Jump to content

CKNight09

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Better. Windows update works and no more problems have been reported. With your go ahead, I'd like to download and update Adobe Reader and Java to the latest available versions.
  2. I removed all of McAfee except the site adviser. I kept that. I did do all you asked. I have the Avira Free Anti-Virus Software. I like it better than McAfee, McAfee was a bit annoying though. I am glad that I removed it.
  3. Here is the JavaRa log: JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Jun 20 16:49:16 2010 ------------------------------------ Finished reporting. Here is the next report as you told me to do in order. 16:54:04:484 3360 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48 DDS (Ver_10-03-17.01) - NTFSx86 Run by Jon Watson at 17:01:13.75 on Sun 06/20/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1386 [GMT -7:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\First Alert Storm Team\liveonline_3625813.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Jon Watson\My Documents\My Videos\Veoh\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://dmforums.hero-dragon.org/ uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch uDefault_Page_URL = hxxp://www.mycopper.net uSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll uURLSearchHooks: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P1.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uURLSearchHooks: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\program files\download_energy\tbDow1.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll BHO: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P1.dll BHO: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\program files\download_energy\tbDow1.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll TB: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P1.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll TB: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\program files\download_energy\tbDow1.dll TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [cdloader] "c:\documents and settings\jon watson\application data\mjusbsp\cdloader2.exe" MAGICJACK uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" mRun: [soundMan] SOUNDMAN.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot dRun: [notepad] rundll32.exe c:\docume~1\jonwat~1\ntload.dll,_IWMPEvents@0 dRunOnce: [sWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021 StartupFolder: c:\docume~1\jonwat~1\startm~1\programs\startup\CANONI~1.LNK - StartupFolder: c:\docume~1\jonwat~1\startm~1\programs\startup\firsta~1.lnk - c:\program files\first alert storm team\liveonline_3625813.exe StartupFolder: c:\docume~1\jonwat~1\startm~1\programs\startup\mopypo~1.lnk - c:\mopyfish\GETPOINT.EXE IE: &AOL Radio Toolbar Search - c:\documents and settings\all users\application data\aol radio toolbar\ietoolbar\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\jon watson\start menu\programs\imvu\Run IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: magicjack.com\my Trusted Zone: talk4free.com\reg DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jonwat~1\applic~1\mozilla\firefox\profiles\64g9o40q.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://dmforums.hero-dragon.org/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\jon watson\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\picasa2\npPicasa2.dll FF - plugin: c:\program files\picasa2\npPicasa3.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - plugin: f:\program files\program\program\plugins\npbeatnk.dll FF - plugin: f:\program files\program\program\plugins\NPDocBox.dll FF - plugin: f:\program files\program\program\plugins\nphppi.dll FF - plugin: f:\program files\program\program\plugins\NPMetastream3.dll FF - plugin: f:\program files\program\program\plugins\nppl3260.dll FF - plugin: f:\program files\program\program\plugins\nprfxins.dll FF - plugin: f:\program files\program\program\plugins\nprjplug.dll FF - plugin: f:\program files\program\program\plugins\nprpjplug.dll FF - plugin: f:\program files\program\program\plugins\npwmsdrm.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-28 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-28 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-28 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-28 60936] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-25 93320] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-23 135664] S2 PEVSystemStart;PEVSystemStart;c:\combofix\PEV.cfxxe [2010-6-18 256512] S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-3-1 29184] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-25 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-25 40552] ============== File Associations =============== txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1" =============== Created Last 30 ================ 2010-06-18 17:39:48 0 d-s---w- C:\ComboFix 2010-06-16 23:58:35 0 d-----w- c:\program files\ESET 2010-06-16 23:21:07 0 d-sha-r- C:\cmdcons 2010-06-16 23:15:04 77312 ----a-w- c:\windows\MBR.exe 2010-06-16 23:15:03 98816 ----a-w- c:\windows\sed.exe 2010-06-16 23:15:03 256512 ----a-w- c:\windows\PEV.exe 2010-06-16 23:15:03 161792 ----a-w- c:\windows\SWREG.exe 2010-06-16 16:09:56 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2010-06-16 15:58:43 16384 ---ha-w- C:\SZKGFS.dat 2010-06-16 15:55:00 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard 2010-06-16 15:52:50 0 d-----w- c:\program files\common files\iS3 2010-06-16 15:52:49 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla! 2010-06-03 08:48:12 608415 ----a-w- c:\documents and settings\jon watson\HOSTS 2010-05-27 02:31:07 48640 ----a-w- c:\windows\system32\INETWH32.DLL 2010-05-27 02:31:07 317952 ----a-w- c:\windows\system32\Roboex32.dll ==================== Find3M ==================== 2010-06-20 23:56:28 162816 ----a-w- c:\windows\system32\drivers\netbt.sys 2010-06-16 03:43:19 83080 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-24 03:38:42 14320 ----a-w- c:\windows\MOPYFISH.SCR 2010-05-24 03:38:42 10944 ----a-w- c:\windows\BYEFISH.EXE 2010-05-15 18:23:24 729088 ----a-w- c:\windows\iun6001.exe 2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-05 02:06:53 103784 ----a-w- c:\documents and settings\jon watson\GoToAssistDownloadHelper.exe 2010-04-03 00:28:40 61440 ----a-w- c:\windows\uninstall.exe 2008-10-04 15:00:14 604877 ----a-w- c:\program files\desktopComic.exe 2010-01-29 01:24:00 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat ============= FINISH: 17:02:13.45 =============== 16:54:04:484 3360 ================================================================================ 16:54:04:484 3360 SystemInfo: 16:54:04:484 3360 OS Version: 5.1.2600 ServicePack: 3.0 16:54:04:484 3360 Product type: Workstation 16:54:04:484 3360 ComputerName: CKNIGHT09 16:54:04:484 3360 UserName: Jon Watson 16:54:04:484 3360 Windows directory: C:\WINDOWS 16:54:04:484 3360 Processor architecture: Intel x86 16:54:04:484 3360 Number of processors: 1 16:54:04:484 3360 Page size: 0x1000 16:54:04:484 3360 Boot type: Normal boot 16:54:04:484 3360 ================================================================================ 16:54:04:812 3360 Initialize success 16:54:04:812 3360 16:54:04:812 3360 Scanning Services ... 16:54:05:171 3360 Raw services enum returned 354 services 16:54:05:187 3360 16:54:05:187 3360 Scanning Drivers ... 16:54:06:015 3360 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 16:54:06:062 3360 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 16:54:06:156 3360 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 16:54:06:281 3360 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 16:54:06:328 3360 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys 16:54:06:390 3360 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 16:54:06:578 3360 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 16:54:06:875 3360 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16:54:06:906 3360 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 16:54:07:000 3360 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 16:54:07:046 3360 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 16:54:07:156 3360 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 16:54:07:265 3360 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 16:54:07:359 3360 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys 16:54:07:468 3360 basic2 (2178e95ee45ae9317f9688c39236f5d4) C:\WINDOWS\system32\DRIVERS\basic2.sys 16:54:07:562 3360 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 16:54:07:671 3360 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys 16:54:07:765 3360 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 16:54:07:890 3360 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 16:54:07:984 3360 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 16:54:08:046 3360 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys 16:54:08:140 3360 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys 16:54:08:218 3360 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 16:54:08:296 3360 cdudf_xp (294f75a9f2c3317c61f5e51325e9976c) C:\WINDOWS\system32\drivers\cdudf_xp.sys 16:54:08:468 3360 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys 16:54:08:875 3360 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 16:54:09:093 3360 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 16:54:09:500 3360 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 16:54:09:921 3360 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 16:54:10:031 3360 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 16:54:10:156 3360 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 16:54:10:250 3360 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\dsiarhwprog.sys 16:54:10:312 3360 DVDVRRdr_xp (a2abb2a771a522b9dd57ce57d9960661) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys 16:54:10:406 3360 dvd_2K (9d6fabf24b9ac7bd2ef52d7907fd2f8e) C:\WINDOWS\system32\drivers\dvd_2K.sys 16:54:10:468 3360 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys 16:54:10:531 3360 Fallback (30bf5c5c9bdcfd8844f19aa3fd7cd301) C:\WINDOWS\system32\DRIVERS\fallback.sys 16:54:10:656 3360 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 16:54:10:750 3360 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 16:54:10:859 3360 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 16:54:10:968 3360 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 16:54:11:031 3360 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 16:54:11:140 3360 Fsks (80308c02238cf0bb4ddf01cf9f63a4ac) C:\WINDOWS\system32\DRIVERS\fsksnt.sys 16:54:11:234 3360 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 16:54:11:296 3360 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 16:54:11:359 3360 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 16:54:11:453 3360 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 16:54:11:515 3360 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 16:54:11:625 3360 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 16:54:11:734 3360 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 16:54:11:890 3360 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 16:54:12:062 3360 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 16:54:12:203 3360 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 16:54:12:281 3360 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 16:54:12:390 3360 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 16:54:12:484 3360 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 16:54:12:546 3360 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 16:54:12:656 3360 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 16:54:12:750 3360 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 16:54:12:859 3360 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 16:54:13:000 3360 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 16:54:13:140 3360 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 16:54:13:218 3360 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 16:54:13:328 3360 K56 (99011791100c70950c51623326d64aa3) C:\WINDOWS\system32\DRIVERS\k56nt.sys 16:54:13:421 3360 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 16:54:13:500 3360 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16:54:13:578 3360 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys 16:54:13:734 3360 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 16:54:13:828 3360 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 16:54:13:968 3360 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys 16:54:14:078 3360 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys 16:54:14:187 3360 mmc_2K (0ba70511363a4a148815c6e57a5f99c5) C:\WINDOWS\system32\drivers\mmc_2K.sys 16:54:14:265 3360 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 16:54:14:343 3360 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 16:54:14:406 3360 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 16:54:14:484 3360 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 16:54:14:578 3360 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 16:54:14:656 3360 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 16:54:14:796 3360 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 16:54:14:921 3360 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 16:54:15:046 3360 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 16:54:15:156 3360 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 16:54:15:250 3360 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 16:54:15:343 3360 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 16:54:15:437 3360 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16:54:15:515 3360 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 16:54:15:640 3360 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 16:54:15:734 3360 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 16:54:15:781 3360 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16:54:15:859 3360 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 16:54:15:953 3360 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 16:54:16:046 3360 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 16:54:16:218 3360 NetBT (f06d47f8ec2f462c12e3d4f2f54796bd) C:\WINDOWS\system32\DRIVERS\netbt.sys 16:54:16:234 3360 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: f06d47f8ec2f462c12e3d4f2f54796bd, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d 16:54:16:234 3360 File "C:\WINDOWS\system32\DRIVERS\netbt.sys" infected by TDSS rootkit ... 16:54:17:203 3360 Backup copy found, using it.. 16:54:17:234 3360 will be cured on next reboot 16:54:17:375 3360 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 16:54:17:531 3360 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 16:54:17:703 3360 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 16:54:17:843 3360 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 16:54:18:093 3360 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 16:54:18:203 3360 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 16:54:18:296 3360 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 16:54:18:406 3360 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 16:54:18:500 3360 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 16:54:18:578 3360 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 16:54:18:671 3360 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 16:54:18:765 3360 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 16:54:18:984 3360 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 16:54:19:062 3360 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 16:54:19:156 3360 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 16:54:19:218 3360 pwd_2k (a69812bcdf900f99e3ace4c38a3aefb2) C:\WINDOWS\system32\drivers\pwd_2k.sys 16:54:19:296 3360 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 16:54:19:484 3360 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 16:54:19:546 3360 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 16:54:19:609 3360 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 16:54:19:656 3360 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 16:54:19:718 3360 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 16:54:19:781 3360 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 16:54:19:843 3360 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 16:54:19:890 3360 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 16:54:19:953 3360 Rksample (f2e85e078f8205e8e7cb51c2f65da63a) C:\WINDOWS\system32\DRIVERS\rksample.sys 16:54:20:062 3360 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 16:54:20:109 3360 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 16:54:20:187 3360 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 16:54:20:265 3360 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 16:54:20:359 3360 SoftFax (1a3f37f3e6ef7c04535b96b671d3171a) C:\WINDOWS\system32\DRIVERS\faxnt.sys 16:54:20:484 3360 SpeakerPhone (51028a6697ad3b7965e313623983e6bb) C:\WINDOWS\system32\DRIVERS\spkpnt.sys 16:54:20:546 3360 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 16:54:20:593 3360 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 16:54:20:671 3360 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 16:54:20:781 3360 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 16:54:20:859 3360 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 16:54:20:953 3360 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 16:54:21:140 3360 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 16:54:21:265 3360 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 16:54:21:359 3360 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 16:54:21:453 3360 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 16:54:21:578 3360 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 16:54:21:656 3360 Tones (e3a55f234cd33c8e035ccc8bfb9a0f09) C:\WINDOWS\system32\DRIVERS\tonesnt.sys 16:54:21:796 3360 UdfReadr_xp (8d719ae3cc449768963a6a1f7ff4b769) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys 16:54:21:875 3360 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 16:54:22:078 3360 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 16:54:22:234 3360 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 16:54:22:734 3360 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 16:54:23:140 3360 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 16:54:23:296 3360 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 16:54:23:406 3360 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys 16:54:23:515 3360 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 16:54:23:625 3360 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 16:54:23:734 3360 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 16:54:23:843 3360 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 16:54:23:953 3360 V124 (8551bf83430f45ab7ef1da8b0c7d6956) C:\WINDOWS\system32\DRIVERS\v124nt.sys 16:54:24:062 3360 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 16:54:24:171 3360 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 16:54:24:312 3360 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 16:54:24:406 3360 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 16:54:24:531 3360 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 16:54:24:640 3360 winachsf (37c38439639841cbccf2a55f926a784f) C:\WINDOWS\system32\DRIVERS\HSF_MDM.sys 16:54:24:734 3360 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 16:54:24:828 3360 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 16:54:24:875 3360 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 16:54:24:875 3360 Reboot required for cure complete.. 16:54:25:203 3360 Cure on reboot scheduled successfully 16:54:25:203 3360 16:54:25:203 3360 Completed 16:54:25:203 3360 16:54:25:203 3360 Results: 16:54:25:203 3360 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 16:54:25:203 3360 File objects infected / cured / cured on reboot: 1 / 0 / 1 16:54:25:203 3360 16:54:25:203 3360 KLMD(ARK) unloaded successfully I seem to be finished for now. It looks like the windows update is working again after whatever was removed. I would like to get an updated Java and Adobe Reader when I am allowed to download them and restore them to my PC. Thanks for your help. God bless you
  4. GMER reported this when I disabled the CD Rom drivers or whatever it told me to disable. GMER 1.0.15.15281 - http://www.gmer.net Rootkit quick scan 2010-06-19 20:47:39 Windows 5.1.2600 Service Pack 3 Running: zmgwyuum.exe; Driver: C:\DOCUME~1\JONWAT~1\LOCALS~1\Temp\fwliapod.sys ---- System - GMER 1.0.15 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7463E54] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF7463D9C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF7463D74] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF7463D88] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF7463DE2] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF7463E2A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF7463E7E] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7463E6A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7463E3E] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) Device -> \Driver\atapi \Device\Harddisk0\DR0 8A034EC5 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ----
  5. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 6/28/2008 02:38:29 PM System Uptime: 6/19/2010 07:53:21 PM (1 hours ago) Motherboard: MICRO-STAR INC. | | MS-6580 Processor: Intel® Pentium® 4 CPU 2.40GHz | FC-478 | 2405/133mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 114 GiB total, 77.913 GiB free. D: is CDROM () E: is Removable F: is FIXED (FAT32) - 12 GiB total, 8.085 GiB free. G: is Removable H: is Removable K: is FIXED (NTFS) - 233 GiB total, 192.797 GiB free. L: is Removable O: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 6/16/2010 10:31:20 AM - System Checkpoint RP2: 6/18/2010 10:40:55 AM - ComboFix created restore point ==== Installed Programs ====================== 3Deep AAC Decoder Action Replay Code Manager Action Replay DSi Code Manager Action Replay GBX Adobe Download Manager Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.2.2 AIM 7 Aim Plugin for QQ Games AIM Toolbar AIModule AIMTunes AOL Radio Toolbar AOL Uninstaller (Choose which Products to Remove) Apple Application Support Apple Mobile Device Support Apple Software Update AutoUpdate AVIConverter 5.1 Avira AntiVir Personal - Free Antivirus AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 BitTorrent Bonjour Brother MFL-Pro Suite C-Media WDM Audio Driver Chessmaster 9000 CleanUp! Common RTP 1.0 Core FTP LE 2.1 Critical Update for Windows Media Player 11 (KB959772) DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Plus Web Player DivX Version Checker DNA Download Updater (AOL LLC) Download_Energy Toolbar Dragon Quest State Tool E-Color Indicator e-Sword Easy CD & DVD Creator 6 ESET Online Scanner v3 Eudora First Alert Storm Team Garfield 9 Lives Screen Saver Garfield Desktop Comic Garfield Guide To Cats Screen Saver Garfield Midnight Snack Screen Saver Garfield Through the Years Screen Saver Ghost Town Google Chrome Google Earth Google Gmail Notifier Google Update Helper Google Updater H.264 Decoder Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Memories Disc HP Photo and Imaging 2.0 - Photosmart Cameras ICQ6 IMVU Avatar Chat Software Intel® Network Connections 13.0.42.0 iTunes Java Auto Updater Java 6 Update 18 Java 6 Update 4 Java 6 Update 6 Java 6 Update 7 Just Great Software EditPad Lite 6.4.3 magicJack Recovery Tool 1.0 Malwarebytes' Anti-Malware McAfee Anti-Theft McAfee AntiVirus Plus McAfee Security Scan Media Player Codec Pack 3.9.5 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Small Business Microsoft Plus! for Windows XP Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ Run Time Lib Setup Microsoft Web Publishing Wizard 1.52 mIRC MKV Splitter Mozilla Firefox (3.6.3) MSN MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK neroxml NET Bible for e-Sword (version 9.x) oggcodecs 0.71.0946 Omni keyboard driver 6.0 OpenOffice.org 3.2 Opera 10.10 P2P_Energy Toolbar PC Alert 4 Picasa 3 PlayFKiSS QQ Games QuickTime RealPlayer RPG Maker 2000 1.05 RPG Maker 2003 v1.08 RTP for RM2K (Png, Wav, Midi, Fonts) Safari Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) Shockwave SigmaTel MSCN Audio Player Slime Collisions Screensaver SMV Converter Tool 3.0 Spelling Dictionaries Support For Adobe Reader 8 Spyware Doctor 7.0 Storm Team 12 Instant Weather The Print Shop 20 tsWebEditor 20060218 U.S. Robotics 56K Voice Host Int ubi.com Uninstall AOL Emergency Connect Utility 1.0 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.4053 Veoh Web Player W Photo Studio WebFldrs XP Weight Watchers Light and Tasty Deluxe Windows Defender Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Service Pack 3 WinMX Music WinRAR archiver WinZip Yahoo! Messenger Yahoo! Software Update ==== Event Viewer Messages From Past Week ======== 6/19/2010 12:58:20 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 6/19/2010 12:51:36 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 6/19/2010 12:41:34 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 6/19/2010 12:16:53 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 6/19/2010 07:39:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp 6/19/2010 07:37:58 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 6/19/2010 07:37:58 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 6/19/2010 01:23:33 AM, error: Service Control Manager [7034] - The McShield service terminated unexpectedly. It has done this 6 time(s). 6/19/2010 01:16:08 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. ==== End Of File =========================== That is it for now. I do not know what all this means, so you will have to tell me.
  6. DDS (Ver_10-03-17.01) - NTFSx86 Run by Jon Watson at 19:58:49.20 on Sat 06/19/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1294 [GMT -7:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\McAfee\Anti-Theft\McPvTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe C:\WINDOWS\system32\UTSCSI.EXE C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\First Alert Storm Team\liveonline_3625813.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Documents and Settings\Jon Watson\My Documents\My Videos\Veoh\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://dmforums.hero-dragon.org/ uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch uDefault_Page_URL = hxxp://www.mycopper.net uSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll uURLSearchHooks: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P1.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uURLSearchHooks: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\program files\download_energy\tbDow1.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll BHO: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P1.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100517130403.dll BHO: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\program files\download_energy\tbDow1.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll TB: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P1.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll TB: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\program files\download_energy\tbDow1.dll TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [cdloader] "c:\documents and settings\jon watson\application data\mjusbsp\cdloader2.exe" MAGICJACK uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot dRun: [notepad] rundll32.exe c:\docume~1\jonwat~1\ntload.dll,_IWMPEvents@0 StartupFolder: c:\docume~1\jonwat~1\startm~1\programs\startup\CANONI~1.LNK - StartupFolder: c:\docume~1\jonwat~1\startm~1\programs\startup\firsta~1.lnk - c:\program files\first alert storm team\liveonline_3625813.exe StartupFolder: c:\docume~1\jonwat~1\startm~1\programs\startup\mopypo~1.lnk - c:\mopyfish\GETPOINT.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe IE: &AOL Radio Toolbar Search - c:\documents and settings\all users\application data\aol radio toolbar\ietoolbar\resources\en-us\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\jon watson\start menu\programs\imvu\Run IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: magicjack.com\my Trusted Zone: talk4free.com\reg DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jonwat~1\applic~1\mozilla\firefox\profiles\64g9o40q.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://dmforums.hero-dragon.org/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query= FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\documents and settings\jon watson\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\picasa2\npPicasa2.dll FF - plugin: c:\program files\picasa2\npPicasa3.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - plugin: f:\program files\program\program\plugins\npbeatnk.dll FF - plugin: f:\program files\program\program\plugins\NPDocBox.dll FF - plugin: f:\program files\program\program\plugins\nphppi.dll FF - plugin: f:\program files\program\program\plugins\NPMetastream3.dll FF - plugin: f:\program files\program\program\plugins\nppl3260.dll FF - plugin: f:\program files\program\program\plugins\nprfxins.dll FF - plugin: f:\program files\program\program\plugins\nprjplug.dll FF - plugin: f:\program files\program\program\plugins\nprpjplug.dll FF - plugin: f:\program files\program\program\plugins\npwmsdrm.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-5-28 61688] R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-12-25 385880] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-28 11608] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-24 82952] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-28 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-28 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-28 60936] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-25 93320] R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-24 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-24 271480] R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-24 271480] R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-24 170144] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-24 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-24 141792] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-24 55456] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-25 152320] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-25 51688] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-24 312616] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-24 88480] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-23 135664] S2 PEVSystemStart;PEVSystemStart;c:\combofix\PEV.cfxxe [2010-6-18 256512] S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-3-1 29184] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-24 88480] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-24 83496] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-25 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-25 40552] ============== File Associations =============== txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1" =============== Created Last 30 ================ 2010-06-20 02:51:36 0 ----a-w- c:\documents and settings\jon watson\defogger_reenable 2010-06-18 17:39:48 0 d-s---w- C:\ComboFix 2010-06-16 23:58:35 0 d-----w- c:\program files\ESET 2010-06-16 23:21:07 0 d-sha-r- C:\cmdcons 2010-06-16 23:15:04 77312 ----a-w- c:\windows\MBR.exe 2010-06-16 23:15:03 98816 ----a-w- c:\windows\sed.exe 2010-06-16 23:15:03 256512 ----a-w- c:\windows\PEV.exe 2010-06-16 23:15:03 161792 ----a-w- c:\windows\SWREG.exe 2010-06-16 16:09:56 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2010-06-16 15:58:43 16384 ---ha-w- C:\SZKGFS.dat 2010-06-16 15:55:00 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard 2010-06-16 15:52:50 0 d-----w- c:\program files\common files\iS3 2010-06-16 15:52:49 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla! 2010-06-03 08:48:12 608415 ----a-w- c:\documents and settings\jon watson\HOSTS 2010-05-27 02:31:07 48640 ----a-w- c:\windows\system32\INETWH32.DLL 2010-05-27 02:31:07 317952 ----a-w- c:\windows\system32\Roboex32.dll ==================== Find3M ==================== 2010-06-16 03:43:19 83080 ---ha-w- c:\windows\system32\mlfcache.dat 2010-05-24 03:38:42 14320 ----a-w- c:\windows\MOPYFISH.SCR 2010-05-24 03:38:42 10944 ----a-w- c:\windows\BYEFISH.EXE 2010-05-15 18:23:24 729088 ----a-w- c:\windows\iun6001.exe 2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-28 00:16:24 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2010-04-28 00:16:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2010-04-28 00:16:24 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2010-04-28 00:16:24 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2010-04-28 00:16:24 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2010-04-28 00:16:24 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys 2010-04-28 00:16:24 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2010-04-28 00:16:24 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2010-04-28 00:16:24 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2010-04-28 00:16:24 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2010-04-05 02:06:53 103784 ----a-w- c:\documents and settings\jon watson\GoToAssistDownloadHelper.exe 2010-04-03 00:28:40 61440 ----a-w- c:\windows\uninstall.exe 2008-10-04 15:00:14 604877 ----a-w- c:\program files\desktopComic.exe 2010-01-29 01:24:00 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat ============= FINISH: 20:02:36.56 ===============
  7. It came up with nothing as I expected.
  8. That's it so far. I did a Anti-Virus scan. That's it for now. I have to let my PC rest. It has been on all night. I will commence again with the next step after a time.
  9. Here is the results of Malwarebytes Scan: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4213 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/18/2010 04:58:12 PM mbam-log-2010-06-18 (16-58-12).txt Scan type: Quick scan Objects scanned: 129312 Time elapsed: 22 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. I will do the best I can. Sometimes I don't understand instructions.
  11. I can't seem to get rid of this bug.... http://www.news-11-today.com that pops up in firefox. Please help. Thanks
  12. I am doing what I can to rid my PC of errors an unwanted programs.
  13. My Malwarebytes' Anti-Malware software won't load (My Anti-Virus Program) also won't load. I have Windows XP and My Anti-Virus program is McAfee 2009 Edition. I also hear sounds when I try to click on to the Malwarebytes' Anti-Malware software from time to time. Please help me. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.