Inactive Browser Redirect - Malware Infection

bjskitz · 2010/09/18

all that came up was this

SystemLook 04.09.10 by jpshortstuff
Log created at 02:54 on 19/09/2010 by Bizhan
Administrator - Elevation successful

========== filefind ==========

Searching for "NTBR_CD.exe "
C:\Users\Bizhan\Desktop\NTBR_CD.exe --a---- 2565432 bytes [05:47 18/09/2010] [05:47 18/09/2010] C3CF77E7EF7F3B3BD39F65FBF79E55FA

-= EOF =-

broni · 2010/09/18

MD5 number looks OK.

Can you try to burn another CD?
Make sure to write down the error, if any.

If still no go, we'll use another way to reset MBR.

bjskitz · 2010/09/18

well yeh i just did it with another CD, and the same error came up!

im not sure if this is relevant but i went into the BIOS setup and looked in the the sys config - boot options - and this came up:

DVD/CD ROM DRIVE
NOTEBOOK HARDDRIVE
USB DISKETTE ON KEY/USB HARDDRIVE
USB CD/DVD ROM DRIVE
FLOPPY!

broni · 2010/09/18

Looks correct.

Let's try something else....

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.
At first screen click on Repair your computer:

This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec ")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

bjskitz · 2010/09/18

hold on

will this totally delete all my programs and files???

please let me knw !!!??

broni · 2010/09/18

No, no.
It'll do very same thing, what we unsuccessfully attempted with the other CD.
It'll reset MBR (Master Boot Record) to its correct values.
It has nothing to do with your data, or programs.

bjskitz · 2010/09/18

New MBRcheck Log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Presario CQ42 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 237):
0x82E11000 \SystemRoot\system32\ntkrnlpa.exe
0x83221000 \SystemRoot\system32\halmacpi.dll
0x80BCD000 \SystemRoot\system32\kdcom.dll
0x89211000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x89289000 \SystemRoot\system32\PSHED.dll
0x8929A000 \SystemRoot\system32\BOOTVID.dll
0x892A2000 \SystemRoot\system32\CLFS.SYS
0x892E4000 \SystemRoot\system32\CI.dll
0x8938F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x89200000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x89429000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x89471000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8947A000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x89482000 \SystemRoot\system32\DRIVERS\pci.sys
0x894AC000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x894B7000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x894C6000 \SystemRoot\system32\DRIVERS\mpio.sys
0x894EA000 \SystemRoot\System32\drivers\partmgr.sys
0x894FB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x89503000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8950E000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8951E000 \SystemRoot\System32\drivers\volmgrx.sys
0x89569000 \SystemRoot\system32\DRIVERS\intelide.sys
0x89570000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8957E000 \SystemRoot\system32\DRIVERS\aliide.sys
0x89585000 \SystemRoot\system32\DRIVERS\amdide.sys
0x8958C000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x89594000 \SystemRoot\System32\drivers\mountmgr.sys
0x895AA000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x895CA000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x89400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x895E9000 \SystemRoot\system32\DRIVERS\pciide.sys
0x895F0000 \SystemRoot\system32\DRIVERS\viaide.sys
0x89604000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x896DF000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x897B9000 \SystemRoot\system32\DRIVERS\atapi.sys
0x897C2000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x897E5000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x89834000 \SystemRoot\system32\DRIVERS\storport.sys
0x8987B000 \SystemRoot\system32\DRIVERS\msahci.sys
0x89885000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x89898000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x89902000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x8994E000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x89974000 \SystemRoot\system32\DRIVERS\djsvs.sys
0x89988000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x899AE000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x89A21000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x89A5E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x89A67000 \SystemRoot\system32\DRIVERS\arc.sys
0x89A7D000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x89A95000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x89B08000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x89B18000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x89B32000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x89B42000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x89B5C000 \SystemRoot\system32\DRIVERS\megasas.sys
0x89B67000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x89A00000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x899C5000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x89C09000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x89D88000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x89DDD000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x89DEA000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x89800000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x89E2B000 \SystemRoot\system32\drivers\fltmgr.sys
0x89E5F000 \SystemRoot\system32\drivers\fileinfo.sys
0x89E70000 \SystemRoot\system32\drivers\mfehidk.sys
0x89ECD000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89E00000 \SystemRoot\System32\Drivers\msrpc.sys
0x89A0E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A007000 \SystemRoot\System32\Drivers\cng.sys
0x8A064000 \SystemRoot\System32\drivers\pcw.sys
0x8A072000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8A07B000 \SystemRoot\system32\drivers\ndis.sys
0x8A132000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A170000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8A228000 \SystemRoot\System32\drivers\tcpip.sys
0x8A371000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A3A2000 \SystemRoot\system32\drivers\mfewfpk.sys
0x8A3C9000 \SystemRoot\system32\drivers\TDI.SYS
0x8A3D4000 \SystemRoot\system32\DRIVERS\wd.sys
0x8A195000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8A3DC000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x8A3E5000 \SystemRoot\System32\Drivers\spldr.sys
0x8A200000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x8A41F000 \SystemRoot\System32\drivers\rdyboost.sys
0x8A44C000 \SystemRoot\System32\Drivers\mup.sys
0x8A45C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8A464000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8A496000 \SystemRoot\system32\DRIVERS\disk.sys
0x8A59F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A5BE000 \SystemRoot\System32\Drivers\Null.SYS
0x8A5C5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A5CC000 \SystemRoot\System32\drivers\vga.sys
0x8A5D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8A400000 \SystemRoot\System32\drivers\watchdog.sys
0x8A40D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8A415000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A218000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8A3ED000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A1D4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8A1E2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F005000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F037000 \SystemRoot\system32\drivers\afd.sys
0x8F091000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8F09A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8F0A1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F0C0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8F0D1000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x8F0DF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F0ED000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F100000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F110000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8F132000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F138000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F179000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F183000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F18D000 \SystemRoot\System32\drivers\discache.sys
0x8F199000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F1B1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F1BF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F1E0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F1F2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F81B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8FF5F000 \SystemRoot\System32\Drivers\fastfat.SYS
0x90000000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x900B7000 \SystemRoot\System32\drivers\dxgmms1.sys
0x900F0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x900FB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90146000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90155000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92427000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x92518000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x92522000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x9255F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x92577000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x92580000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9258D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x925C4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x925C6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x925D3000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x925DD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x925E6000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x92400000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90174000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92412000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9018C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x901AE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x901C6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x901DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x925F3000 \SystemRoot\System32\Drivers\pcouffin.sys
0x9241D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FF89000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FFBD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9301B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9305F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9363B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x93912000 \SystemRoot\system32\drivers\portcls.sys
0x93941000 \SystemRoot\system32\drivers\drmk.sys
0x93070000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9395A000 \SystemRoot\system32\drivers\modem.sys
0x93967000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x9398B000 \SystemRoot\system32\drivers\mfeavfk.sys
0x939AF000 \SystemRoot\system32\drivers\mfefirek.sys
0x94F40000 \SystemRoot\System32\win32k.sys
0x93600000 \SystemRoot\System32\drivers\Dxapi.sys
0x9360A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93617000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8A4A7000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93622000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x9318C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x931A3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x951A0000 \SystemRoot\System32\TSDDD.dll
0x951D0000 \SystemRoot\System32\cdd.dll
0x94E00000 \SystemRoot\System32\ATMFD.DLL
0x931C7000 \SystemRoot\system32\drivers\luafv.sys
0x931E2000 \SystemRoot\system32\drivers\WudfPf.sys
0x93000000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x94802000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x94848000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x94858000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9486B000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x94874000 \SystemRoot\system32\drivers\HTTP.sys
0x948F9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x94912000 \SystemRoot\System32\drivers\mpsdrv.sys
0x94924000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x94947000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x94982000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B420000 \SystemRoot\system32\drivers\peauth.sys
0x9B4B7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B4C1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B4E2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B4EF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B562000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B5B3000 \SystemRoot\system32\drivers\cfwids.sys
0x9B5BF000 \SystemRoot\system32\drivers\mfeapfk.sys
0x9B5D5000 \SystemRoot\system32\drivers\mfebopk.sys
0x77D20000 \Windows\System32\ntdll.dll
0x47630000 \Windows\System32\smss.exe
0x77F60000 \Windows\System32\apisetschema.dll
0x00520000 \Windows\System32\autochk.exe
0x77EA0000 \Windows\System32\msvcrt.dll
0x77C90000 \Windows\System32\clbcatq.dll
0x77E90000 \Windows\System32\psapi.dll
0x77BC0000 \Windows\System32\user32.dll
0x77E60000 \Windows\System32\imagehlp.dll
0x76F70000 \Windows\System32\shell32.dll
0x76F60000 \Windows\System32\normaliz.dll
0x76F00000 \Windows\System32\shlwapi.dll
0x76DC0000 \Windows\System32\urlmon.dll
0x76CE0000 \Windows\System32\kernel32.dll
0x76BE0000 \Windows\System32\wininet.dll
0x769E0000 \Windows\System32\iertutil.dll
0x76910000 \Windows\System32\msctf.dll
0x76900000 \Windows\System32\nsi.dll
0x767A0000 \Windows\System32\ole32.dll
0x76700000 \Windows\System32\advapi32.dll
0x766F0000 \Windows\System32\lpk.dll
0x76670000 \Windows\System32\comdlg32.dll
0x76650000 \Windows\System32\sechost.dll
0x76600000 \Windows\System32\Wldap32.dll
0x76560000 \Windows\System32\usp10.dll
0x764B0000 \Windows\System32\rpcrt4.dll
0x76490000 \Windows\System32\imm32.dll
0x76430000 \Windows\System32\difxapi.dll
0x76290000 \Windows\System32\setupapi.dll
0x76200000 \Windows\System32\oleaut32.dll
0x761C0000 \Windows\System32\ws2_32.dll
0x76170000 \Windows\System32\gdi32.dll
0x76050000 \Windows\System32\crypt32.dll
0x76000000 \Windows\System32\KernelBase.dll
0x75FD0000 \Windows\System32\wintrust.dll
0x75FA0000 \Windows\System32\cfgmgr32.dll
0x75F80000 \Windows\System32\devobj.dll
0x75EF0000 \Windows\System32\comctl32.dll
0x75EE0000 \Windows\System32\msasn1.dll

Processes (total 65):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
540 csrss.exe
600 C:\Windows\System32\wininit.exe
612 csrss.exe
660 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\winlogon.exe
912 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\audiodg.exe
1232 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\svchost.exe
1564 C:\Windows\System32\spoolsv.exe
1592 C:\Windows\System32\svchost.exe
1676 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
1700 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1720 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1740 C:\Program Files\Bonjour\mDNSResponder.exe
1776 C:\Program Files\NCH Software\BroadCam\broadcam.exe
1844 C:\Windows\System32\svchost.exe
1916 C:\Program Files\iWin Games\iWinTrusted.exe
1956 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2004 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
300 C:\Windows\System32\mfevtps.exe
396 C:\Windows\System32\rundll32.exe
520 C:\Program Files\CyberLink\Shared files\RichVideo.exe
420 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1180 C:\Windows\System32\svchost.exe
1632 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
1988 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2084 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2216 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3012 C:\Windows\System32\taskhost.exe
3240 C:\Windows\System32\svchost.exe
3248 C:\Windows\System32\dwm.exe
3324 C:\Windows\System32\taskeng.exe
3336 C:\Windows\explorer.exe
3596 C:\Program Files\Hide My IP\HideMyIpSrv.exe
3844 C:\Windows\System32\rundll32.exe
3988 C:\Windows\System32\igfxtray.exe
4016 C:\Windows\System32\igfxsrvc.exe
4024 C:\Windows\System32\hkcmd.exe
4036 C:\Windows\System32\igfxpers.exe
2076 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2124 C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
2104 C:\Program Files\Realtek\Audio\OSD\RtVOsd.exe
1368 C:\Program Files\Java\jre6\bin\jusched.exe
2064 C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
2556 C:\Program Files\McAfee.com\Agent\mcagent.exe
3068 C:\Program Files\Software Informer\softinfo.exe
3464 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1168 C:\Windows\System32\SearchIndexer.exe
3952 C:\Windows\System32\SearchProtocolHost.exe
3552 C:\Windows\System32\SearchFilterHost.exe
4736 dllhost.exe
4772 dllhost.exe
4808 C:\Users\Bizhan\Downloads\MBRCheck.exe
4820 C:\Windows\System32\conhost.exe
4844 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`58300000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000003a`32300000 (FAT32)

PhysicalDrive0 Model Number: ST9250410AS, Rev: 0006HPM1

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

broni · 2010/09/18

Good job
MBR is correct now

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

bjskitz · 2010/09/18

Combo Fix log ..... that took a while

That took ages... haha

heres the Combo Fix log:

ComboFix 10-09-17.04 - Bizhan 19/09/2010 3:52.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1979.913 [GMT 10:00]
Running from: c:\users\Bizhan\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\HyperCam Toolbar\tbHElper.dll
c:\users\Bizhan\AppData\Local\{07067A2C-4739-4602-9F4B-C00924F8980A}
c:\users\Bizhan\AppData\Local\{07067A2C-4739-4602-9F4B-C00924F8980A}\chrome.manifest
c:\users\Bizhan\AppData\Local\{07067A2C-4739-4602-9F4B-C00924F8980A}\chrome\content\_cfg.js
c:\users\Bizhan\AppData\Local\{07067A2C-4739-4602-9F4B-C00924F8980A}\chrome\content\overlay.xul
c:\users\Bizhan\AppData\Local\{07067A2C-4739-4602-9F4B-C00924F8980A}\install.rdf
c:\users\Bizhan\AppData\Local\Windows Server
c:\users\Bizhan\AppData\Local\Windows Server\flags.ini
c:\users\Bizhan\AppData\Local\Windows Server\uses32.dat
c:\users\Bizhan\AppData\Roaming\inst.exe
c:\users\Bizhan\AppData\Roaming\Microsoft\Windows\Recent\=[SUMOTorrent.pif
c:\users\Bizhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Bizhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Bizhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\system32\vbzlib1.dll

Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b!explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-18 18:02 . 2010-09-18 18:04 -------- d-----w- c:\users\Bizhan\AppData\Local\temp
2010-09-18 18:02 . 2010-09-18 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-18 17:46 . 2010-09-18 17:47 -------- d-----w- C:\32788R22FWJFW
2010-09-18 15:48 . 2010-09-18 15:48 -------- d-----w- c:\users\Bizhan\AppData\Local\TechSmith
2010-09-18 15:34 . 2010-09-18 15:34 -------- d-----w- c:\windows\system32\QuickTime
2010-09-18 15:33 . 2010-09-18 15:33 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-09-18 15:33 . 2010-09-18 15:33 -------- d-----w- c:\programdata\TechSmith
2010-09-18 15:32 . 2010-09-18 15:32 -------- d-----w- c:\program files\TechSmith
2010-09-18 14:30 . 2010-09-18 14:30 -------- d-----w- c:\program files\CamStudio
2010-09-15 14:25 . 2010-09-15 16:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 14:25 . 2010-09-15 14:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-15 14:19 . 2010-09-15 14:19 -------- d-----w- c:\programdata\PC Tools
2010-09-15 03:49 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 08:23 . 2010-09-14 08:23 -------- d-----w- c:\users\Bizhan\AppData\Roaming\Hide IP NG
2010-09-14 08:23 . 2010-09-14 08:23 -------- d-----w- c:\users\Bizhan\AppData\Roaming\hideip_firefox_plugin
2010-09-14 08:23 . 2010-09-14 08:23 -------- d-----w- c:\program files\Hide IP NG
2010-09-12 08:31 . 2010-09-18 18:02 -------- d-----w- c:\program files\HyperCam Toolbar
2010-09-12 08:31 . 2010-09-12 08:31 -------- d-----w- c:\program files\HyCam2
2010-09-11 18:16 . 2010-09-11 18:25 -------- d-----w- c:\users\Bizhan\AppData\Local\Temporary Projects
2010-09-11 17:45 . 2010-09-11 17:45 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-11 17:44 . 2010-09-11 18:13 -------- d-----w- c:\users\Bizhan\AppData\Local\Microsoft Help
2010-09-11 17:42 . 2010-09-11 17:45 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-11 17:42 . 2010-09-11 17:42 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-09 15:45 . 2010-09-09 15:45 -------- d-----w- c:\program files\SiteAdvisor
2010-09-09 15:42 . 2010-08-24 04:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-09-09 15:42 . 2010-08-24 04:57 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-09-09 15:42 . 2010-08-24 04:57 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-09-09 15:42 . 2010-08-24 04:57 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-09-09 15:42 . 2010-08-24 04:57 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-09-09 15:42 . 2010-08-24 04:57 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-09-09 15:42 . 2010-08-24 04:57 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-09-09 15:42 . 2010-08-24 04:57 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-09-09 15:42 . 2010-08-24 04:57 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-09-09 15:42 . 2010-08-24 04:57 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-09-09 15:42 . 2010-08-24 04:57 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-09-09 15:42 . 2010-09-09 15:42 -------- d-----w- c:\program files\McAfee.com
2010-08-30 15:46 . 2010-08-30 15:46 -------- d-----w- c:\users\Bizhan\AppData\Roaming\SUPERAntiSpyware.com
2010-08-30 15:46 . 2010-08-30 15:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-30 15:46 . 2010-08-30 15:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-29 06:36 . 2010-08-29 06:36 -------- d-----w- c:\users\Bizhan\AppData\Roaming\Malwarebytes
2010-08-29 06:29 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 06:29 . 2010-08-29 06:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 06:29 . 2010-08-29 06:29 -------- d-----w- c:\programdata\Malwarebytes
2010-08-29 06:29 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 06:18 . 2010-08-29 06:18 -------- d--h--w- c:\windows\PIF
2010-08-29 05:40 . 2010-08-29 05:40 120 ----a-w- c:\users\Bizhan\AppData\Local\Kniwusefubemobe.dat
2010-08-29 05:40 . 2010-08-29 05:40 0 ----a-w- c:\users\Bizhan\AppData\Local\Hlije.bin
2010-08-29 05:39 . 2010-08-29 15:14 -------- d-----w- c:\users\Bizhan\AppData\Local\wqjorovhn
2010-08-27 17:50 . 2010-08-27 17:50 -------- d-----w- c:\program files\MSXML 4.0
2010-08-26 14:52 . 2010-08-26 14:52 -------- d-----w- c:\program files\DIFX
2010-08-26 14:52 . 2008-08-26 00:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-08-26 14:52 . 2010-08-26 14:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-08-26 14:52 . 2010-02-26 04:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-08-26 14:51 . 2010-08-26 14:52 -------- d-----w- c:\program files\Nokia
2010-08-26 14:51 . 2010-08-26 14:51 -------- d-----w- c:\program files\Common Files\Nokia
2010-08-26 14:50 . 2010-08-26 14:50 -------- d-----w- c:\programdata\Installations
2010-08-25 06:17 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 18:05 . 2010-05-02 12:17 -------- d-----w- c:\users\Bizhan\AppData\Roaming\Software Informer
2010-09-18 11:16 . 2010-06-07 14:49 -------- d-----w- c:\users\Bizhan\AppData\Roaming\WindSolutions
2010-09-18 11:16 . 2010-06-07 14:49 -------- d-----w- c:\programdata\WindSolutions
2010-09-18 11:16 . 2010-09-18 11:16 5436584 ----a-w- c:\users\Bizhan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe
2010-09-18 11:13 . 2010-07-31 15:42 2714848 ----a-w- c:\users\Bizhan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
2010-09-18 11:12 . 2010-09-18 11:12 2714848 ----a-w- c:\users\Bizhan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans_Suite_v2.150_EN.exe
2010-09-16 13:34 . 2010-05-21 10:45 -------- d-----w- c:\users\Bizhan\AppData\Roaming\BitTorrent
2010-09-16 12:31 . 2010-08-12 11:29 -------- d-----w- c:\program files\PKR
2010-09-15 17:04 . 2010-01-28 20:59 -------- d-----w- c:\programdata\Microsoft Help
2010-09-13 06:01 . 2010-09-13 06:01 2688736 ----a-w- c:\users\Bizhan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans_Suite_v2.120_EN.exe
2010-09-13 03:41 . 2010-05-01 05:43 -------- d-----w- c:\program files\McAfee
2010-09-12 09:35 . 2010-05-21 10:41 -------- d-----w- c:\users\Bizhan\AppData\Roaming\vlc
2010-09-11 17:45 . 2010-01-28 20:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-10 06:38 . 2010-05-01 05:43 -------- d-----w- c:\programdata\McAfee
2010-09-09 15:42 . 2010-05-01 05:43 -------- d-----w- c:\program files\Common Files\McAfee
2010-09-09 15:37 . 2010-01-24 09:35 -------- d-----w- c:\programdata\Norton
2010-09-09 15:35 . 2010-01-24 09:35 -------- d-----w- c:\programdata\NortonInstaller
2010-09-09 15:33 . 2010-01-28 22:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-09 15:28 . 2010-01-28 20:49 -------- d-----w- c:\programdata\Symantec
2010-08-30 17:08 . 2010-05-10 13:28 -------- d-----w- c:\program files\iWin Games
2010-08-30 15:48 . 2010-08-30 15:48 63488 ----a-w- c:\users\Bizhan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-30 15:48 . 2010-08-30 15:48 52224 ----a-w- c:\users\Bizhan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-30 15:48 . 2010-08-30 15:48 117760 ----a-w- c:\users\Bizhan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-26 14:50 . 2010-08-26 14:50 3351812 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\msxml6Exec.exe
2010-08-26 14:50 . 2010-08-26 14:50 36864 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\Sleep.exe
2010-08-26 14:50 . 2010-08-26 14:50 3203453 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\vcredistExec.exe
2010-08-26 14:49 . 2010-08-26 14:51 36414944 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\NokiaSoftwareUpdaterSetup_en.exe
2010-08-23 04:51 . 2010-01-28 20:45 -------- d-----w- c:\programdata\WildTangent
2010-08-12 11:21 . 2010-08-12 11:21 -------- d-----w- c:\program files\Xvid
2010-08-10 16:57 . 2010-08-10 16:57 -------- d-----w- c:\program files\DsNET Corp
2010-08-08 14:50 . 2010-08-08 14:50 -------- d-----w- c:\program files\Game_Maker8
2010-08-01 16:47 . 2010-08-01 16:47 34 ----a-w- c:\windows\system32\BD7420.DAT
2010-07-31 15:42 . 2010-07-31 15:42 6373048 ----a-w- c:\users\Bizhan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
2010-07-29 06:30 . 2010-08-13 19:35 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-13 19:35 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25 . 2010-08-13 19:35 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 12:30 . 2010-06-22 12:30 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-06-22 02:47 . 2010-08-13 19:35 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-13 19:35 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-13 19:35 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-24 04:57 . 2010-09-09 15:42 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Informer "= "c:\program files\Software Informer\softinfo.exe" [2010-04-22 2285637]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-01-04 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-01-04 175640]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-01-04 166936]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"RTHDVCPL "= "c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2009-12-23 4938272]
"RtkOSD "= "c:\program files\Realtek\Audio\OSD\RtVOsd.exe" [2009-10-13 907264]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2010-01-28 149280]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Hide IP]
2010-02-04 09:21 2436952 ----a-w- c:\program files\AutoHideIP\AutoHideIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCam]
2010-07-10 13:03 1052676 ----a-w- c:\program files\NCH Software\BroadCam\broadcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2009-09-29 23:26 1685048 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 04:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-10-16 20:51 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 05:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 12:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-10-08 21:27 322104 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 07:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 19:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 174592]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-02 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-18 87968]
S2 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [2010-07-10 1052676]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2010-04-14 78104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-08-24 141792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2010-04-10 2752816]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-04 126976]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-28 233472]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 862208]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 20:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 02:48]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 02:48]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
LSP: c:\windows\system32\HMIPCore.dll
FF - ProfilePath - c:\users\Bizhan\AppData\Roaming\Mozilla\Firefox\Profiles\bye0b6rm.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15439&locale=en_US&apn_uid=C9328663-D7F1-4205-95E0-D26CE0D63356&apn_ptnrs=GJ&apn_sauid=3BE518F0-E8E8-448A-91A8-945883C4852B&apn_dtid=&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fsm - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82E05000]<< >>UNKNOWN [0x89602000]<< >>UNKNOWN [0x8A3C2000]<< >>UNKNOWN [0x89711000]<< >>UNKNOWN [0x83215000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x8585cb68
QueryNameProcedure -> 0x8585ccf8
user & kernel MBR OK
copy of MBR has been found in sector 2 !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5060)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-09-19 04:09:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-18 18:09

Pre-Run: 181,240,692,736 bytes free
Post-Run: 181,416,390,656 bytes free

- - End Of File - - D73B3FBE79EAE5B9A7CA2FE7060BD973

broni · 2010/09/18

How is redirection?

Uninstall Ask.com, known adware.

==================================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\users\Bizhan\AppData\Local\Kniwusefubemobe.dat
c:\users\Bizhan\AppData\Local\Hlije.bin


Folder::
c:\users\Bizhan\AppData\Local\wqjorovhn
c:\programdata\Norton
c:\programdata\NortonInstaller
c:\programdata\Symantec
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

bjskitz · 2010/09/18

It worked!!!

OMG THANK YOU SOO MUCH

FIREFOX IS RUNNING PERFECTLY NOW!!
ITS SOO FAST, JUST THE WAY IT USED TO BE!!! THANK YOO!!

umm i couldnt find the combofix.txt log file??

but i got a new log file, after i ran combofix again! if u want me to upload that?? buts its HUGE! haha

nywayy... thanxs soo much for the help!!

broni · 2010/09/18

You're very welcome

Upload Combofix file here: http://www.filedropper.com/
Post download link (copy URL: link).

I may trim it, if needed and I'll post it for you.

bjskitz · 2010/09/18

here it is

http://www.filedropper.com/combofix_1

thanks again for all the help!!

bjskitz · 2010/09/18

oh where can I donate?

broni · 2010/09/18

ComboFix 10-09-17.04 - Bizhan 19/09/2010 4:44.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1979.1109 [GMT 10:00]
Running from: c:\users\Bizhan\Desktop\ComboFix.exe
Command switches used :: c:\users\Bizhan\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

FILE ::
"c:\users\Bizhan\AppData\Local\Hlije.bin "
"c:\users\Bizhan\AppData\Local\Kniwusefubemobe.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Norton
c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\programdata\Norton\00000082\00000109\000003c4\cltLMS1.dat
c:\programdata\Norton\00000082\00000109\000003c4\cltLMS2.dat
c:\programdata\Norton\symdata.xml
c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\06-03-2010-17h36m48s.7z
c:\programdata\NortonInstaller\Logs\09-10-2010-01h27m12s\Install.1.mft.7z
c:\programdata\NortonInstaller\Logs\09-10-2010-01h27m12s\InstWrap-0x182C.log
c:\programdata\NortonInstaller\Logs\09-10-2010-01h27m12s\NortonInstall-09-10-2010-01h27m12s.log
c:\programdata\NortonInstaller\Logs\09-10-2010-01h27m36s\NortonInstall-09-10-2010-01h27m36s.log
c:\programdata\NortonInstaller\Logs\2010-01-24-01h35m15s.7z
c:\programdata\NortonInstaller\Logs\2010-01-24-01h35m21s.7z
c:\programdata\NortonInstaller\Logs\2010-01-24-01h35m41s.7z
c:\programdata\NortonInstaller\Logs\2010-01-24-01h35m43s.7z
c:\programdata\NortonInstaller\Logs\2010-05-01-15h31m32s.7z
c:\programdata\NortonInstaller\Logs\2010-05-01-15h41m57s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h20m49s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h20m51s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h20m54s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h20m56s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h20m57s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h20m59s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m01s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m02s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m04s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m06s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m07s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m09s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m12s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m13s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m16s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m18s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m21s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m24s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m25s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m27s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m28s.7z
c:\programdata\NortonInstaller\Logs\2010-05-02-15h21m30s.7z
c:\programdata\NortonInstaller\Logs\2010-05-03-01h06m01s.7z
c:\programdata\NortonInstaller\Logs\2010-05-26-23h12m27s.7z
c:\programdata\NortonInstaller\Logs\2010-05-27-20h51m05s.7z
c:\programdata\NortonInstaller\Logs\2010-06-03-11h56m30s.7z
c:\programdata\NortonInstaller\Logs\2010-09-10-01h35m11s\BHCA-0x1744.log
c:\programdata\NortonInstaller\Logs\2010-09-10-01h35m11s\Install.1.mft
c:\programdata\NortonInstaller\Logs\2010-09-10-01h35m11s\NortonInstall-2010-09-10-01h35m11s.log
c:\programdata\NortonInstaller\Logs\2010-09-10-01h35m11s\SymIMexe-0x14FC.log
c:\programdata\NortonInstaller\Logs\2010-09-10-01h35m11s\WFPUninstexe-0x1634.log
c:\programdata\NortonInstaller\Logs\2010-09-10-01h37m01s\NortonInstall-2010-09-10-01h37m01s.log
c:\programdata\NortonInstaller\Logs\Url.txt
c:\programdata\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\programdata\NortonInstaller\Settings\Norton Internet Security\Exported\set-priv.dat
c:\programdata\Symantec
c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\umcat_01.db
c:\programdata\Symantec\symdata.xml
c:\users\Bizhan\AppData\Local\Hlije.bin
c:\users\Bizhan\AppData\Local\Kniwusefubemobe.dat
c:\users\Bizhan\AppData\Local\wqjorovhn

.
((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-18 18:53 . 2010-09-18 18:53 -------- d-----w- c:\users\Bizhan\AppData\Local\temp
2010-09-18 18:53 . 2010-09-18 18:53 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-09-18 18:53 . 2010-09-18 18:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-18 18:53 . 2010-09-18 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-18 18:39 . 2010-09-18 18:40 -------- d-----w- C:\32788R22FWJFW
2010-09-18 15:48 . 2010-09-18 15:48 -------- d-----w- c:\users\Bizhan\AppData\Local\TechSmith
2010-09-18 15:34 . 2010-09-18 15:34 -------- d-----w- c:\windows\system32\QuickTime
2010-09-18 15:33 . 2010-09-18 15:33 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-09-18 15:33 . 2010-09-18 15:33 -------- d-----w- c:\programdata\TechSmith
2010-09-18 15:32 . 2010-09-18 15:32 -------- d-----w- c:\program files\TechSmith
2010-09-18 14:30 . 2010-09-18 14:30 -------- d-----w- c:\program files\CamStudio
2010-09-18 11:16 . 2010-09-18 11:16 5436584 ----a-w- c:\users\Bizhan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe
2010-09-18 11:12 . 2010-09-18 11:12 2714848 ----a-w- c:\users\Bizhan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans_Suite_v2.150_EN.exe
2010-09-15 14:25 . 2010-09-15 16:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 14:25 . 2010-09-15 14:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-15 14:19 . 2010-09-15 14:19 -------- d-----w- c:\programdata\PC Tools
2010-09-15 03:49 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 08:23 . 2010-09-14 08:23 -------- d-----w- c:\users\Bizhan\AppData\Roaming\Hide IP NG
2010-09-14 08:23 . 2010-09-14 08:23 -------- d-----w- c:\users\Bizhan\AppData\Roaming\hideip_firefox_plugin
2010-09-14 08:23 . 2010-09-14 08:23 -------- d-----w- c:\program files\Hide IP NG
2010-09-13 06:01 . 2010-09-13 06:01 2688736 ----a-w- c:\users\Bizhan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans_Suite_v2.120_EN.exe
2010-09-12 08:31 . 2010-09-18 18:02 -------- d-----w- c:\program files\HyperCam Toolbar
2010-09-12 08:31 . 2010-09-12 08:31 -------- d-----w- c:\program files\HyCam2
2010-09-11 18:16 . 2010-09-11 18:25 -------- d-----w- c:\users\Bizhan\AppData\Local\Temporary Projects
2010-09-11 17:45 . 2010-09-11 17:45 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-11 17:44 . 2010-09-11 18:13 -------- d-----w- c:\users\Bizhan\AppData\Local\Microsoft Help
2010-09-11 17:42 . 2010-09-11 17:45 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-11 17:42 . 2010-09-11 17:42 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-09 15:45 . 2010-09-09 15:45 -------- d-----w- c:\program files\SiteAdvisor
2010-09-09 15:42 . 2010-08-24 04:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-09-09 15:42 . 2010-08-24 04:57 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-09-09 15:42 . 2010-08-24 04:57 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-09-09 15:42 . 2010-08-24 04:57 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-09-09 15:42 . 2010-08-24 04:57 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-09-09 15:42 . 2010-08-24 04:57 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-09-09 15:42 . 2010-08-24 04:57 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-09-09 15:42 . 2010-08-24 04:57 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-09-09 15:42 . 2010-08-24 04:57 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-09-09 15:42 . 2010-08-24 04:57 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-09-09 15:42 . 2010-08-24 04:57 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-09-09 15:42 . 2010-09-09 15:42 -------- d-----w- c:\program files\McAfee.com
2010-08-30 15:48 . 2010-08-30 15:48 63488 ----a-w- c:\users\Bizhan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-30 15:48 . 2010-08-30 15:48 52224 ----a-w- c:\users\Bizhan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-30 15:48 . 2010-08-30 15:48 117760 ----a-w- c:\users\Bizhan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-30 15:46 . 2010-08-30 15:46 -------- d-----w- c:\users\Bizhan\AppData\Roaming\SUPERAntiSpyware.com
2010-08-30 15:46 . 2010-08-30 15:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-30 15:46 . 2010-08-30 15:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-29 06:36 . 2010-08-29 06:36 -------- d-----w- c:\users\Bizhan\AppData\Roaming\Malwarebytes
2010-08-29 06:29 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 06:29 . 2010-08-29 06:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 06:29 . 2010-08-29 06:29 -------- d-----w- c:\programdata\Malwarebytes
2010-08-29 06:29 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 06:18 . 2010-08-29 06:18 -------- d--h--w- c:\windows\PIF
2010-08-27 17:50 . 2010-08-27 17:50 -------- d-----w- c:\program files\MSXML 4.0
2010-08-26 14:52 . 2010-08-26 14:52 -------- d-----w- c:\program files\DIFX
2010-08-26 14:52 . 2008-08-26 00:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-08-26 14:52 . 2010-08-26 14:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-08-26 14:52 . 2010-02-26 04:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-08-26 14:51 . 2010-08-26 14:52 -------- d-----w- c:\program files\Nokia
2010-08-26 14:51 . 2010-08-26 14:51 -------- d-----w- c:\program files\Common Files\Nokia
2010-08-26 14:51 . 2010-08-26 14:49 36414944 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\NokiaSoftwareUpdaterSetup_en.exe
2010-08-26 14:50 . 2010-08-26 14:50 3351812 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\msxml6Exec.exe
2010-08-26 14:50 . 2010-08-26 14:50 36864 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\Sleep.exe
2010-08-26 14:50 . 2010-08-26 14:50 3203453 ----a-w- c:\programdata\Installations\{4ECA710C-B818-4751-A3B8-42C2D93922A8}\Installer\CommonCustomActions\vcredistExec.exe
2010-08-26 14:50 . 2010-08-26 14:50 -------- d-----w- c:\programdata\Installations
2010-08-25 06:17 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 18:05 . 2010-05-02 12:17 -------- d-----w- c:\users\Bizhan\AppData\Roaming\Software Informer
2010-09-18 11:16 . 2010-06-07 14:49 -------- d-----w- c:\users\Bizhan\AppData\Roaming\WindSolutions
2010-09-18 11:16 . 2010-06-07 14:49 -------- d-----w- c:\programdata\WindSolutions
2010-09-18 11:13 . 2010-07-31 15:42 2714848 ----a-w- c:\users\Bizhan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
2010-09-16 13:34 . 2010-05-21 10:45 -------- d-----w- c:\users\Bizhan\AppData\Roaming\BitTorrent
2010-09-16 12:31 . 2010-08-12 11:29 -------- d-----w- c:\program files\PKR
2010-09-15 17:04 . 2010-01-28 20:59 -------- d-----w- c:\programdata\Microsoft Help
2010-09-13 03:41 . 2010-05-01 05:43 -------- d-----w- c:\program files\McAfee
2010-09-12 09:35 . 2010-05-21 10:41 -------- d-----w- c:\users\Bizhan\AppData\Roaming\vlc
2010-09-11 17:45 . 2010-01-28 20:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-10 06:38 . 2010-05-01 05:43 -------- d-----w- c:\programdata\McAfee
2010-09-09 15:42 . 2010-05-01 05:43 -------- d-----w- c:\program files\Common Files\McAfee
2010-09-09 15:33 . 2010-01-28 22:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-30 17:08 . 2010-05-10 13:28 -------- d-----w- c:\program files\iWin Games
2010-08-23 04:51 . 2010-01-28 20:45 -------- d-----w- c:\programdata\WildTangent
2010-08-12 11:21 . 2010-08-12 11:21 -------- d-----w- c:\program files\Xvid
2010-08-10 16:57 . 2010-08-10 16:57 -------- d-----w- c:\program files\DsNET Corp
2010-08-08 14:50 . 2010-08-08 14:50 -------- d-----w- c:\program files\Game_Maker8
2010-08-01 16:47 . 2010-08-01 16:47 34 ----a-w- c:\windows\system32\BD7420.DAT
2010-07-31 15:42 . 2010-07-31 15:42 6373048 ----a-w- c:\users\Bizhan\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
2010-07-29 06:30 . 2010-08-13 19:35 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-13 19:35 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25 . 2010-08-13 19:35 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 12:30 . 2010-06-22 12:30 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-06-22 02:47 . 2010-08-13 19:35 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-13 19:35 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-13 19:35 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-24 04:57 . 2010-09-09 15:42 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-18_18.04.25 )))))))))))))))))))))))))))))))))))))))))
.

[Snapshot omitted - Broni]
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Informer "= "c:\program files\Software Informer\softinfo.exe" [2010-04-22 2285637]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-01-04 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-01-04 175640]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-01-04 166936]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"RTHDVCPL "= "c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2009-12-23 4938272]
"RtkOSD "= "c:\program files\Realtek\Audio\OSD\RtVOsd.exe" [2009-10-13 907264]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2010-01-28 149280]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]
"Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Hide IP]
2010-02-04 09:21 2436952 ----a-w- c:\program files\AutoHideIP\AutoHideIP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCam]
2010-07-10 13:03 1052676 ----a-w- c:\program files\NCH Software\BroadCam\broadcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 01:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2009-09-29 23:26 1685048 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 04:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-10-16 20:51 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 05:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 12:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-10-08 21:27 322104 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 07:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-25 18:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]
2009-07-23 19:04 498744 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 174592]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-02 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-11-18 87968]
S2 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [2010-07-10 1052676]
S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2010-04-14 78104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-08-24 141792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP\HideMyIpSrv.exe [2010-04-10 2752816]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-01-04 126976]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-28 233472]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 862208]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 20:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 02:48]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 02:48]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
LSP: c:\windows\system32\HMIPCore.dll
FF - ProfilePath - c:\users\Bizhan\AppData\Roaming\Mozilla\Firefox\Profiles\bye0b6rm.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82E3F000]<< >>UNKNOWN [0x8961B000]<< >>UNKNOWN [0x8A3B9000]<< >>UNKNOWN [0x8983E000]<< >>UNKNOWN [0x82E08000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x8585db68
QueryNameProcedure -> 0x8585dcf8
user & kernel MBR OK
copy of MBR has been found in sector 2 !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-19 04:57:11
ComboFix-quarantined-files.txt 2010-09-18 18:57
ComboFix2.txt 2010-09-18 18:09

Pre-Run: 181,780,156,416 bytes free
Post-Run: 181,350,641,664 bytes free

- - End Of File - - 6B6FCBB857A8BD7F2F91F1E2140A1FAE

bjskitz · 2010/09/18

oh sorry , dont worry i got it! oh and is it possible to change my account settings, caus i purposely put in the wrong infrmation caus i thought this was a scam site... sorry... ??

broni · 2010/09/18

I still don't like Combofix log.

Delete your Combofix file, download fresh one and post new log.

broni · 2010/09/18

oh and is it possible to change my account settings, caus i purposely put in the wrong infrmation caus i thought this was a scam site
Click to expand...

What happened?...LOL

bjskitz · 2010/09/18

oh sorry, when u register to become a member, i put in the wrong details because at first didnt trust this site..... il post the new combofix log file now!

broni · 2010/09/18

You'll need to contact site administrator: http://www.windowsbbs.com/members/admin-.html

Log in or Sign up

Inactive Browser Redirect - Malware Infection

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Browser Redirect - Malware Infection

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

bjskitz Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches