"potentially rootkit-masked registry" found by Webroot Antivirus with Antispyware

Hello, I am not posting a log, because I have banned the computer in question from the internet...but here is the issue. My Webroot states it found a "potentially rootkit-masked registry". Even tho Webroot says it will quarantine it....it does not (hence, I can not fix it), and a rescan will often find it again. I say "often" because sometimes it does not see it. It can be found in regular and safe mode. The Webroot log states it is found at HKLM\System\ControlSet004\Enum\PCI\VEN_14E4&DEV_4320&SUBSYS_12F4103C&REV_03\4&253a0906&0&10A4\LOGCONF || BOOTCONF (ID=0). MBAM is negative, even in full scan. Before I banned the comp from internet, I downloaded and ran SAS....this, too was negative. TrendMicro Rootkit buster is negative. Comodo BOclean hasnt cleaned this issue. My first symptom was Webroot taking greater than 20 hours to do a scan that usually takes about one and a half hours (I started the scan, and left for the day...could not believe it was still running when I returned the next day.) In safe mode, it does the scan in regular time (and still finds the issue.) I banned the comp from internet after Webroot reported a flury of attempts by some program to access known spyware sites.

I run on XP, with HP laptop. Avira AntiVir, Comodo Firewall, Webroot with AV disabled since I used AntiVir, and other passive malware scanners.

Since Webroot has given me a location, should i delete that key? Or is that a false posative, and my problem resides elsewhere that I need more help with? Thanks for your input.

 

Oh, I ran GMER....but i will be darned if i can figure THAT one out, lol.

 

Oh yeah, HJT is benign...i am pretty comfortable interpreting it.

 

Thanks, chaslang. Here are the logs. I am in safe mode to send them. Will have to send in two posts because there are greater than 4 logs. In the GMLog, it looked like a threat was found (? zlob, but i forget now). There should be no monitoring programs or remote access controls to this computer, I use it solely at home. Also, please let me know if I have programs that are conflicting or duplicating, and hence are not needed. Also, I will be downloading Firefox to use as a primary browser....will my protection cover me there? Any other general advice is appreciated. I have followed the steps outlined to clean my computer, already....but still get the attempts to access dangerous websites (or least, was getting them before I ran the included scans, and hence, banned the internet). Thanks for everything!!

 

Here are the additional files. If you find something of GMER (which I had to upload in 3 sections, could you please help me to learn how to interpret GMER....i enjoy the preocess of learning knew information. Thanks a ton.

 

Thanks, chaslang, but i am still having problems. After reading your last post, i tried to allow internet connection on that computer, but almost instantly i got another flurry of warnings from my protection programs that attempts were being made (and blocked) to websites of known spy/malware. And, yes, they were dangerous websites. It does not appear that there have been any views of the GMLog. Could you please review that, and recommend other tools i can run and post, to help us solve this problem? Thanks.

 

As a new update, chaslang, I ran the following on-line scanners:

1) Kaspersky. It found:

C:\ProgramFiles|TrendMicro|HijackThis\Backups\Backup-20081007-090248-835-PowerRegScheduler.exe

Which was inactive, but I deleted it any way.

2) BitDefender. It found:

C:\SWSetup\hplmgEnh|delink.exe (Gen: Trojan.Heur.VB.1024DBEBEB)

Which BitDefender deleted.

3) F-Secure. Which found nothing.

I am not allowing non-safe mode internet still, tho. Anything on GMLog? Thanks.