Jim1946

In case any helper or other person reads this post I was able to solve my problem by reading other posts and the "Procedure to help resolve issues preventing MBAM from running" and then "MBAM won't install or run - CLB Rootkit....". Once I was able to delete the offending CLB Driver, I was able to install and run MBAM. MBAM then found the Vundo Trojan. I first ran a quick scan, which found the main problems and deleted Vundo, and then a complete scan which found more Vundo in system restore files. I believe that Vundo got in past McAfee. That won't happen again as I have bought the Pro Version of MBAM and have enable protection. If anyone reads this post, and is waiting for volunteer help, you might try my solutions - and read similar posts with problems.

Hope someone can help. I know my PC is infected as IE8 goes to fictitious sites. I've tried a number of time running mbam-setup.exe, but it extracts files, but never finishes. The resulting program won't run. I've tried to follow the instructions in "I'm Infected" , but will limited success. First, Defogger executes and goes to "OK", but never asks to reboot - I rebooted anyhow. I was able to run DDS and will attach the files as asked for below. My PC is so sick that I won't fully run GMER Rootkit before locking up - GMER taks more than 1 hour. I copied and saves the first part of GMER and will past it below - it showed some items in "red" entitled "library". I will still try to get a full GMER scan and post it if and when I'm able to. I will appreciate any help or advice. Thanks, Jim. DDS.txt: DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 6:26:05.78 on Tue 01/05/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1483 [GMT -7:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\windows\system32\svchost -k DcomLaunch svchost.exe C:\windows\system32\svchost.exe -k netsvcs C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe C:\windows\system32\svchost.exe -k WudfServiceGroup C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe svchost.exe svchost.exe C:\windows\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\windows\system32\cisvc.exe C:\windows\eHome\ehRecvr.exe C:\windows\eHome\ehSched.exe C:\windows\Explorer.EXE C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\windows\ARPWRMSG.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\windows\RTHDCPL.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE C:\windows\system32\rundll32.exe C:\Documents and Settings\HP_Administrator\My Documents\My Downloads\KnockOut.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\windows\system32\svchost -k Panda C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\windows\system32\nvsvc32.exe C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe C:\WINDOWS\system32\PSIService.exe c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe svchost.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Panda Security\Panda Global Protection 2010\ApVxdWin.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\windows\system32\wuauclt.exe C:\windows\eHome\ehmsas.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\imapi.exe C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://my.yahoo.com/ uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll BHO: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - No File BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll uRun: [Companion for Microsoft Outlook] "c:\documents and settings\hp_administrator\my documents\my downloads\KnockOut.exe" uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" mRun: [WinPatrol] "c:\program files\billp studios\winpatrol\winpatrol.exe" -expressboot mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE" mRun: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode mRun: [ehTray] "c:\windows\ehome\ehtray.exe" mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe" mRun: [AlwaysReady Power Message APP] "ARPWRMSG.EXE" mRun: [AcronisTimounterMonitor] "c:\program files\acronis\trueimagehome\TimounterMonitor.exe" mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [CanonMyPrinter] "c:\program files\canon\myprinter\BJMyPrt.exe" /logon mRun: [RTHDCPL] "RTHDCPL.EXE" mRun: [Alcmtr] "ALCMTR.EXE" mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2010\APVXDWIN.EXE" /s mRun: [sCANINICIO] "c:\program files\panda security\panda global protection 2010\Inicio.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://lms.jetnet.aa.com/wbt/res/cab/awswaxd.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://vanmappub.vancouver.ca/download/mgaxctrl.cab DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219279867703 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5093/mcfscan.cab DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: avldr - avldr.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Authentication Packages = msv1_0 relog_ap LSA: Notification Packages = scecli scecli ============= SERVICES / DRIVERS =============== R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2010-1-3 28552] R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-1-3 75016] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-1-3 53128] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-1-3 22072] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-1-3 193800] R1 IsDrv118;IsDrv118;c:\windows\system32\drivers\IsDrv118.sys [2007-12-17 160955] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-1-3 159112] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-1-3 46728] R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda global protection 2010\PsCtrlS.exe [2010-1-3 173312] R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2010-1-3 84024] R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda global protection 2010\PavFnSvr.exe [2010-1-3 169216] R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2010\psksvc.exe [2010-1-3 28928] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008] R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-9-13 82048] R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [2010-1-3 199432] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys --> c:\windows\system32\drivers\mfehidk.sys [?] S2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-2-10 234888] S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2009-10-23 515803] S2 gupdate1c9923b258d1ae0;Google Update Service (gupdate1c9923b258d1ae0);c:\program files\google\update\GoogleUpdate.exe [2009-2-18 133104] S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-7-30 359952] S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?] S2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda global protection 2010\PAVSRV51.EXE [2010-1-3 291584] S2 VG6000;Actiontec IPW;c:\windows\system32\drivers\vg6000.sys --> c:\windows\system32\drivers\vg6000.sys [?] S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\spy sweeper\spysweeper.exe" --> c:\program files\webroot\spy sweeper\SpySweeper.exe [?] S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-1-3 30104] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-1-3 30104] S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys --> c:\windows\system32\drivers\mfeavfk.sys [?] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys --> c:\windows\system32\drivers\mfebopk.sys [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys --> c:\windows\system32\drivers\mferkdk.sys [?] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys --> c:\windows\system32\drivers\mfesmfk.sys [?] ============== File Associations =============== JSEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %* VBEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %* VBSFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %* =============== Created Last 30 ================ 2010-01-05 13:21:30 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable 2010-01-05 00:14:55 0 d-----w- c:\program files\james 2010-01-04 22:33:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-04 22:33:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-01-04 22:33:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-04 22:00:43 0 d-----w- c:\windows\ServicePackFiles 2010-01-04 18:25:12 333952 ------w- c:\windows\system32\dllcache\srv.sys 2010-01-04 18:22:47 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2010-01-04 18:22:31 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2010-01-04 18:21:44 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2010-01-04 18:21:32 215552 ------w- c:\windows\system32\dllcache\wordpad.exe 2010-01-04 17:53:21 0 dc-h--w- c:\windows\ie8 2010-01-04 00:11:07 0 d-----w- c:\program files\CCleaner 2010-01-03 15:14:31 8627 ----a-w- c:\windows\system32\PAV_FOG.OPC 2010-01-03 15:02:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Backup 2010-01-03 15:01:56 87296 ----a-w- c:\windows\system32\PavLspHook.dll 2010-01-03 15:01:56 55552 ----a-w- c:\windows\system32\pavipc.dll 2010-01-03 15:01:56 193792 ----a-w- c:\windows\system32\TpUtil.dll 2010-01-03 15:01:56 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL 2010-01-03 15:01:55 518400 ----a-w- c:\windows\system32\PavSHook.dll 2010-01-03 15:01:54 84024 ----a-w- c:\windows\system32\drivers\pavdrv51.sys 2010-01-03 15:01:54 58672 ----a-w- c:\windows\system32\avldr.dll 2010-01-03 15:01:54 199432 ----a-w- c:\windows\system32\drivers\neti1639.sys 2010-01-03 15:01:54 0 d-----w- c:\windows\system32\PAV 2010-01-03 15:01:54 0 d-----w- c:\program files\Panda Security 2010-01-03 15:01:54 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Panda Security 2010-01-03 15:01:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Security 2010-01-03 14:59:55 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-01-03 14:20:00 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2010-01-03 14:19:28 50968 ----a-w- c:\windows\system32\avgfwdx.dll 2010-01-03 14:19:28 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys 2010-01-03 01:21:56 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-01-03 00:22:30 0 d-----w- c:\program files\AVG 2010-01-03 00:12:27 0 d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8 2010-01-02 13:38:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit 2010-01-02 13:38:28 0 d-----w- c:\docume~1\alluse~1\applic~1\CanonIJPLM 2010-01-02 05:40:35 8212 ----a-w- c:\windows\mfebcdata 2010-01-02 05:02:03 561 ----a-w- c:\windows\system32\krl32mainweq.dll 2010-01-02 05:01:01 246 ----a-w- c:\windows\system32\srcr.dat 2009-12-28 23:43:07 3523872 ----a-w- c:\windows\system32\cdintf300.dll 2009-12-28 23:41:50 0 d-----w- c:\program files\Quicken 2009-12-28 23:41:40 165 ----a-w- c:\windows\QUICKEN.INI 2009-12-27 22:31:18 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Windows Search 2009-12-26 19:38:11 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys 2009-12-26 19:38:09 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys 2009-12-26 19:38:07 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys 2009-12-26 19:38:05 59136 ----a-w- c:\windows\system32\dllcache\gckernel.sys 2009-12-26 19:38:04 10624 ----a-w- c:\windows\system32\dllcache\gameenum.sys 2009-12-26 19:38:02 322432 ----a-w- c:\windows\system32\dllcache\g400m.sys 2009-12-26 19:38:00 1733120 ----a-w- c:\windows\system32\dllcache\g400d.dll 2009-12-26 19:36:57 347550 ----a-w- c:\windows\system32\dllcache\es56tpi.sys 2009-12-26 19:35:56 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax 2009-12-26 19:34:57 419357 ----a-w- c:\windows\system32\dllcache\dgconfig.dll 2009-12-26 19:33:59 44032 ----a-w- c:\windows\system32\dllcache\cnusd.dll 2009-12-26 19:32:53 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys 2009-12-26 19:31:59 26496 ----a-w- c:\windows\system32\dllcache\asc.sys 2009-12-26 19:16:03 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll 2009-12-26 19:00:34 0 d-----w- c:\program files\common files\AnswerWorks 5.0 ==================== Find3M ==================== 2010-01-03 15:02:36 197400 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck 2010-01-03 15:02:36 197400 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2010-01-03 15:02:36 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck 2010-01-03 15:02:36 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG 2010-01-01 16:20:06 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe 2009-10-21 12:14:46 238368 ----a-w- c:\windows\fonts\spranq_eco_sans_regular.ttf 2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll 2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys 2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll 2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll 2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll 2009-10-08 21:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2009-10-08 21:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:57:00 220160 ----a-w- c:\windows\system32\dllcache\oleacc.dll 2009-10-08 21:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-08 21:56:56 20480 ----a-w- c:\windows\system32\dllcache\oleaccrc.dll 2008-05-28 16:52:10 3522600 ----a-w- c:\program files\procexp.exe 2007-03-28 09:01:46 22 --sh--w- c:\windows\sminst\HPCD.SYS 2007-04-25 22:55:28 88 --sh--r- c:\windows\system32\B1FD3D7639.sys ============= FINISH: 6:29:27.26 =============== GMER Scan: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-05 08:31:48 Windows 5.1.2600 Service Pack 3 Running: uqdrzxpd.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pxldipow.sys ---- System - GMER 1.0.15 ---- Code 8A7E59D0 ZwEnumerateKey Code 8A7E56D8 ZwFlushInstructionCache Code 8A7E618E IofCallDriver Code 8A2E8706 IofCompleteRequest ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) Device \Driver\Tcpip \Device\Ip 8A7C3020 Device \Driver\Tcpip \Device\Ip 8A5E4990 Device \Driver\Tcpip \Device\Ip 898F01C0 Device \Driver\Tcpip \Device\Ip 8A66B0B0 Device \Driver\Tcpip \Device\Ip 89E016E0 Device \Driver\Tcpip \Device\Ip 8ABBC0C0 Device \Driver\Tcpip \Device\Ip 8AA8C4E8 Device \Driver\Tcpip \Device\Ip 8A81F408 AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IsDrv118.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IsDrv118.sys Device \Driver\Tcpip \Device\Tcp 8A7C3020 Device \Driver\Tcpip \Device\Tcp 8A5E4990 Device \Driver\Tcpip \Device\Tcp 898F01C0 Device \Driver\Tcpip \Device\Tcp 8A66B0B0 Device \Driver\Tcpip \Device\Tcp 89E016E0 Device \Driver\Tcpip \Device\Tcp 8ABBC0C0 Device \Driver\Tcpip \Device\Tcp 8AA8C4E8 Device \Driver\Tcpip \Device\Tcp 8A81F408 AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Tcpip \Device\Udp 8A7C3020 Device \Driver\Tcpip \Device\Udp 8A5E4990 Device \Driver\Tcpip \Device\Udp 898F01C0 Device \Driver\Tcpip \Device\Udp 8A66B0B0 Device \Driver\Tcpip \Device\Udp 89E016E0 Device \Driver\Tcpip \Device\Udp 8ABBC0C0 Device \Driver\Tcpip \Device\Udp 8AA8C4E8 Device \Driver\Tcpip \Device\Udp 8A81F408 AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.) Device \Driver\Tcpip \Device\RawIp 8A7C3020 Device \Driver\Tcpip \Device\RawIp 8A5E4990 Device \Driver\Tcpip \Device\RawIp 898F01C0 Device \Driver\Tcpip \Device\RawIp 8A66B0B0 Device \Driver\Tcpip \Device\RawIp 89E016E0 Device \Driver\Tcpip \Device\RawIp 8ABBC0C0 Device \Driver\Tcpip \Device\RawIp 8AA8C4E8 Device \Driver\Tcpip \Device\RawIp 8A81F408 AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Security, S.L.) Device \Driver\Tcpip \Device\IPMULTICAST 8A7C3020 Device \Driver\Tcpip \Device\IPMULTICAST 8A5E4990 Device \Driver\Tcpip \Device\IPMULTICAST 898F01C0 Device \Driver\Tcpip \Device\IPMULTICAST 8A66B0B0 Device \Driver\Tcpip \Device\IPMULTICAST 89E016E0 Device \Driver\Tcpip \Device\IPMULTICAST 8ABBC0C0 Device \Driver\Tcpip \Device\IPMULTICAST 8AA8C4E8 Device \Driver\Tcpip \Device\IPMULTICAST 8A81F408 AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) AttachedDevice \FileSystem\Fastfat \Fat pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Security, S.L.) ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\H8SRTfoawlddqce.sys (*** hidden *** ) B269D000-B26BA000 (118784 bytes) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [408] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [484] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [780] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1820] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1948] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [2028] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [2868] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [3356] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [3512] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3620] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTlnxmvejkkg.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3620] 0x00C80000 Library \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll (*** hidden *** ) @ C:\windows\Explorer.EXE [3812] 0x10000000 ---- Services - GMER 1.0.15 ---- Service C:\windows\system32\drivers\H8SRTfoawlddqce.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfoawlddqce.sys Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfoawlddqce.sys Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbgtmlvkbas.dll Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTopysvdndck.dat Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll Reg HKLM\SYSTEM\ControlSet001\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTlnxmvejkkg.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfoawlddqce.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfoawlddqce.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbgtmlvkbas.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTopysvdndck.dat Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTlnxmvejkkg.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfoawlddqce.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfoawlddqce.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbgtmlvkbas.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTopysvdndck.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTlnxmvejkkg.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance@Error Count 143 Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfoawlddqce.sys Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfoawlddqce.sys Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbgtmlvkbas.dll Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTopysvdndck.dat Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTlnxmvejkkg.dll Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTfoawlddqce.sys Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTfoawlddqce.sys Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTbgtmlvkbas.dll Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTopysvdndck.dat Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTkkrlhudcri.dll Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTlnxmvejkkg.dll ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Administrator\Local Settings\Temp\h8srtmainqt.dll 16136 bytes Attach.zip

I'm definitely infected with malware - IE 8 redirects to ficticious sites. I'm trying to load Mbam-Setup.Exe but it won't complete the installation. I get to "finishing" and no further. A program file is created, but the program won't run. Any ideas on how to get the installation to finish? I've downloaded the file 4 times and even copied it to a CD without success. Most of the time Mbam-Setup.Exe won't even run. Thanks, Jim