BleepingComputer.com: trojan csrss.exe

Hi

There's no sign of any remaining malware in the logs

You might want to take a good look through all your installed programs and uninstall all the programs that you do not use and then do a defrag

Use TFC to clear out the clutter.

Then make sure that your box is free from dust and debris, take a can of canned air to clean it out, just to make sure it's not over heating.


It may just have been one of those unexplainable hiccups.

hi cat

i have been trying to run GMER but have had some strange and different problems each time i try. i downloaded it from the gmer site per your link.

run 1) gmer started, i then went to CTRL-ALT-DEL to lock laptop and leave it running. but i got a BSOD, stop 08 (i think) cannt find dmp
run 2) gmer started and then disappeared from screen
run 3) gmer started, ran and finished but before i could save the log the dialog disappeared along with gmer...perhaps a buffered click ( i dunno)

aaargh... will try to run it again...

perhaps i should bin the windows pos and get a mac ??

will update if i get a log!!

OK

try running it in safe mode if it still gives problems,

that in itself isn't a sign there are problems, it just doesn't run well on some systems,

try this ARK scanner as well

Scan With RootKitUnHooker

• Please Download Rootkit Unhooker and save it to your desktop.
  
• Now double-click on RKUnhookerLE.exe to run it.
  
• Click the Report tab, then click Scan.
  
• Check (Tick) Drivers and Stealth
  
• Uncheck the rest. then click OK
  
• When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  
• Wait till the scanner has finished and then click File > Save Report.
  
• Save the report somewhere where you can find it. Click Close.
  
• Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

hi cat
i will try again to run gmer overnight in safe mode

meanwhile i ran unhooker ...the log file follows


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F60F000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9568256 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82A02000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82A02000 PnpManager 3907584 bytes
0x82A02000 RAW 3907584 bytes
0x82A02000 WMIxWDM 3907584 bytes
0xAAAD0000 Win32k 2113536 bytes
0xAAAD0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B607000 C:\Windows\system32\drivers\ql2300.sys 1277952 bytes (QLogic Corporation, QLogic Fibre Channel Stor Miniport Driver)
0x9020C000 C:\Windows\system32\DRIVERS\athr.sys 1200128 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8BC02000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8B84A000 C:\Windows\System32\drivers\NDIS.SYS 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0xA0C02000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8BA00000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DF000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAF695000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B405000 C:\Windows\system32\drivers\megasr.sys 749568 bytes (LSI Corporation, Inc., LSI MegaRAID Software RAID Driver)
0xA0D05000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x81021000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8B04C000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x8FF2F000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B2F7000 C:\Windows\system32\drivers\elxstor.sys 606208 bytes (Emulex, Storport Miniport Driver for LightPulse HBAs)
0x8BB25000 C:\Windows\system32\DRIVERS\timntr.sys 598016 bytes (Acronis, Acronis Backup Archive Explorer)
0x90050000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80605000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8B960000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80415000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x81105000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8B190000 C:\Windows\system32\drivers\adp94xx.sys 434176 bytes (Adaptec, Inc., Adaptec Windows SAS/SATA Storport Driver)
0x8B73F000 C:\Windows\system32\drivers\ql40xx.sys 348160 bytes (QLogic Corporation, QLogic iSCSI Storport Miniport Driver)
0xAF62A000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0xAAD20000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8B204000 C:\Windows\system32\drivers\adpahci.sys 311296 bytes (Adaptec, Inc., Adaptec Windows SATA Storport Driver)
0x900DD000 C:\Windows\system32\DRIVERS\Rtlh86.sys 311296 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x80775000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0xA1409000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068E000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8049E000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B12D000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0xA0B14000 C:\Windows\System32\DRIVERS\cmdguard.sys 253952 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xA0AD6000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x90003000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA150C000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B4D5000 C:\Windows\system32\drivers\uliahci.sys 245760 bytes (ULi Electronics Inc., ULi SATA Controller Driver)
0xA0A49000 C:\Windows\system32\drivers\CHDRT32.sys 241664 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x8B80F000 C:\Windows\System32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x811C7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8BD1A000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA0A03000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82DBC000 ACPI_HAL 208896 bytes
0x82DBC000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B55E000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xA1465000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x90354000 C:\Windows\system32\DRIVERS\SynTP.sys 196608 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x903AD000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0xA0A84000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B511000 C:\Windows\system32\drivers\ulsata2.sys 180224 bytes (Promise Technology, Inc., Promise SATAII150 Series Windows Drivers)
0x8B5BD000 C:\Windows\System32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x901B7000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x810D1000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8BD6A000 C:\Windows\system32\DRIVERS\snapman.sys 163840 bytes (Acronis, Acronis Snapshot API)
0xAF602000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8BDBD000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E5000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B291000 C:\Windows\system32\drivers\adpu320.sys 155648 bytes (Adaptec, Inc., Adaptec StorPort Ultra320 SCSI Driver)
0x8B26B000 C:\Windows\system32\drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0xA0AB1000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA156D000 C:\Windows\system32\drivers\cbfs.sys 143360 bytes (EldoS Corporation, Callback File System Driver)
0x90129000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA14E4000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8B023000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA0DC7000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0x8B7D8000 C:\Windows\system32\drivers\ulsata.sys 135168 bytes (Promise Technology, Inc., Promise Ultra/Sata Series Driver for Win2003)
0xA15BC000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8B9DA000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8B53D000 C:\Windows\system32\drivers\vsmraid.sys 135168 bytes (VIA Technologies Inc.,Ltd, VIA RAID DRIVER FOR AMD-X86-64)
0x811A8000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8B0F5000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x90194000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x81172000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8BB08000 C:\Windows\system32\DRIVERS\vididr.sys 118784 bytes (Acronis, Acronis Virtual Disk Driver)
0x8B5A0000 C:\Windows\System32\drivers\WRkrn.sys 118784 bytes (Webroot, Webroot Cloud AntiVirus)
0x8072E000 C:\Windows\system32\drivers\mpio.sys 114688 bytes (Microsoft Corporation, MultiPath Support Bus-Driver)
0x8B250000 C:\Windows\system32\drivers\adpu160m.sys 110592 bytes (Adaptec, Inc., Adaptec LH Ultra160 Driver (x86))
0x8BAED000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x81006000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8B008000 C:\Windows\system32\drivers\nvraid.sys 110592 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x8B3BD000 C:\Windows\system32\drivers\lsi_fc.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT FC Driver (StorPort))
0x8B113000 C:\Windows\system32\drivers\lsi_scsi.sys 106496 bytes (LSI Logic, LSI Logic Fusion-MPT SCSI Driver (StorPort))
0x805CF000 C:\Windows\system32\drivers\msdsm.sys 106496 bytes (Microsoft Corporation, Microsoft Device Specific Module)
0x8118F000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90395000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8B3D7000 C:\Windows\system32\drivers\lsi_sas.sys 98304 bytes (LSI Logic, LSI Logic Fusion-MPT SAS Driver (StorPort))
0x8B5E8000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0xA1556000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x903DC000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA15A5000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8B2CB000 C:\Windows\system32\drivers\arc.sys 90112 bytes (Adaptec, Inc., Adaptec RAID Storport Driver)
0x8B2E1000 C:\Windows\system32\drivers\arcsas.sys 90112 bytes (Adaptec, Inc., Adaptec SAS RAID WS03 Driver)
0xA15DD000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xA14AD000 C:\Windows\system32\DRIVERS\inspect.sys 90112 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xA1497000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0xA0B9B000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9016F000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8BD99000 C:\Windows\system32\drivers\sbp2port.sys 86016 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0x8B7A1000 C:\Windows\system32\drivers\sisraid4.sys 86016 bytes (Silicon Integrated Systems, SiS AHCI Stor-Miniport Driver)
0xA1590000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8B2B7000 C:\Windows\system32\drivers\djsvs.sys 81920 bytes (Adaptec, Inc., Adaptec Ultra SCSI miniport)
0x9015B000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA1451000 C:\Windows\system32\drivers\RTSTOR.SYS 81920 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
0xA0BBC000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x90331000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8070C000 C:\Windows\system32\DRIVERS\vsflt53.sys 77824 bytes (Acronis, Acronis Virtual Disk Storage Filter)
0xA14D1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8BDE4000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0xA0A38000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80485000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8B590000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xA0BE5000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8B395000 C:\Windows\system32\drivers\iirsp.sys 65536 bytes (Intel Corp./ICP vortex GmbH, Intel/ICP Raid Storport Driver)
0x805BF000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x90184000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8BBED000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8071F000 C:\Windows\system32\drivers\isapnp.sys 61440 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0x8F600000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8BDAE000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8074A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x9014C000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8BD5B000 C:\Windows\system32\DRIVERS\Soluto.sys 61440 bytes (Soluto LTD., Soluto PCGenome Core Driver)
0x90041000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80766000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0xAAD10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0xA14C3000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8B4C7000 C:\Windows\system32\drivers\nfrd960.sys 57344 bytes (IBM Corporation, IBM ServeRAID Controller Driver)
0xA0B84000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x807C6000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xA15F3000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0xA0DBA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8B16E000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x8B794000 C:\Windows\system32\drivers\sisraid2.sys 53248 bytes (Microsoft Corporation, SiS RAID Stor Miniport Driver)
0x901EB000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80681000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8B3A5000 C:\Windows\system32\drivers\iteatapi.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8211 ATA/ATAPI SCSI miniport)
0x8B3B1000 C:\Windows\system32\drivers\iteraid.sys 49152 bytes (Integrated Technology Express, Inc., ITE IT8212 ATA RAID SCSI miniport)
0x8B7B6000 C:\Windows\system32\drivers\symc8xx.sys 49152 bytes (LSI Logic, LSI Logic 8XX SCSI Miniport Driver)
0xAF77D000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8FFE6000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FFCF000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xA0BB1000 C:\Windows\System32\DRIVERS\cmdhlp.sys 45056 bytes (COMODO, COMODO Internet Security Helper Driver)
0xA0BD0000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8B185000 C:\Windows\system32\drivers\hpcisss.sys 45056 bytes (Hewlett-Packard Company, Smart Array Storport Driver)
0x90349000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x90386000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8B4BC000 C:\Windows\system32\drivers\mraid35x.sys 45056 bytes (LSI Logic Corporation, MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86)
0xA0B79000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x903F3000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B7C2000 C:\Windows\system32\drivers\sym_hi.sys 45056 bytes (LSI Logic, LSI Logic Hi-Perf SCSI Miniport Driver)
0x8B7CD000 C:\Windows\system32\drivers\sym_u3.sys 45056 bytes (LSI Logic, LSI Logic Ultra160 SCSI Miniport Driver)
0x8B955000 C:\Windows\System32\drivers\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8BBD9000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FFDB000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8075C000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0xA0BDB000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x8FFF2000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B38B000 C:\Windows\system32\drivers\i2omp.sys 40960 bytes (Microsoft Corporation, I2O Miniport Driver)
0x8B3EF000 C:\Windows\system32\drivers\megasas.sys 40960 bytes (LSI Corporation, MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86)
0x8B17B000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x901E1000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x810FB000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0xA1548000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAF773000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8BBB7000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0xAF795000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8BDF5000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0xA0DF0000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA1400000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA0B59000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xA0BF5000 C:\Windows\System32\Drivers\LEqdUsb.Sys 36864 bytes (Logitech, Inc., Logitech Equad USB Driver.)
0xA0B92000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAACF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8BBE4000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8B9D1000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D4000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8B0ED000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80496000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xA0DE8000 C:\Windows\System32\DRIVERS\cmderd.sys 32768 bytes (COMODO, COMODO Internet Security Eradication Driver)
0x807E9000 C:\Windows\system32\drivers\cmdide.sys 32768 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0x8BBC1000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x8BBC9000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x901F8000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DD000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0xA0B69000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0xA0B71000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BD53000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8B044000 C:\Windows\system32\drivers\viaide.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0x8BD12000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0xAF78C000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x807DB000 C:\Windows\system32\drivers\aliide.sys 28672 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0x807E2000 C:\Windows\system32\drivers\amdide.sys 28672 bytes (Microsoft Corporation, AMD IDE Driver)
0xA0B52000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0xA0B62000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x807BF000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8040E000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA0DF9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x807D4000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8BD92000 C:\Windows\System32\Drivers\SmartDefragDriver.sys 28672 bytes
0x90200000 C:\Windows\system32\DRIVERS\tap0901.sys 28672 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xA1506000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x901B1000 C:\Windows\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0x90344000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0x90391000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA1552000 C:\Program Files\HWiNFO32\HWiNFO32.SYS 16384 bytes (REALiX™, HWiNFO32 Kernel Driver)
0xAF691000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x80759000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAF789000 C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys 12288 bytes (Realtime Soft Ltd, UltraMon Utility Driver)
0x90207000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x90384000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xA0C00000 C:\Windows\System32\Drivers\LHidEqd.Sys 4096 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xAF794000 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 4096 bytes (TuneUp Software, TuneUp Utilities Driver)
==============================================
>Stealth
==============================================

ps it never asked me to select c: drive...

how is the computer running now?

Are there still issues?

Please give as much detail as possible

hi cat
gmer wouldnt run even in safe mode...machine seems ok...ran sfc ...all clear.... re ran combofix ...log below...

what do you think?

ComboFix 11-09-06.03 - jhg 07/09/2011 0:23.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3002.1851 [GMT 1:00]
Running from: c:\users\jhg\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-09-06 21:44 . 2011-09-06 21:44 -------- d-----w- C:\123ComboFix
2011-09-04 11:50 . 2011-09-04 11:50 -------- dc----w- c:\users\jhg\AppData\Local\NeoSmart_Technologies
2011-09-04 11:46 . 2011-09-04 11:46 -------- dc----w- c:\program files\NeoSmart Technologies
2011-09-04 10:25 . 2011-09-04 10:25 388096 -c--a-r- c:\users\jhg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-04 10:25 . 2011-09-04 10:25 -------- dc----w- c:\program files\Trend Micro
2011-08-31 07:26 . 2011-08-31 07:27 -------- dc----w- c:\users\jhg\AppData\Roaming\Notepad++
2011-08-31 07:26 . 2011-08-31 07:26 -------- dc----w- c:\program files\Notepad++
2011-08-30 09:54 . 2011-08-15 12:19 31552 -c--a-w- c:\windows\system32\TURegOpt.exe
2011-08-30 09:53 . 2011-08-15 12:13 21312 -c--a-w- c:\windows\system32\authuitu.dll
2011-08-30 09:53 . 2011-08-15 12:13 29504 -c--a-w- c:\windows\system32\uxtuneup.dll
2011-08-30 09:52 . 2011-08-30 09:53 -------- dc----w- c:\program files\TuneUp Utilities 2011
2011-08-28 07:21 . 2011-08-28 07:21 -------- dc----w- c:\program files\Resource Kit
2011-08-24 17:18 . 2011-08-24 17:18 -------- dc----w- c:\program files\QuickTime
2011-08-24 11:06 . 2011-08-26 12:16 -------- dc----w- c:\program files\3DBoxShotMaker
2011-08-24 07:25 . 2011-08-24 07:26 -------- dc----w- c:\program files\Market Samurai
2011-08-24 07:03 . 2011-07-11 13:25 2048 -c--a-w- c:\windows\system32\tzres.dll
2011-08-23 15:32 . 2011-08-23 15:32 -------- dc----w- c:\users\jhg\AppData\Roaming\PhoenixLabs
2011-08-23 15:32 . 2011-08-23 15:32 -------- dc----w- c:\program files\Phoenix Labs
2011-08-23 13:07 . 2011-08-23 13:07 -------- dc----w- c:\program files\MCE Standby Tool
2011-08-23 12:42 . 2011-08-23 12:42 -------- dc----w- c:\users\jhg\AppData\Roaming\ScrapeBox Link Checker Free Edition
2011-08-23 07:49 . 2011-09-06 23:16 -------- dc----w- c:\users\jhg\AppData\Roaming\Dropbox
2011-08-23 07:35 . 2011-08-23 07:37 -------- dc----w- c:\program files\Unlocker
2011-08-22 14:13 . 2011-08-23 12:59 -------- dc----w- c:\program files\Google Trends Buzz
2011-08-22 11:19 . 2011-08-22 11:19 -------- dc----w- c:\program files\Niche Browser
2011-08-22 07:59 . 2011-08-22 07:59 -------- dc----w- c:\program files\WOT
2011-08-22 07:38 . 2011-08-22 07:38 -------- dc----w- c:\program files\ERUNT
2011-08-21 17:53 . 2011-08-21 17:53 -------- dc----w- c:\program files\Common Files\Java
2011-08-19 11:28 . 2011-08-19 11:28 -------- dc----w- c:\program files\HWiNFO32
2011-08-18 13:34 . 2011-08-18 13:34 -------- dc----w- c:\users\jhg\AppData\Local\IsolatedStorage
2011-08-16 08:57 . 2011-08-16 08:57 -------- dc----w- c:\program files\MozBackup
2011-08-15 16:30 . 2011-08-15 16:32 -------- dc----w- c:\users\jhg\AppData\Roaming\Delicious IE Extension
2011-08-15 16:28 . 2011-08-15 16:34 -------- dc----w- c:\program files\Delicious Add-on for Internet Explorer
2011-08-14 12:04 . 2011-08-14 12:10 -------- dc----w- c:\users\jhg\AppData\Roaming\RoboSoft
2011-08-14 12:04 . 2011-08-14 12:10 -------- dc----w- c:\programdata\RoboSoft
2011-08-12 16:55 . 2011-08-17 15:19 -------- dc----w- c:\program files\Stealth Keyword Competition Analyzer
2011-08-11 15:29 . 2011-07-21 10:33 51144 -c--a-w- c:\windows\system32\drivers\Soluto.sys
2011-08-11 11:17 . 2011-08-11 11:17 2106216 -c--a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-11 11:17 . 2011-08-11 11:17 1998168 -c--a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-11 09:34 . 2011-08-11 09:34 601408 -c--a-w- c:\windows\system32\drivers\timntr.sys
2011-08-11 09:32 . 2011-08-11 09:32 125472 -c--a-w- c:\windows\system32\drivers\vididr.sys
2011-08-11 09:31 . 2011-08-11 09:31 83392 -c--a-w- c:\windows\system32\drivers\vsflt53.sys
2011-08-11 09:31 . 2011-08-11 09:31 169088 -c--a-w- c:\windows\system32\drivers\snapman.sys
2011-08-11 09:10 . 2011-08-11 09:10 -------- d-----w- C:\VritualRoot
2011-08-11 07:32 . 2011-09-01 08:19 134104 -c--a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-11 07:32 . 2011-09-01 08:19 89048 -c--a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-11 07:32 . 2011-09-01 08:19 478168 -c--a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-11 07:32 . 2011-09-01 08:19 15832 -c--a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-11 07:32 . 2011-09-01 08:19 1846232 -c--a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-11 07:32 . 2011-09-01 08:19 785368 -c--a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-10 17:27 . 2011-06-17 16:03 375808 -c--a-w- c:\windows\system32\winsrv.dll
2011-08-10 17:27 . 2011-07-06 15:31 214016 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 17:26 . 2011-06-06 10:59 2409784 -c--a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 17:24 . 2011-06-20 08:54 3602832 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 17:24 . 2011-06-20 08:54 3550096 -c--a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 17:24 . 2011-06-17 20:13 913296 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 17:24 . 2011-06-17 13:31 31232 -c--a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 17:45 . 2011-08-09 17:45 -------- dc----w- c:\program files\ESET
2011-08-09 08:15 . 2011-08-09 08:15 -------- dc----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-08 17:21 . 2011-08-08 17:21 -------- dc----w- c:\program files\Acronis
2011-08-08 17:21 . 2011-08-11 09:30 -------- dc----w- c:\program files\Common Files\Acronis
2011-08-08 17:15 . 2011-08-08 17:15 -------- dc----w- c:\program files\Western Digital Corporation
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 14:56 . 2011-08-03 09:45 121184 -c--a-w- c:\windows\system32\WRusr.dll
2011-09-06 14:56 . 2011-08-03 09:45 105800 -c--a-w- c:\windows\system32\drivers\WRkrn.sys
2011-09-01 09:54 . 2011-06-12 06:30 404640 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-21 17:52 . 2010-12-04 09:29 544656 -c--a-w- c:\windows\system32\deployJava1.dll
2011-08-07 13:08 . 2010-12-02 09:43 21064 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-21 07:47 . 2011-07-21 07:47 53248 -c--a-r- c:\users\jhg\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-07-21 07:46 . 2011-01-05 14:12 16400 -c--a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-07 12:26 . 2011-08-04 17:07 17280 -c--a-w- c:\windows\system32\roboot.exe
2011-07-06 18:52 . 2010-12-02 11:59 41272 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2010-12-02 11:59 22712 -c--a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 08:37 . 2010-09-10 23:40 82400 -c--a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 08:37 . 2010-09-10 23:40 36568 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:37 . 2010-09-10 23:40 238960 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:37 . 2010-09-10 23:40 19088 -c--a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37 . 2010-09-10 23:41 285256 -c--a-w- c:\windows\system32\guard32.dll
2011-08-25 10:03 . 2011-08-11 07:21 1658880 -c--a-w- c:\program files\opera\program\plugins\rf-np-plugin.dll
2011-09-01 08:19 . 2011-08-11 07:32 134104 -c--a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-10 17:36 . 2010-12-04 16:14 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-07-30 00:19 754176 -c--a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-07-30 00:19 754176 -c--a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-07-30 00:19 754176 -c--a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-07-30 00:19 754176 -c--a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-07-30 00:19 754176 -c--a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\users\jhg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\users\jhg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\users\jhg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 -c--a-w- c:\users\jhg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MzCpuAccelerator"="c:\program files\Mz Ultimate Tools\Mz CPU Accelerator\MzCPUAccelerator.exe" [2010-12-18 272384]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2011-08-30 108344]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-08-25 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Task Catcher"="c:\program files\BillP Studios\Task Catcher\tasktrap.exe" [2006-08-15 140856]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
.
c:\users\jhg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jhg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-3-29 29310]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-3-29 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^jhg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk.disabled]
backup=c:\windows\pss\Dropbox.lnk.disabled.Startup
backupExtension=.Startup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"EPSON Stylus D78 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "c:\windows\TEMP\E_SF8D6.tmp" /EF "HKCU"
"TrayFactory"=c:\program files\PS Tray Factory\PSTrayFactory.exe /start
"Google Update"="c:\users\jhg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"3C3E8D0B2FACD61E9B91857039AFD1A949EF5FD3._service_run"="c:\users\jhg\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"MobileBroadband"=c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MobileBroadband"=c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
"Reader Library Launcher"=c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-766714266-3305230590-1689769915-1000]
"EnableNotificationsRef"=dword:00000001
.
R0 BtHidBus;Bluetooth HID Bus Service; [x]
R0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2011-07-21 51144]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-21 392224]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [x]
R3 BTCOM;Bluetooth Serial port driver; [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service; [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-12-15 13224]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-08-10 30192]
R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R3 IvtBtBUs;IVT Bluetooth Bus Service; [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R3 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-04-28 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2010-03-25 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-04-19 105856]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-07-19 123264]
R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R4 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-05-10 3585696]
R4 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-05-10 3834456]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-05-10 3515656]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-05-10 3769048]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-05-11 167040]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2011-08-11 125472]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2011-08-11 83392]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2011-09-06 105800]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-12-18 147416]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-06-30 19088]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-06-30 238960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-06-30 36568]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2011-05-22 20216]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [2011-01-02 9216]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-08-15 1526080]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-04-30 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-04-30 12184]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-12-15 27632]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-06-06 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
netsvcs_Untrusted_BZ REG_MULTI_SZ winmgmt_Untrusted_BZ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 -c----w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-06 c:\windows\Tasks\Defrag Job 00.job
- c:\program files\Disktrix\UltimateDefrag\Udefrag.exe [2010-08-17 12:58]
.
2011-09-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-12-01 08:26]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 16:48]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 16:48]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-766714266-3305230590-1689769915-1000Core.job
- c:\users\jhg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-30 22:07]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-766714266-3305230590-1689769915-1000UA.job
- c:\users\jhg\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-30 22:07]
.
2011-09-02 c:\windows\Tasks\WebUpdate.job
- c:\program files\Smart PC Utilities\Vista Services Optimizer\WebUpdate.exe [2010-07-04 17:03]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.arithmosolutions.co.uk/app/messages-inbox.asp
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4D7DD770-0ABF-45B9-8922-0D3A8EB58CF9}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{FE69ADA2-9CFA-4410-A446-22DB54DD89D3}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\jhg\AppData\Roaming\Mozilla\Firefox\Profiles\smzl27v5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-07 00:33
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(3360)
c:\windows\system32\guard32.dll
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
c:\users\jhg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Completion time: 2011-09-07 00:37:53
ComboFix-quarantined-files.txt 2011-09-06 23:37
ComboFix2.txt 2011-09-06 22:29
ComboFix3.txt 2011-08-29 07:45
.
Pre-Run: 119,310,991,360 bytes free
Post-Run: 119,258,148,864 bytes free
.
- - End Of File - - 3D5812BBB8BD217D38B48BFCE3CB7E17

Hi

I don't see any sign of malware in the log

How is the computer running?


Are there any outstanding issues?

hi cat
..i think its running ok fingers crossed
THANK YOU

take care
jg

OK, good to hear

Use the same cleanup routine as before

right click all the tools and logs except Combofix > delete them,

for ComboFix > enter Combofix /uninstall into a run box

stay safe

~CB

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.