I managed to interrupt the reboot and get into safe mode and it finished.
Here is the log..
ComboFix 11-12-29.05 - Administrator 12/29/2011 18:43:19.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.610 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 01:43 . 2011-12-30 01:43 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsle43e50ca.sys
2011-12-30 00:36 . 2011-12-30 00:36 388096 ----a-r- c:\documents and settings\Allyson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-30 00:35 . 2011-12-30 00:35 -------- d-----w- c:\program files\Trend Micro
2011-12-30 00:34 . 2011-12-30 00:34 0 ----a-w- c:\documents and settings\Allyson\HiJackThis.msi
2011-12-30 00:01 . 2011-12-30 00:01 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl565317aa.sys
2011-12-29 23:38 . 2011-12-29 23:38 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKslbb585c08.sys
2011-12-29 23:16 . 2011-12-29 23:16 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsld4feac4d.sys
2011-12-29 22:53 . 2011-12-29 22:53 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl2bef0671.sys
2011-12-29 22:43 . 2011-12-29 22:43 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl370aecc5.sys
2011-12-29 22:30 . 2011-12-29 22:30 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl7f42012b.sys
2011-12-29 21:40 . 2011-12-29 21:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-12-28 04:54 . 2011-12-28 04:54 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl19d11d02.sys
2011-12-28 04:52 . 2011-12-28 04:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2011-12-28 04:50 . 2011-12-28 04:50 -------- d-----w- c:\documents and settings\Allyson\Application Data\Malwarebytes
2011-12-28 04:31 . 2011-12-28 04:31 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl908689c5.sys
2011-12-28 04:06 . 2011-12-28 04:05 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-28 04:05 . 2011-12-28 04:53 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-12-28 04:05 . 2011-12-28 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2011-12-28 02:18 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 02:18 . 2011-12-28 04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-28 02:15 . 2011-12-28 02:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\CrystalIdea Software
2011-12-28 02:12 . 2011-10-30 21:14 27600 ----a-w- c:\windows\system32\drivers\CisUtMonitor.sys
2011-12-28 02:11 . 2011-12-28 04:52 -------- d-----w- c:\program files\Uninstall Tool
2011-12-28 00:08 . 2011-12-28 04:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2011-12-26 00:16 . 2011-12-26 00:16 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl489071a3.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-15 . 2E17260C4889F47F71E2B33CD13F7F3D . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-12-29_22.15.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-24 17:26 . 2011-12-29 21:30 71488 c:\windows\system32\perfc009.dat
+ 2008-06-24 17:26 . 2011-12-30 02:35 71488 c:\windows\system32\perfc009.dat
+ 2008-06-24 17:26 . 2011-12-30 02:35 441552 c:\windows\system32\perfh009.dat
- 2008-06-24 17:26 . 2011-12-29 21:30 441552 c:\windows\system32\perfh009.dat
+ 2011-12-30 00:36 . 2011-12-30 00:36 1094656 c:\windows\Installer\211ed5.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTBFirstRun"="c:\program files\Hewlett-Packard\SDP\hprun.exe" [2008-11-07 24576]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Allyson^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk]
path=c:\documents and settings\Allyson\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
backup=c:\windows\pss\HP SimpleSave Monitor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 12:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2008-12-03 02:57 729088 ----a-w- c:\windows\system32\AESTFltr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppVodBurner]
2010-10-29 16:06 4980736 ----a-w- c:\program files\VodBurner\vodburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 07:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-15 04:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 13:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 22:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 13:46 135168 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-09-01 01:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 18:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 22:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 13:46 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-07-16 01:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-12-04 22:54 1410344 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-09-11 11:00 446556 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-03-17 07:27 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [3/9/2009 3:00 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [3/9/2009 3:00 AM 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [9/24/2008 10:09 PM 103792]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [9/19/2011 3:48 PM 98392]
S1 MpKsl01511777;MpKsl01511777;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl01511777.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl01511777.sys [?]
S1 MpKsl024ee902;MpKsl024ee902;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BAC6AA66-28EB-4BF2-A7C0-C2440681C11E}\MpKsl024ee902.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BAC6AA66-28EB-4BF2-A7C0-C2440681C11E}\MpKsl024ee902.sys [?]
S1 MpKsl092cdcd0;MpKsl092cdcd0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BAC6AA66-28EB-4BF2-A7C0-C2440681C11E}\MpKsl092cdcd0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BAC6AA66-28EB-4BF2-A7C0-C2440681C11E}\MpKsl092cdcd0.sys [?]
S1 MpKsl181274b3;MpKsl181274b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl181274b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl181274b3.sys [?]
S1 MpKsl19d11d02;MpKsl19d11d02;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl19d11d02.sys [12/27/2011 8:54 PM 28752]
S1 MpKsl1bdaee21;MpKsl1bdaee21;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl1bdaee21.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl1bdaee21.sys [?]
S1 MpKsl2226132c;MpKsl2226132c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl2226132c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl2226132c.sys [?]
S1 MpKsl25f89b5e;MpKsl25f89b5e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A1D977-51A5-42E9-AA9A-487C08F9BE0F}\MpKsl25f89b5e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7A1D977-51A5-42E9-AA9A-487C08F9BE0F}\MpKsl25f89b5e.sys [?]
S1 MpKsl2bef0671;MpKsl2bef0671;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl2bef0671.sys [12/29/2011 2:53 PM 28752]
S1 MpKsl316e2d3e;MpKsl316e2d3e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl316e2d3e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl316e2d3e.sys [?]
S1 MpKsl34819e1d;MpKsl34819e1d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl34819e1d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl34819e1d.sys [?]
S1 MpKsl370aecc5;MpKsl370aecc5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl370aecc5.sys [12/29/2011 2:43 PM 28752]
S1 MpKsl401656f4;MpKsl401656f4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl401656f4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl401656f4.sys [?]
S1 MpKsl4562e2df;MpKsl4562e2df;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl4562e2df.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl4562e2df.sys [?]
S1 MpKsl498fa5ba;MpKsl498fa5ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6179837-3CD9-4DA2-AE81-2DC883441A95}\MpKsl498fa5ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6179837-3CD9-4DA2-AE81-2DC883441A95}\MpKsl498fa5ba.sys [?]
S1 MpKsl556578ab;MpKsl556578ab;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl556578ab.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl556578ab.sys [?]
S1 MpKsl565317aa;MpKsl565317aa;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl565317aa.sys [12/29/2011 4:01 PM 28752]
S1 MpKsl616a52d2;MpKsl616a52d2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl616a52d2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl616a52d2.sys [?]
S1 MpKsl6456fd3c;MpKsl6456fd3c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA037EF8-C1CE-48AF-B0EA-4031F72484BC}\MpKsl6456fd3c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA037EF8-C1CE-48AF-B0EA-4031F72484BC}\MpKsl6456fd3c.sys [?]
S1 MpKsl7371cd0c;MpKsl7371cd0c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA037EF8-C1CE-48AF-B0EA-4031F72484BC}\MpKsl7371cd0c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA037EF8-C1CE-48AF-B0EA-4031F72484BC}\MpKsl7371cd0c.sys [?]
S1 MpKsl74924ba6;MpKsl74924ba6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl74924ba6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl74924ba6.sys [?]
S1 MpKsl75a592a5;MpKsl75a592a5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl75a592a5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl75a592a5.sys [?]
S1 MpKsl7f42012b;MpKsl7f42012b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl7f42012b.sys [12/29/2011 2:30 PM 28752]
S1 MpKsl8372bc00;MpKsl8372bc00;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl8372bc00.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl8372bc00.sys [?]
S1 MpKsl840a4db8;MpKsl840a4db8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl840a4db8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl840a4db8.sys [?]
S1 MpKsl86507b7a;MpKsl86507b7a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl86507b7a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsl86507b7a.sys [?]
S1 MpKsl88596b33;MpKsl88596b33;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BAC6AA66-28EB-4BF2-A7C0-C2440681C11E}\MpKsl88596b33.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BAC6AA66-28EB-4BF2-A7C0-C2440681C11E}\MpKsl88596b33.sys [?]
S1 MpKsl908689c5;MpKsl908689c5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsl908689c5.sys [12/27/2011 8:31 PM 28752]
S1 MpKsla66a8685;MpKsla66a8685;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsla66a8685.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsla66a8685.sys [?]
S1 MpKsla95d4954;MpKsla95d4954;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsla95d4954.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsla95d4954.sys [?]
S1 MpKslbb585c08;MpKslbb585c08;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKslbb585c08.sys [12/29/2011 3:38 PM 28752]
S1 MpKslc53defa1;MpKslc53defa1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKslc53defa1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKslc53defa1.sys [?]
S1 MpKsld12f1c17;MpKsld12f1c17;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsld12f1c17.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsld12f1c17.sys [?]
S1 MpKsld4feac4d;MpKsld4feac4d;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsld4feac4d.sys [12/29/2011 3:16 PM 28752]
S1 MpKsldad52135;MpKsldad52135;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsldad52135.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsldad52135.sys [?]
S1 MpKsle330df6d;MpKsle330df6d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsle330df6d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsle330df6d.sys [?]
S1 MpKsle43e50ca;MpKsle43e50ca;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45C1D8D8-C40E-4ED2-8D2D-0D8145F0C668}\MpKsle43e50ca.sys [12/29/2011 5:43 PM 28752]
S1 MpKsleaa2494a;MpKsleaa2494a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsleaa2494a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsleaa2494a.sys [?]
S1 MpKsled8c18f8;MpKsled8c18f8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsled8c18f8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{782E3E85-79B4-4C7E-A0E0-CA7EB4499800}\MpKsled8c18f8.sys [?]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [3/9/2009 3:00 AM 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [12/11/2008 10:46 PM 125424]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 10:25 AM 189736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 8:43 AM 135664]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/27/2011 6:18 PM 366152]
S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [1/14/2009 6:56 AM 345336]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/9/2009 2:33 AM 112128]
S3 CisUtMonitor;CisUtMonitor;c:\windows\system32\drivers\CisUtMonitor.sys [12/27/2011 6:12 PM 27600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2010 8:43 AM 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [9/20/2011 12:24 PM 23624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/27/2011 6:18 PM 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 QCFilterhp;HP USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterhp.sys [3/9/2009 2:34 AM 5248]
S3 qcusbnethp;HP USB-NDIS miniport;c:\windows\system32\drivers\qcusbnethp.sys [3/9/2009 2:34 AM 115200]
S3 qcusbserhp;HP USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserhp.sys [3/9/2009 2:34 AM 104448]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 7:29 PM 32408]
S4 BackupService;BackupService;c:\documents and settings\Allyson\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [11/28/2010 8:44 AM 83512]
S4 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [12/25/2008 6:28 PM 203248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2008-12-26 02:28]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 16:43]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-17 16:43]
.
2011-12-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-12-30 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]
.
2011-06-11 c:\windows\Tasks\photopadShakeIcon.job
- c:\program files\NCH Software\PhotoPad\photopad.exe [2010-12-17 20:06]
.
2010-12-17 c:\windows\Tasks\photostageSevenDays.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-12-17 20:08]
.
2010-12-17 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2010-12-17 20:08]
.
2011-06-25 c:\windows\Tasks\pixillionDowngrade.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-12-17 20:07]
.
2011-06-11 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2010-12-17 20:07]
.
2011-12-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3776529232-2776693366-2901217791-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-12-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3776529232-2776693366-2901217791-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2010-12-10 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-11-30 04:06]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 205.171.3.25
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-12-29 19:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\EXT.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bwsjnqxo]
"ImagePath"="\??\c:\windows\TEMP\tddafwjp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\fwizvaqm]
"ImagePath"="\??\c:\windows\TEMP\ujrjfcmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hmpbgvsn]
"ImagePath"="\??\c:\windows\TEMP\mbyovzzz"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\muaxuehl]
"ImagePath"="\??\c:\windows\TEMP\qeifkskq"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rkyclvmm]
"ImagePath"="\??\c:\windows\TEMP\qgshpgsz"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sebfozqy]
"ImagePath"="\??\c:\windows\TEMP\qonnlnko"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wxsdfxrx]
"ImagePath"="\??\c:\windows\TEMP\vazfppos"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1648)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Completion time: 2011-12-29 19:11:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 03:11
ComboFix2.txt 2011-12-29 22:20
.
Pre-Run: 41,626,845,184 bytes free
Post-Run: 41,577,406,464 bytes free
.
- - End Of File - - CFB6249E684E1BE6C117B694DB35F413