  

  :file
  c:\windows\system32\userinit.exe

  
  
• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[phon]

Hi

During the command prompt part of this process at first windows explorer kept crashing as soon as i typed c into the search box.
I restarted and it then worked but the result came back as follows...

Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>
C:\Windows\system32>expand d:\i386\userinit.ex_ c:\windows\system32\userinit.exe

Microsoft ® File Expansion Utility Version 6.0.6001.18000
Copyright © Microsoft Corporation. All rights reserved.

Can't open input file: d:\i386\userinit.ex_.


Here is the results from SystemLook

SystemLook 04.09.10 by jpshortstuff
Log created at 17:16 on 26/03/2011 by Scott
Administrator - Elevation successful

========== file ==========

c:\windows\system32\userinit.exe - File found and opened.
MD5: 0E135526E9785D085BCD9AEDE6FBCBF9
Created at 02:25 on 21/01/2008
Modified at 02:25 on 21/01/2008
Size: 25088 bytes
Attributes: --a----
FileDescription: Userinit Logon Application
FileVersion: 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion: 6.0.6000.16386
OriginalFilename: USERINIT.EXE.MUI
InternalName: userinit
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

-= EOF =-

Thanks