My computer is Hijacked bad!

[umshewa]

OK, soooo my computer has a nasty virus. I have read past posts (http://forums.malwar...?showtopic=9573 and http://forums.malwar...howtopic=78625. So I have done the things stated and now I'm posting my results. When I reboot my computer the program/virus System Check comes up too....HELP.

attach.txt

dds.txt

[Maniac]

Hello koontzman and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Instructions here are not for you specifically.

http://forums.malwarebytes.org/index.php?showtopic=78625

Step 1

Please uninstall BitTorrent and take a look at our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

You probably won't run Malwarebytes' Anti-Malware, so if you are experiencing this problem follow the instructions to run it:

http://forums.malwarebytes.org/index.php?showtopic=85715

Next:

• Launch Malwarebytes' Anti-Malware
  
• Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next post, please include:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log file

[umshewa]

I have done everything requested. Here are the logs too. I will also show the attach.log file too... Thanks for the help!!

TDSSKiller.2.7.13.0_22.02.2012_11.59.04_log.txt

attach02222012.txt

dds02222012.txt

mbam-log-2012-02-22 (12-05-41).txt

[umshewa]

Forgot to also ask....what are you looking at and what can I look for in the future? Thanks

[umshewa]

Dang, also, The link about Firefox going to proxy is happening to me too. That is why I put it in my original post. I would also like to fix that once the main problem is fixed. Thanks!!

[umshewa]

ok...so I just re-read everything again and saw that you don't want things as attachments....soooo I will again cut and paste everything....Sorry.....

TDSSKiller log

11:59:04.0953 0480 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

11:59:05.0484 0480 ============================================================

11:59:05.0484 0480 Current date / time: 2012/02/22 11:59:05.0484

11:59:05.0484 0480 SystemInfo:

11:59:05.0484 0480

11:59:05.0484 0480 OS Version: 5.1.2600 ServicePack: 3.0

11:59:05.0484 0480 Product type: Workstation

11:59:05.0484 0480 ComputerName: OFC2

11:59:05.0484 0480 UserName: Mike's Music

11:59:05.0484 0480 Windows directory: C:\WINDOWS

11:59:05.0484 0480 System windows directory: C:\WINDOWS

11:59:05.0484 0480 Processor architecture: Intel x86

11:59:05.0484 0480 Number of processors: 1

11:59:05.0484 0480 Page size: 0x1000

11:59:05.0484 0480 Boot type: Safe boot with network

11:59:05.0484 0480 ============================================================

11:59:08.0109 0480 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

11:59:08.0109 0480 \Device\Harddisk0\DR0:

11:59:08.0109 0480 MBR used

11:59:08.0109 0480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

11:59:08.0171 0480 Initialize success

11:59:08.0171 0480 ============================================================

11:59:47.0406 0788 ============================================================

11:59:47.0406 0788 Scan started

11:59:47.0406 0788 Mode: Manual; SigCheck; TDLFS;

11:59:47.0406 0788 ============================================================

11:59:48.0171 0788 aaivskn (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\iplitdf.sys

11:59:48.0890 0788 aaivskn ( UnsignedFile.Multi.Generic ) - warning

11:59:48.0890 0788 aaivskn - detected UnsignedFile.Multi.Generic (1)

11:59:48.0953 0788 Abiosdsk - ok

11:59:48.0984 0788 abp480n5 - ok

11:59:49.0078 0788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:59:49.0812 0788 ACPI - ok

11:59:49.0890 0788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

11:59:50.0031 0788 ACPIEC - ok

11:59:50.0062 0788 adpu160m - ok

11:59:50.0109 0788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:59:50.0203 0788 aec - ok

11:59:50.0234 0788 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

11:59:50.0359 0788 AFD - ok

11:59:50.0375 0788 Aha154x - ok

11:59:50.0390 0788 aic78u2 - ok

11:59:50.0406 0788 aic78xx - ok

11:59:50.0437 0788 AliIde - ok

11:59:50.0453 0788 amsint - ok

11:59:50.0500 0788 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys

11:59:50.0609 0788 AnyDVD - ok

11:59:50.0625 0788 asc - ok

11:59:50.0640 0788 asc3350p - ok

11:59:50.0656 0788 asc3550 - ok

11:59:50.0734 0788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:59:50.0828 0788 AsyncMac - ok

11:59:50.0843 0788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:59:50.0937 0788 atapi - ok

11:59:50.0953 0788 Atdisk - ok

11:59:51.0000 0788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:59:51.0125 0788 Atmarpc - ok

11:59:51.0171 0788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:59:51.0296 0788 audstub - ok

11:59:51.0359 0788 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

11:59:51.0359 0788 avgio - ok

11:59:51.0406 0788 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

11:59:51.0406 0788 avgntflt - ok

11:59:51.0453 0788 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

11:59:51.0453 0788 avipbb - ok

11:59:51.0515 0788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:59:51.0625 0788 Beep - ok

11:59:51.0687 0788 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys

11:59:51.0703 0788 BrPar ( UnsignedFile.Multi.Generic ) - warning

11:59:51.0703 0788 BrPar - detected UnsignedFile.Multi.Generic (1)

11:59:51.0734 0788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:59:51.0875 0788 cbidf2k - ok

11:59:51.0890 0788 cd20xrnt - ok

11:59:51.0953 0788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:59:52.0078 0788 Cdaudio - ok

11:59:52.0109 0788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:59:52.0203 0788 Cdfs - ok

11:59:52.0234 0788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:59:52.0343 0788 Cdrom - ok

11:59:52.0359 0788 Changer - ok

11:59:52.0390 0788 CmdIde - ok

11:59:52.0437 0788 Cpqarray - ok

11:59:52.0453 0788 dac2w2k - ok

11:59:52.0484 0788 dac960nt - ok

11:59:52.0500 0788 dfym - ok

11:59:52.0531 0788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:59:52.0625 0788 Disk - ok

11:59:52.0687 0788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:59:52.0828 0788 dmboot - ok

11:59:52.0875 0788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:59:52.0968 0788 dmio - ok

11:59:53.0015 0788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:59:53.0140 0788 dmload - ok

11:59:53.0171 0788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:59:53.0281 0788 DMusic - ok

11:59:53.0296 0788 dpti2o - ok

11:59:53.0343 0788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:59:53.0437 0788 drmkaud - ok

11:59:53.0484 0788 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

11:59:53.0484 0788 ElbyCDIO - ok

11:59:53.0531 0788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:59:53.0625 0788 Fastfat - ok

11:59:53.0671 0788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:59:53.0781 0788 Fdc - ok

11:59:53.0796 0788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:59:53.0890 0788 Fips - ok

11:59:53.0921 0788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

11:59:54.0015 0788 Flpydisk - ok

11:59:54.0062 0788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:59:54.0156 0788 FltMgr - ok

11:59:54.0203 0788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:59:54.0328 0788 Fs_Rec - ok

11:59:54.0359 0788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:59:54.0484 0788 Ftdisk - ok

11:59:54.0531 0788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

11:59:54.0531 0788 GEARAspiWDM - ok

11:59:54.0578 0788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:59:54.0671 0788 Gpc - ok

11:59:54.0718 0788 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:59:54.0734 0788 HDAudBus ( UnsignedFile.Multi.Generic ) - warning

11:59:54.0734 0788 HDAudBus - detected UnsignedFile.Multi.Generic (1)

11:59:54.0796 0788 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:59:54.0890 0788 HidUsb - ok

11:59:54.0906 0788 hpn - ok

11:59:54.0953 0788 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

11:59:55.0046 0788 HTTP - ok

11:59:55.0062 0788 i2omgmt - ok

11:59:55.0078 0788 i2omp - ok

11:59:55.0109 0788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:59:55.0203 0788 i8042prt - ok

11:59:55.0218 0788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:59:55.0312 0788 Imapi - ok

11:59:55.0328 0788 ini910u - ok

11:59:55.0468 0788 IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:59:55.0734 0788 IntcAzAudAddService - ok

11:59:55.0750 0788 IntelIde - ok

11:59:55.0812 0788 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:59:55.0953 0788 ip6fw - ok

11:59:56.0000 0788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:59:56.0140 0788 IpFilterDriver - ok

11:59:56.0187 0788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:59:56.0296 0788 IpInIp - ok

11:59:56.0328 0788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:59:56.0421 0788 IpNat - ok

11:59:56.0453 0788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:59:56.0562 0788 IPSec - ok

11:59:56.0609 0788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:59:56.0703 0788 IRENUM - ok

11:59:56.0734 0788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:59:56.0843 0788 isapnp - ok

11:59:56.0859 0788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:59:56.0953 0788 Kbdclass - ok

11:59:56.0984 0788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:59:57.0093 0788 kmixer - ok

11:59:57.0125 0788 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

11:59:57.0218 0788 KSecDD - ok

11:59:57.0234 0788 lbrtfdc - ok

11:59:57.0343 0788 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

11:59:57.0390 0788 LMIInfo - ok

11:59:57.0437 0788 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

11:59:57.0437 0788 lmimirr - ok

11:59:57.0453 0788 LMIRfsClientNP - ok

11:59:57.0484 0788 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

11:59:57.0484 0788 LMIRfsDriver - ok

11:59:57.0546 0788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:59:57.0671 0788 mnmdd - ok

11:59:57.0718 0788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:59:57.0812 0788 Modem - ok

11:59:57.0843 0788 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

11:59:57.0890 0788 motmodem - ok

11:59:57.0921 0788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:59:58.0015 0788 Mouclass - ok

11:59:58.0031 0788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:59:58.0125 0788 MountMgr - ok

11:59:58.0140 0788 mraid35x - ok

11:59:58.0171 0788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:59:58.0250 0788 MRxDAV - ok

11:59:58.0265 0788 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:59:58.0406 0788 MRxSmb - ok

11:59:58.0437 0788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:59:58.0531 0788 Msfs - ok

11:59:58.0578 0788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:59:58.0687 0788 MSKSSRV - ok

11:59:58.0718 0788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:59:58.0828 0788 MSPCLOCK - ok

11:59:58.0859 0788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:59:58.0953 0788 MSPQM - ok

11:59:58.0984 0788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:59:59.0078 0788 mssmbios - ok

11:59:59.0093 0788 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

11:59:59.0171 0788 Mup - ok

11:59:59.0187 0788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:59:59.0296 0788 NDIS - ok

11:59:59.0328 0788 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:59:59.0421 0788 NdisTapi - ok

11:59:59.0437 0788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:59:59.0531 0788 Ndisuio - ok

11:59:59.0546 0788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:59:59.0640 0788 NdisWan - ok

11:59:59.0656 0788 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

11:59:59.0750 0788 NDProxy - ok

11:59:59.0781 0788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:59:59.0875 0788 NetBIOS - ok

11:59:59.0890 0788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:59:59.0984 0788 NetBT - ok

12:00:00.0015 0788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:00:00.0109 0788 Npfs - ok

12:00:00.0140 0788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:00:00.0296 0788 Ntfs - ok

12:00:00.0343 0788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:00:00.0468 0788 Null - ok

12:00:00.0593 0788 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

12:00:00.0828 0788 nv - ok

12:00:00.0875 0788 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys

12:00:00.0906 0788 nvata - ok

12:00:00.0937 0788 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

12:00:00.0984 0788 NVENETFD - ok

12:00:01.0015 0788 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

12:00:01.0062 0788 nvnetbus - ok

12:00:01.0078 0788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:00:01.0203 0788 NwlnkFlt - ok

12:00:01.0234 0788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:00:01.0359 0788 NwlnkFwd - ok

12:00:01.0390 0788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:00:01.0500 0788 Parport - ok

12:00:01.0515 0788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:00:01.0625 0788 PartMgr - ok

12:00:01.0671 0788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:00:01.0781 0788 ParVdm - ok

12:00:01.0796 0788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:00:01.0875 0788 PCI - ok

12:00:01.0953 0788 PCIDump - ok

12:00:02.0000 0788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:00:02.0125 0788 PCIIde - ok

12:00:02.0171 0788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:00:02.0359 0788 Pcmcia - ok

12:00:02.0406 0788 PDCOMP - ok

12:00:02.0421 0788 PDFRAME - ok

12:00:02.0453 0788 PDRELI - ok

12:00:02.0484 0788 PDRFRAME - ok

12:00:02.0546 0788 perc2 - ok

12:00:02.0562 0788 perc2hib - ok

12:00:02.0703 0788 PGPmemlock (a549dc21b37f1eece4e89acc993aaabb) C:\WINDOWS\system32\drivers\PGPmemlock.sys

12:00:02.0859 0788 PGPmemlock ( UnsignedFile.Multi.Generic ) - warning

12:00:02.0859 0788 PGPmemlock - detected UnsignedFile.Multi.Generic (1)

12:00:02.0921 0788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:00:03.0140 0788 PptpMiniport - ok

12:00:03.0156 0788 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

12:00:03.0468 0788 Processor - ok

12:00:03.0515 0788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:00:03.0796 0788 PSched - ok

12:00:03.0875 0788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:00:04.0000 0788 Ptilink - ok

12:00:04.0015 0788 ql1080 - ok

12:00:04.0031 0788 Ql10wnt - ok

12:00:04.0046 0788 ql12160 - ok

12:00:04.0078 0788 ql1240 - ok

12:00:04.0093 0788 ql1280 - ok

12:00:04.0109 0788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:00:04.0218 0788 RasAcd - ok

12:00:04.0250 0788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:00:04.0343 0788 Rasl2tp - ok

12:00:04.0375 0788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:00:04.0468 0788 RasPppoe - ok

12:00:04.0484 0788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:00:04.0578 0788 Raspti - ok

12:00:04.0609 0788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:00:04.0703 0788 Rdbss - ok

12:00:04.0718 0788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:00:04.0828 0788 RDPCDD - ok

12:00:04.0875 0788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:00:04.0968 0788 rdpdr - ok

12:00:05.0015 0788 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

12:00:05.0109 0788 RDPWD - ok

12:00:05.0140 0788 redbook (cce6de646a2a9691cad011937cb59f70) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:00:05.0156 0788 redbook ( UnsignedFile.Multi.Generic ) - warning

12:00:05.0156 0788 redbook - detected UnsignedFile.Multi.Generic (1)

12:00:05.0250 0788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:00:05.0359 0788 Secdrv - ok

12:00:05.0406 0788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:00:05.0484 0788 serenum - ok

12:00:05.0531 0788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

12:00:05.0625 0788 Serial - ok

12:00:05.0687 0788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:00:05.0765 0788 Sfloppy - ok

12:00:05.0796 0788 Simbad - ok

12:00:05.0828 0788 Sparrow - ok

12:00:05.0843 0788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:00:05.0937 0788 splitter - ok

12:00:05.0984 0788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:00:06.0078 0788 sr - ok

12:00:06.0093 0788 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

12:00:06.0218 0788 Srv - ok

12:00:06.0265 0788 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

12:00:06.0265 0788 ssmdrv - ok

12:00:06.0328 0788 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

12:00:06.0437 0788 StillCam - ok

12:00:06.0468 0788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:00:06.0562 0788 swenum - ok

12:00:06.0593 0788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:00:06.0703 0788 swmidi - ok

12:00:06.0718 0788 symc810 - ok

12:00:06.0734 0788 symc8xx - ok

12:00:06.0750 0788 sym_hi - ok

12:00:06.0781 0788 sym_u3 - ok

12:00:06.0796 0788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:00:06.0890 0788 sysaudio - ok

12:00:06.0937 0788 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:00:07.0031 0788 Tcpip - ok

12:00:07.0078 0788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:00:07.0156 0788 TDPIPE - ok

12:00:07.0187 0788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:00:07.0296 0788 TDTCP - ok

12:00:07.0343 0788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:00:07.0453 0788 TermDD - ok

12:00:07.0484 0788 TosIde - ok

12:00:07.0546 0788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:00:07.0625 0788 Udfs - ok

12:00:07.0640 0788 ultra - ok

12:00:07.0718 0788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:00:07.0812 0788 Update - ok

12:00:07.0875 0788 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

12:00:07.0906 0788 USBAAPL - ok

12:00:07.0953 0788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:00:08.0031 0788 usbccgp - ok

12:00:08.0078 0788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:00:08.0171 0788 usbehci - ok

12:00:08.0187 0788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:00:08.0296 0788 usbhub - ok

12:00:08.0343 0788 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

12:00:08.0437 0788 usbohci - ok

12:00:08.0484 0788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:00:08.0562 0788 usbscan - ok

12:00:08.0593 0788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:00:08.0687 0788 USBSTOR - ok

12:00:08.0718 0788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:00:08.0812 0788 VgaSave - ok

12:00:08.0828 0788 ViaIde - ok

12:00:08.0859 0788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:00:08.0937 0788 VolSnap - ok

12:00:08.0968 0788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:00:09.0062 0788 Wanarp - ok

12:00:09.0109 0788 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

12:00:09.0125 0788 Wdf01000 - ok

12:00:09.0140 0788 WDICA - ok

12:00:09.0203 0788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:00:09.0281 0788 wdmaud - ok

12:00:09.0390 0788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

12:00:09.0531 0788 WS2IFSL - ok

12:00:09.0593 0788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

12:00:09.0750 0788 \Device\Harddisk0\DR0 - ok

12:00:09.0765 0788 Boot (0x1200) (4443162ff56254fd0dad60b375312fcc) \Device\Harddisk0\DR0\Partition0

12:00:09.0765 0788 \Device\Harddisk0\DR0\Partition0 - ok

12:00:09.0765 0788 ============================================================

12:00:09.0765 0788 Scan finished

12:00:09.0765 0788 ============================================================

12:00:09.0890 1832 Detected object count: 5

12:00:09.0890 1832 Actual detected object count: 5

12:00:29.0828 1832 aaivskn ( UnsignedFile.Multi.Generic ) - skipped by user

12:00:29.0828 1832 aaivskn ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:00:29.0828 1832 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user

12:00:29.0828 1832 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:00:29.0828 1832 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user

12:00:29.0828 1832 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:00:29.0843 1832 PGPmemlock ( UnsignedFile.Multi.Generic ) - skipped by user

12:00:29.0843 1832 PGPmemlock ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:00:29.0843 1832 redbook ( UnsignedFile.Multi.Generic ) - skipped by user

12:00:29.0843 1832 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:00:48.0140 0180 ============================================================

12:00:48.0140 0180 Scan started

12:00:48.0140 0180 Mode: Manual; SigCheck; TDLFS;

12:00:48.0140 0180 ============================================================

12:00:48.0781 0180 aaivskn (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\iplitdf.sys

12:00:48.0812 0180 aaivskn ( UnsignedFile.Multi.Generic ) - warning

12:00:48.0812 0180 aaivskn - detected UnsignedFile.Multi.Generic (1)

12:00:48.0828 0180 Abiosdsk - ok

12:00:48.0843 0180 abp480n5 - ok

12:00:48.0890 0180 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:00:48.0984 0180 ACPI - ok

12:00:49.0031 0180 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

12:00:49.0125 0180 ACPIEC - ok

12:00:49.0125 0180 adpu160m - ok

12:00:49.0187 0180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:00:49.0281 0180 aec - ok

12:00:49.0312 0180 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

12:00:49.0406 0180 AFD - ok

12:00:49.0406 0180 Aha154x - ok

12:00:49.0421 0180 aic78u2 - ok

12:00:49.0453 0180 aic78xx - ok

12:00:49.0484 0180 AliIde - ok

12:00:49.0500 0180 amsint - ok

12:00:49.0562 0180 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys

12:00:49.0562 0180 AnyDVD - ok

12:00:49.0593 0180 asc - ok

12:00:49.0609 0180 asc3350p - ok

12:00:49.0625 0180 asc3550 - ok

12:00:49.0687 0180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:00:49.0781 0180 AsyncMac - ok

12:00:49.0812 0180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:00:49.0906 0180 atapi - ok

12:00:49.0921 0180 Atdisk - ok

12:00:49.0968 0180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:00:50.0078 0180 Atmarpc - ok

12:00:50.0125 0180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:00:50.0250 0180 audstub - ok

12:00:50.0328 0180 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

12:00:50.0328 0180 avgio - ok

12:00:50.0375 0180 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

12:00:50.0375 0180 avgntflt - ok

12:00:50.0468 0180 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

12:00:50.0468 0180 avipbb - ok

12:00:50.0531 0180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:00:50.0625 0180 Beep - ok

12:00:50.0687 0180 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys

12:00:50.0703 0180 BrPar ( UnsignedFile.Multi.Generic ) - warning

12:00:50.0703 0180 BrPar - detected UnsignedFile.Multi.Generic (1)

12:00:50.0750 0180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:00:50.0859 0180 cbidf2k - ok

12:00:50.0875 0180 cd20xrnt - ok

12:00:50.0921 0180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:00:51.0031 0180 Cdaudio - ok

12:00:51.0062 0180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:00:51.0156 0180 Cdfs - ok

12:00:51.0187 0180 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:00:51.0281 0180 Cdrom - ok

12:00:51.0296 0180 Changer - ok

12:00:51.0328 0180 CmdIde - ok

12:00:51.0375 0180 Cpqarray - ok

12:00:51.0390 0180 dac2w2k - ok

12:00:51.0406 0180 dac960nt - ok

12:00:51.0437 0180 dfym - ok

12:00:51.0468 0180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:00:51.0562 0180 Disk - ok

12:00:51.0609 0180 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:00:51.0750 0180 dmboot - ok

12:00:51.0765 0180 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:00:51.0843 0180 dmio - ok

12:00:51.0890 0180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:00:52.0015 0180 dmload - ok

12:00:52.0046 0180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:00:52.0125 0180 DMusic - ok

12:00:52.0156 0180 dpti2o - ok

12:00:52.0203 0180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:00:52.0281 0180 drmkaud - ok

12:00:52.0328 0180 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

12:00:52.0343 0180 ElbyCDIO - ok

12:00:52.0375 0180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:00:52.0468 0180 Fastfat - ok

12:00:52.0515 0180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

12:00:52.0593 0180 Fdc - ok

12:00:52.0625 0180 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:00:52.0718 0180 Fips - ok

12:00:52.0734 0180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

12:00:52.0812 0180 Flpydisk - ok

12:00:52.0859 0180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:00:52.0953 0180 FltMgr - ok

12:00:53.0015 0180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:00:53.0125 0180 Fs_Rec - ok

12:00:53.0171 0180 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:00:53.0281 0180 Ftdisk - ok

12:00:53.0328 0180 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

12:00:53.0343 0180 GEARAspiWDM - ok

12:00:53.0375 0180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:00:53.0484 0180 Gpc - ok

12:00:53.0531 0180 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:00:53.0546 0180 HDAudBus ( UnsignedFile.Multi.Generic ) - warning

12:00:53.0546 0180 HDAudBus - detected UnsignedFile.Multi.Generic (1)

12:00:53.0593 0180 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:00:53.0687 0180 HidUsb - ok

12:00:53.0687 0180 hpn - ok

12:00:53.0718 0180 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

12:00:53.0828 0180 HTTP - ok

12:00:53.0843 0180 i2omgmt - ok

12:00:53.0859 0180 i2omp - ok

12:00:53.0890 0180 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:00:53.0984 0180 i8042prt - ok

12:00:54.0000 0180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:00:54.0078 0180 Imapi - ok

12:00:54.0093 0180 ini910u - ok

12:00:54.0218 0180 IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys

12:00:54.0390 0180 IntcAzAudAddService - ok

12:00:54.0406 0180 IntelIde - ok

12:00:54.0437 0180 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:00:54.0546 0180 ip6fw - ok

12:00:54.0593 0180 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:00:54.0703 0180 IpFilterDriver - ok

12:00:54.0734 0180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:00:54.0843 0180 IpInIp - ok

12:00:54.0890 0180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:00:54.0968 0180 IpNat - ok

12:00:54.0984 0180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:00:55.0078 0180 IPSec - ok

12:00:55.0125 0180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:00:55.0218 0180 IRENUM - ok

12:00:55.0250 0180 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:00:55.0359 0180 isapnp - ok

12:00:55.0390 0180 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:00:55.0484 0180 Kbdclass - ok

12:00:55.0500 0180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:00:55.0609 0180 kmixer - ok

12:00:55.0640 0180 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

12:00:55.0734 0180 KSecDD - ok

12:00:55.0765 0180 lbrtfdc - ok

12:00:55.0906 0180 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

12:00:55.0921 0180 LMIInfo - ok

12:00:55.0953 0180 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

12:00:55.0968 0180 lmimirr - ok

12:00:55.0968 0180 LMIRfsClientNP - ok

12:00:55.0984 0180 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

12:00:56.0000 0180 LMIRfsDriver - ok

12:00:56.0078 0180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:00:56.0187 0180 mnmdd - ok

12:00:56.0218 0180 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:00:56.0312 0180 Modem - ok

12:00:56.0359 0180 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

12:00:56.0375 0180 motmodem - ok

12:00:56.0406 0180 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:00:56.0484 0180 Mouclass - ok

12:00:56.0515 0180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:00:56.0609 0180 MountMgr - ok

12:00:56.0625 0180 mraid35x - ok

12:00:56.0671 0180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:00:56.0750 0180 MRxDAV - ok

12:00:56.0781 0180 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:00:56.0906 0180 MRxSmb - ok

12:00:56.0953 0180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:00:57.0046 0180 Msfs - ok

12:00:57.0093 0180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:00:57.0203 0180 MSKSSRV - ok

12:00:57.0250 0180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:00:57.0343 0180 MSPCLOCK - ok

12:00:57.0390 0180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:00:57.0468 0180 MSPQM - ok

12:00:57.0500 0180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:00:57.0578 0180 mssmbios - ok

12:00:57.0609 0180 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

12:00:57.0687 0180 Mup - ok

12:00:57.0718 0180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:00:57.0812 0180 NDIS - ok

12:00:57.0859 0180 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:00:57.0937 0180 NdisTapi - ok

12:00:57.0968 0180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:00:58.0062 0180 Ndisuio - ok

12:00:58.0078 0180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:00:58.0171 0180 NdisWan - ok

12:00:58.0187 0180 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

12:00:58.0281 0180 NDProxy - ok

12:00:58.0343 0180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:00:58.0421 0180 NetBIOS - ok

12:00:58.0453 0180 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:00:58.0546 0180 NetBT - ok

12:00:58.0609 0180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:00:58.0703 0180 Npfs - ok

12:00:58.0750 0180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:00:58.0843 0180 Ntfs - ok

12:00:58.0906 0180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:00:59.0015 0180 Null - ok

12:00:59.0140 0180 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

12:00:59.0250 0180 nv - ok

12:00:59.0296 0180 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys

12:00:59.0312 0180 nvata - ok

12:00:59.0359 0180 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

12:00:59.0375 0180 NVENETFD - ok

12:00:59.0421 0180 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

12:00:59.0421 0180 nvnetbus - ok

12:00:59.0468 0180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:00:59.0578 0180 NwlnkFlt - ok

12:00:59.0593 0180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:00:59.0718 0180 NwlnkFwd - ok

12:00:59.0765 0180 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:00:59.0859 0180 Parport - ok

12:00:59.0875 0180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:01:00.0015 0180 PartMgr - ok

12:01:00.0062 0180 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:01:00.0156 0180 ParVdm - ok

12:01:00.0171 0180 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:01:00.0265 0180 PCI - ok

12:01:00.0281 0180 PCIDump - ok

12:01:00.0328 0180 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:01:00.0484 0180 PCIIde - ok

12:01:00.0531 0180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:01:00.0625 0180 Pcmcia - ok

12:01:00.0640 0180 PDCOMP - ok

12:01:00.0640 0180 PDFRAME - ok

12:01:00.0640 0180 PDRELI - ok

12:01:00.0656 0180 PDRFRAME - ok

12:01:00.0656 0180 perc2 - ok

12:01:00.0671 0180 perc2hib - ok

12:01:00.0703 0180 PGPmemlock (a549dc21b37f1eece4e89acc993aaabb) C:\WINDOWS\system32\drivers\PGPmemlock.sys

12:01:00.0718 0180 PGPmemlock ( UnsignedFile.Multi.Generic ) - warning

12:01:00.0718 0180 PGPmemlock - detected UnsignedFile.Multi.Generic (1)

12:01:00.0765 0180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:01:00.0843 0180 PptpMiniport - ok

12:01:00.0875 0180 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

12:01:00.0953 0180 Processor - ok

12:01:00.0968 0180 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:01:01.0062 0180 PSched - ok

12:01:01.0093 0180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:01:01.0203 0180 Ptilink - ok

12:01:01.0218 0180 ql1080 - ok

12:01:01.0218 0180 Ql10wnt - ok

12:01:01.0234 0180 ql12160 - ok

12:01:01.0234 0180 ql1240 - ok

12:01:01.0250 0180 ql1280 - ok

12:01:01.0250 0180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:01:01.0343 0180 RasAcd - ok

12:01:01.0375 0180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:01:01.0468 0180 Rasl2tp - ok

12:01:01.0484 0180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:01:01.0578 0180 RasPppoe - ok

12:01:01.0578 0180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:01:01.0687 0180 Raspti - ok

12:01:01.0703 0180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:01:01.0781 0180 Rdbss - ok

12:01:01.0796 0180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:01:01.0890 0180 RDPCDD - ok

12:01:01.0937 0180 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:01:02.0015 0180 rdpdr - ok

12:01:02.0062 0180 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

12:01:02.0156 0180 RDPWD - ok

12:01:02.0187 0180 redbook (cce6de646a2a9691cad011937cb59f70) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:01:02.0187 0180 redbook ( UnsignedFile.Multi.Generic ) - warning

12:01:02.0187 0180 redbook - detected UnsignedFile.Multi.Generic (1)

12:01:02.0250 0180 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:01:02.0343 0180 Secdrv - ok

12:01:02.0390 0180 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:01:02.0468 0180 serenum - ok

12:01:02.0500 0180 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

12:01:02.0593 0180 Serial - ok

12:01:02.0625 0180 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:01:02.0718 0180 Sfloppy - ok

12:01:02.0734 0180 Simbad - ok

12:01:02.0734 0180 Sparrow - ok

12:01:02.0750 0180 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:01:02.0828 0180 splitter - ok

12:01:02.0875 0180 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:01:02.0968 0180 sr - ok

12:01:02.0968 0180 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

12:01:03.0062 0180 Srv - ok

12:01:03.0109 0180 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

12:01:03.0109 0180 ssmdrv - ok

12:01:03.0156 0180 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

12:01:03.0250 0180 StillCam - ok

12:01:03.0265 0180 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:01:03.0390 0180 swenum - ok

12:01:03.0437 0180 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:01:03.0546 0180 swmidi - ok

12:01:03.0546 0180 symc810 - ok

12:01:03.0562 0180 symc8xx - ok

12:01:03.0562 0180 sym_hi - ok

12:01:03.0578 0180 sym_u3 - ok

12:01:03.0593 0180 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:01:03.0687 0180 sysaudio - ok

12:01:03.0718 0180 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:01:03.0812 0180 Tcpip - ok

12:01:03.0843 0180 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:01:03.0937 0180 TDPIPE - ok

12:01:03.0953 0180 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:01:04.0046 0180 TDTCP - ok

12:01:04.0078 0180 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:01:04.0171 0180 TermDD - ok

12:01:04.0187 0180 TosIde - ok

12:01:04.0218 0180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:01:04.0312 0180 Udfs - ok

12:01:04.0312 0180 ultra - ok

12:01:04.0359 0180 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:01:04.0453 0180 Update - ok

12:01:04.0500 0180 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

12:01:04.0515 0180 USBAAPL - ok

12:01:04.0546 0180 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:01:04.0640 0180 usbccgp - ok

12:01:04.0656 0180 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:01:04.0750 0180 usbehci - ok

12:01:04.0750 0180 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:01:04.0843 0180 usbhub - ok

12:01:04.0890 0180 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

12:01:04.0968 0180 usbohci - ok

12:01:05.0015 0180 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:01:05.0093 0180 usbscan - ok

12:01:05.0109 0180 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:01:05.0203 0180 USBSTOR - ok

12:01:05.0234 0180 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:01:05.0328 0180 VgaSave - ok

12:01:05.0343 0180 ViaIde - ok

12:01:05.0375 0180 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:01:05.0453 0180 VolSnap - ok

12:01:05.0484 0180 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:01:05.0578 0180 Wanarp - ok

12:01:05.0625 0180 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

12:01:05.0640 0180 Wdf01000 - ok

12:01:05.0640 0180 WDICA - ok

12:01:05.0687 0180 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:01:05.0781 0180 wdmaud - ok

12:01:05.0828 0180 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

12:01:05.0921 0180 WS2IFSL - ok

12:01:05.0953 0180 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

12:01:06.0125 0180 \Device\Harddisk0\DR0 - ok

12:01:06.0125 0180 Boot (0x1200) (4443162ff56254fd0dad60b375312fcc) \Device\Harddisk0\DR0\Partition0

12:01:06.0125 0180 \Device\Harddisk0\DR0\Partition0 - ok

12:01:06.0125 0180 ============================================================

12:01:06.0125 0180 Scan finished

12:01:06.0125 0180 ============================================================

12:01:06.0125 1056 Detected object count: 5

12:01:06.0125 1056 Actual detected object count: 5

12:01:38.0281 1056 aaivskn ( UnsignedFile.Multi.Generic ) - skipped by user

12:01:38.0281 1056 aaivskn ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:01:38.0281 1056 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user

12:01:38.0281 1056 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:01:38.0281 1056 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user

12:01:38.0281 1056 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:01:38.0281 1056 PGPmemlock ( UnsignedFile.Multi.Generic ) - skipped by user

12:01:38.0281 1056 PGPmemlock ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:01:38.0296 1056 redbook ( UnsignedFile.Multi.Generic ) - skipped by user

12:01:38.0296 1056 redbook ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:02:50.0296 0424 Deinitialize success

Malwarebytes' Anti-Malware log

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.22.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 6.0.2900.5512

Mike's Music :: OFC2 [administrator]

2/22/2012 12:05:41 PM

mbam-log-2012-02-22 (12-05-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 419612

Time elapsed: 34 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DvhhCCFbLujqW.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users.WINDOWS\Application Data\DvhhCCFbLujqW.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 93

C:\Documents and Settings\All Users.WINDOWS\Application Data\DvhhCCFbLujqW.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike's Music\Application Data\C4B74\98474.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike's Music\Application Data\C4B74\A99BC.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\3combootp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\A88xXBar.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\acprfmgrsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\amdppm.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\amoagent.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\amon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bcm4sbxp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\BCMModem.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bdftdif.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bthidenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cdaudio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cebdaldr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cidaemon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\CiscoVpnInstallService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cm102u32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cmdide.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ctaud2k.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dashsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\db2das00.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dktknsrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\DLH5X.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\DNE.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Exportit.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gv3.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hdaudbus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\houdinilicenseserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hpqwmi.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hwdatacard.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ichaud.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ihcservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\IPSECSHM.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\irenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\k750mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\KMW_SYS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\KR3NPXP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lcs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LMS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lxbu_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MA_CMIDI.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MKEMUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlkkbdntdriver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nalntservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ndisip.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\NsTrcNT.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\omniserv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\oracle%oracle_home_service%clientcache80.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ossrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pdlndint.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pdlnsv25.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\protexislicensing.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\quickhealfirewall.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\RMSvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rt2500.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\RTLE8023xp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SaiU040B.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SECYPUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\serial.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sffp_sd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sfusvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sigfilt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\snac.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\snare.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sonywbms.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sqlagent$sony_mediamgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SRS_SSCFilter.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssfs0509.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TMHIDSRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tpkd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\transbaseservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\trioservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tvtnetwk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\update.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uphclean.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\USBAAPL.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\USB_NDIS_51.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\USRpdA.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UxTuneUp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vcommmgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\viamraid.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\viaudio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\VMAUDIO.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wdmaud.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\websensecamreportserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\websensecamserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WmHidLo.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\z525bus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\z800mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike's Music\Local Settings\Temp\~!#F.tmp (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\hdgfsh.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\ueabklu.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

(end)

a new fresh DDS log file

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.22.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 6.0.2900.5512

Mike's Music :: OFC2 [administrator]

2/22/2012 12:05:41 PM

mbam-log-2012-02-22 (12-05-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 419612

Time elapsed: 34 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DvhhCCFbLujqW.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users.WINDOWS\Application Data\DvhhCCFbLujqW.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 93

C:\Documents and Settings\All Users.WINDOWS\Application Data\DvhhCCFbLujqW.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike's Music\Application Data\C4B74\98474.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike's Music\Application Data\C4B74\A99BC.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\3combootp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\A88xXBar.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\acprfmgrsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\amdppm.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\amoagent.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\amon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bcm4sbxp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\BCMModem.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bdftdif.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bthidenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cdaudio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cebdaldr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cidaemon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\CiscoVpnInstallService.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cm102u32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cmdide.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ctaud2k.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dashsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\db2das00.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dktknsrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\DLH5X.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\DNE.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Exportit.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gv3.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hdaudbus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\houdinilicenseserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hpqwmi.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hwdatacard.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ichaud.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ihcservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\IPSECSHM.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\irenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\k750mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\KMW_SYS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\KR3NPXP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lcs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\LMS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lxbu_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MA_CMIDI.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MKEMUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlkkbdntdriver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nalntservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ndisip.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\NsTrcNT.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\omniserv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\oracle%oracle_home_service%clientcache80.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ossrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pdlndint.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pdlnsv25.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\protexislicensing.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\quickhealfirewall.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\RMSvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rt2500.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\RTLE8023xp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SaiU040B.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SECYPUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\serial.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sffp_sd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sfusvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sigfilt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\snac.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\snare.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sonywbms.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sqlagent$sony_mediamgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SRS_SSCFilter.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ssfs0509.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TMHIDSRV.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tpkd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\transbaseservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\trioservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tvtnetwk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\update.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\uphclean.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\USBAAPL.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\USB_NDIS_51.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\USRpdA.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\UxTuneUp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vcommmgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\viamraid.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\viaudio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\VMAUDIO.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wdmaud.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\websensecamreportserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\websensecamserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WmHidLo.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\z525bus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\z800mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\Mike's Music\Local Settings\Temp\~!#F.tmp (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\hdgfsh.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\ueabklu.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

(end)

[Maniac]

To be effective our work, please repeat the steps in normal mode, not in Safe Mode.

[umshewa]

OK, so I finally got everything you want. Please note that this is my work computer and being 12 hours differance this is getting very hard. I've been out of a computer now 3 days because of time differance. If there is anything I can do in steps please tell me everything. I can't be doing one step this day and this step tomorrow....I need to get this fixed. I do appriciate your help please know. This is just killing me at getting work done!

I have the log files for you but please know that I'm still having the firefox problem with starting with a proxy server. I can disable it everytime I go online but I would like to fix that too!

Thank you for your help!!

TDSSKiller log

15:51:50.0890 3572 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

15:51:51.0546 3572 ============================================================

15:51:51.0562 3572 Current date / time: 2012/02/23 15:51:51.0546

15:51:51.0562 3572 SystemInfo:

15:51:51.0562 3572

15:51:51.0562 3572 OS Version: 5.1.2600 ServicePack: 3.0

15:51:51.0562 3572 Product type: Workstation

15:51:51.0562 3572 ComputerName: OFC2

15:51:51.0562 3572 UserName: Mike's Music

15:51:51.0562 3572 Windows directory: C:\WINDOWS

15:51:51.0562 3572 System windows directory: C:\WINDOWS

15:51:51.0562 3572 Processor architecture: Intel x86

15:51:51.0562 3572 Number of processors: 1

15:51:51.0562 3572 Page size: 0x1000

15:51:51.0562 3572 Boot type: Normal boot

15:51:51.0562 3572 ============================================================

15:51:53.0109 3572 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:51:53.0109 3572 \Device\Harddisk0\DR0:

15:51:53.0109 3572 MBR used

15:51:53.0109 3572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

15:51:53.0187 3572 Initialize success

15:51:53.0187 3572 ============================================================

15:51:57.0406 4032 ============================================================

15:51:57.0406 4032 Scan started

15:51:57.0406 4032 Mode: Manual; SigCheck; TDLFS;

15:51:57.0406 4032 ============================================================

15:51:57.0625 4032 Abiosdsk - ok

15:51:57.0687 4032 abp480n5 - ok

15:51:57.0734 4032 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:51:59.0125 4032 ACPI - ok

15:51:59.0203 4032 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:51:59.0531 4032 ACPIEC - ok

15:51:59.0578 4032 adpu160m - ok

15:51:59.0640 4032 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:51:59.0781 4032 aec - ok

15:51:59.0843 4032 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

15:52:00.0109 4032 AFD - ok

15:52:00.0109 4032 Aha154x - ok

15:52:00.0140 4032 aic78u2 - ok

15:52:00.0203 4032 aic78xx - ok

15:52:00.0234 4032 AliIde - ok

15:52:00.0234 4032 amsint - ok

15:52:00.0328 4032 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys

15:52:00.0453 4032 AnyDVD - ok

15:52:00.0468 4032 asc - ok

15:52:00.0484 4032 asc3350p - ok

15:52:00.0500 4032 asc3550 - ok

15:52:00.0625 4032 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:52:01.0015 4032 AsyncMac - ok

15:52:01.0062 4032 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:52:01.0250 4032 atapi - ok

15:52:01.0250 4032 Atdisk - ok

15:52:01.0296 4032 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:52:01.0593 4032 Atmarpc - ok

15:52:01.0625 4032 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:52:01.0843 4032 audstub - ok

15:52:01.0906 4032 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

15:52:01.0921 4032 avgio - ok

15:52:01.0953 4032 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

15:52:02.0031 4032 avgntflt - ok

15:52:02.0078 4032 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

15:52:02.0187 4032 avipbb - ok

15:52:02.0234 4032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:52:02.0406 4032 Beep - ok

15:52:02.0468 4032 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys

15:52:02.0546 4032 BrPar ( UnsignedFile.Multi.Generic ) - warning

15:52:02.0546 4032 BrPar - detected UnsignedFile.Multi.Generic (1)

15:52:02.0578 4032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:52:02.0781 4032 cbidf2k - ok

15:52:02.0796 4032 cd20xrnt - ok

15:52:02.0828 4032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:52:03.0140 4032 Cdaudio - ok

15:52:03.0187 4032 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:52:03.0515 4032 Cdfs - ok

15:52:03.0546 4032 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:52:03.0703 4032 Cdrom - ok

15:52:03.0703 4032 Changer - ok

15:52:03.0734 4032 CmdIde - ok

15:52:03.0750 4032 Cpqarray - ok

15:52:03.0750 4032 dac2w2k - ok

15:52:03.0765 4032 dac960nt - ok

15:52:03.0781 4032 dfym - ok

15:52:03.0812 4032 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:52:04.0015 4032 Disk - ok

15:52:04.0093 4032 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:52:04.0343 4032 dmboot - ok

15:52:04.0375 4032 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:52:04.0781 4032 dmio - ok

15:52:04.0812 4032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:52:05.0093 4032 dmload - ok

15:52:05.0156 4032 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:52:05.0718 4032 DMusic - ok

15:52:05.0734 4032 dpti2o - ok

15:52:05.0781 4032 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:52:05.0890 4032 drmkaud - ok

15:52:05.0921 4032 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

15:52:05.0953 4032 ElbyCDIO - ok

15:52:06.0000 4032 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:52:06.0484 4032 Fastfat - ok

15:52:06.0562 4032 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:52:06.0875 4032 Fdc - ok

15:52:06.0906 4032 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:52:07.0093 4032 Fips - ok

15:52:07.0171 4032 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:52:07.0421 4032 Flpydisk - ok

15:52:07.0500 4032 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:52:07.0906 4032 FltMgr - ok

15:52:07.0953 4032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:52:08.0109 4032 Fs_Rec - ok

15:52:08.0125 4032 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:52:08.0500 4032 Ftdisk - ok

15:52:08.0531 4032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:52:08.0593 4032 GEARAspiWDM - ok

15:52:08.0656 4032 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:52:09.0000 4032 Gpc - ok

15:52:09.0093 4032 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:52:09.0109 4032 HDAudBus ( UnsignedFile.Multi.Generic ) - warning

15:52:09.0109 4032 HDAudBus - detected UnsignedFile.Multi.Generic (1)

15:52:09.0171 4032 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:52:09.0281 4032 HidUsb - ok

15:52:09.0281 4032 hpn - ok

15:52:09.0312 4032 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

15:52:09.0421 4032 HTTP - ok

15:52:09.0437 4032 i2omgmt - ok

15:52:09.0468 4032 i2omp - ok

15:52:09.0515 4032 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:52:09.0906 4032 i8042prt - ok

15:52:09.0906 4032 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:52:10.0031 4032 Imapi - ok

15:52:10.0046 4032 ini910u - ok

15:52:10.0250 4032 IntcAzAudAddService (1ebde650d97a8eccdc1cc4a0804647cd) C:\WINDOWS\system32\drivers\RtkHDAud.sys

15:52:10.0703 4032 IntcAzAudAddService - ok

15:52:10.0765 4032 IntelIde - ok

15:52:10.0875 4032 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:52:11.0281 4032 ip6fw - ok

15:52:11.0531 4032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:52:12.0640 4032 IpFilterDriver - ok

15:52:12.0750 4032 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:52:12.0890 4032 IpInIp - ok

15:52:12.0937 4032 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:52:13.0031 4032 IpNat - ok

15:52:13.0062 4032 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:52:13.0390 4032 IPSec - ok

15:52:13.0421 4032 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:52:13.0781 4032 IRENUM - ok

15:52:13.0812 4032 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:52:13.0953 4032 isapnp - ok

15:52:13.0968 4032 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:52:14.0078 4032 Kbdclass - ok

15:52:14.0125 4032 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:52:14.0421 4032 kmixer - ok

15:52:14.0468 4032 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

15:52:14.0937 4032 KSecDD - ok

15:52:14.0953 4032 lbrtfdc - ok

15:52:15.0125 4032 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

15:52:15.0140 4032 LMIInfo - ok

15:52:15.0171 4032 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

15:52:15.0187 4032 lmimirr - ok

15:52:15.0187 4032 LMIRfsClientNP - ok

15:52:15.0203 4032 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

15:52:15.0218 4032 LMIRfsDriver - ok

15:52:15.0281 4032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:52:15.0484 4032 mnmdd - ok

15:52:15.0546 4032 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:52:15.0750 4032 Modem - ok

15:52:15.0828 4032 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

15:52:16.0078 4032 motmodem - ok

15:52:16.0203 4032 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:52:16.0546 4032 Mouclass - ok

15:52:16.0609 4032 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:52:16.0750 4032 MountMgr - ok

15:52:16.0843 4032 mraid35x - ok

15:52:16.0906 4032 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:52:17.0156 4032 MRxDAV - ok

15:52:17.0171 4032 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:52:17.0437 4032 MRxSmb - ok

15:52:17.0500 4032 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:52:17.0609 4032 Msfs - ok

15:52:17.0625 4032 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:52:17.0906 4032 MSKSSRV - ok

15:52:17.0937 4032 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:52:18.0281 4032 MSPCLOCK - ok

15:52:18.0296 4032 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:52:18.0640 4032 MSPQM - ok

15:52:18.0671 4032 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:52:18.0765 4032 mssmbios - ok

15:52:18.0828 4032 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

15:52:18.0921 4032 Mup - ok

15:52:18.0953 4032 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:52:19.0421 4032 NDIS - ok

15:52:19.0453 4032 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:52:19.0640 4032 NdisTapi - ok

15:52:19.0671 4032 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:52:19.0859 4032 Ndisuio - ok

15:52:19.0906 4032 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:52:20.0312 4032 NdisWan - ok

15:52:20.0328 4032 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

15:52:20.0437 4032 NDProxy - ok

15:52:20.0468 4032 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:52:20.0562 4032 NetBIOS - ok

15:52:20.0593 4032 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:52:21.0156 4032 NetBT - ok

15:52:21.0312 4032 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:52:21.0625 4032 Npfs - ok

15:52:21.0703 4032 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:52:22.0078 4032 Ntfs - ok

15:52:22.0109 4032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:52:22.0312 4032 Null - ok

15:52:22.0453 4032 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:52:23.0343 4032 nv - ok

15:52:23.0421 4032 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys

15:52:23.0593 4032 nvata - ok

15:52:23.0687 4032 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

15:52:23.0890 4032 NVENETFD - ok

15:52:23.0921 4032 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

15:52:24.0187 4032 nvnetbus - ok

15:52:24.0203 4032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:52:24.0343 4032 NwlnkFlt - ok

15:52:24.0359 4032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:52:24.0781 4032 NwlnkFwd - ok

15:52:24.0828 4032 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:52:25.0000 4032 Parport - ok

15:52:25.0093 4032 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:52:25.0375 4032 PartMgr - ok

15:52:25.0437 4032 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:52:25.0890 4032 ParVdm - ok

15:52:25.0953 4032 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:52:26.0203 4032 PCI - ok

15:52:26.0203 4032 PCIDump - ok

15:52:26.0265 4032 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:52:26.0437 4032 PCIIde - ok

15:52:26.0500 4032 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:52:26.0609 4032 Pcmcia - ok

15:52:26.0625 4032 PDCOMP - ok

15:52:26.0640 4032 PDFRAME - ok

15:52:26.0671 4032 PDRELI - ok

15:52:26.0703 4032 PDRFRAME - ok

15:52:26.0703 4032 perc2 - ok

15:52:26.0750 4032 perc2hib - ok

15:52:26.0828 4032 PGPmemlock (a549dc21b37f1eece4e89acc993aaabb) C:\WINDOWS\system32\drivers\PGPmemlock.sys

15:52:26.0953 4032 PGPmemlock ( UnsignedFile.Multi.Generic ) - warning

15:52:26.0953 4032 PGPmemlock - detected UnsignedFile.Multi.Generic (1)

15:52:27.0000 4032 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:52:27.0312 4032 PptpMiniport - ok

15:52:27.0421 4032 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

15:52:28.0187 4032 Processor - ok

15:52:28.0250 4032 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:52:28.0515 4032 PSched - ok

15:52:28.0578 4032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:52:28.0843 4032 Ptilink - ok

15:52:28.0843 4032 ql1080 - ok

15:52:28.0875 4032 Ql10wnt - ok

15:52:28.0890 4032 ql12160 - ok

15:52:28.0906 4032 ql1240 - ok

15:52:28.0921 4032 ql1280 - ok

15:52:28.0968 4032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:52:29.0343 4032 RasAcd - ok

15:52:29.0390 4032 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:52:29.0531 4032 Rasl2tp - ok

15:52:29.0640 4032 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:52:29.0875 4032 RasPppoe - ok

15:52:29.0921 4032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:52:30.0078 4032 Raspti - ok

15:52:30.0093 4032 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:52:30.0390 4032 Rdbss - ok

15:52:30.0437 4032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:52:30.0562 4032 RDPCDD - ok

15:52:30.0640 4032 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:52:31.0281 4032 rdpdr - ok

15:52:31.0312 4032 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

15:52:31.0437 4032 RDPWD - ok

15:52:31.0625 4032 redbook (cce6de646a2a9691cad011937cb59f70) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:52:31.0703 4032 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\redbook.sys. md5: cce6de646a2a9691cad011937cb59f70

15:52:31.0703 4032 redbook ( LockedFile.Multi.Generic ) - warning

15:52:31.0703 4032 redbook - detected LockedFile.Multi.Generic (1)

15:52:31.0796 4032 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:52:31.0984 4032 Secdrv - ok

15:52:32.0156 4032 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:52:32.0515 4032 serenum - ok

15:52:32.0625 4032 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:52:54.0453 4032 Serial - ok

15:52:54.0531 4032 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:52:54.0734 4032 Sfloppy - ok

15:52:54.0765 4032 Simbad - ok

15:52:54.0859 4032 Sparrow - ok

15:52:54.0906 4032 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:52:55.0140 4032 splitter - ok

15:52:55.0187 4032 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:52:55.0515 4032 sr - ok

15:52:55.0609 4032 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

15:52:55.0921 4032 Srv - ok

15:52:55.0953 4032 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

15:52:55.0968 4032 ssmdrv - ok

15:52:56.0015 4032 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

15:52:56.0312 4032 StillCam - ok

15:52:56.0343 4032 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:52:56.0531 4032 swenum - ok

15:52:56.0640 4032 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:52:56.0937 4032 swmidi - ok

15:52:57.0031 4032 symc810 - ok

15:52:57.0125 4032 symc8xx - ok

15:52:57.0140 4032 sym_hi - ok

15:52:57.0171 4032 sym_u3 - ok

15:52:57.0218 4032 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:52:57.0593 4032 sysaudio - ok

15:52:57.0656 4032 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:52:58.0031 4032 Tcpip - ok

15:52:58.0078 4032 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:52:58.0218 4032 TDPIPE - ok

15:52:58.0265 4032 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:52:58.0593 4032 TDTCP - ok

15:52:58.0625 4032 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:52:58.0781 4032 TermDD - ok

15:52:58.0796 4032 TosIde - ok

15:52:58.0890 4032 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:52:59.0218 4032 Udfs - ok

15:52:59.0250 4032 ultra - ok

15:52:59.0312 4032 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:52:59.0859 4032 Update - ok

15:52:59.0937 4032 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

15:53:00.0406 4032 USBAAPL - ok

15:53:00.0500 4032 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:53:00.0906 4032 usbccgp - ok

15:53:00.0968 4032 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:53:01.0109 4032 usbehci - ok

15:53:01.0140 4032 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:53:01.0281 4032 usbhub - ok

15:53:01.0296 4032 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

15:53:01.0515 4032 usbohci - ok

15:53:01.0546 4032 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:53:01.0734 4032 usbscan - ok

15:53:01.0765 4032 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:53:02.0046 4032 USBSTOR - ok

15:53:02.0078 4032 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:53:02.0218 4032 VgaSave - ok

15:53:02.0218 4032 ViaIde - ok

15:53:02.0250 4032 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:53:02.0531 4032 VolSnap - ok

15:53:02.0593 4032 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:53:02.0828 4032 Wanarp - ok

15:53:02.0906 4032 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

15:53:02.0953 4032 Wdf01000 - ok

15:53:02.0953 4032 WDICA - ok

15:53:03.0000 4032 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:53:03.0343 4032 wdmaud - ok

15:53:03.0656 4032 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:53:03.0828 4032 WS2IFSL - ok

15:53:03.0968 4032 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:53:04.0156 4032 \Device\Harddisk0\DR0 - ok

15:53:04.0156 4032 Boot (0x1200) (4443162ff56254fd0dad60b375312fcc) \Device\Harddisk0\DR0\Partition0

15:53:04.0156 4032 \Device\Harddisk0\DR0\Partition0 - ok

15:53:04.0156 4032 ============================================================

15:53:04.0156 4032 Scan finished

15:53:04.0156 4032 ============================================================

15:53:04.0296 3880 Detected object count: 4

15:53:04.0296 3880 Actual detected object count: 4

15:54:10.0578 3880 BrPar ( UnsignedFile.Multi.Generic ) - skipped by user

15:54:10.0578 3880 BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:54:10.0578 3880 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user

15:54:10.0578 3880 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:54:10.0578 3880 PGPmemlock ( UnsignedFile.Multi.Generic ) - skipped by user

15:54:10.0578 3880 PGPmemlock ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:54:10.0578 3880 redbook ( LockedFile.Multi.Generic ) - skipped by user

15:54:10.0578 3880 redbook ( LockedFile.Multi.Generic ) - User select action: Skip

15:54:14.0828 0624 Deinitialize success

Malwarebytes' Anti-Malware log

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.23.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Mike's Music :: OFC2 [administrator]

2/23/2012 3:56:53 PM

mbam-log-2012-02-23 (15-56-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 370707

Time elapsed: 1 hour(s), 36 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\All Users.WINDOWS\Application Data\zDyjS4nzjxmJwu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

DDS log file

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21

Run by Mike's Music at 17:54:15 on 2012-02-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1416 [GMT -9:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Documents and Settings\Mike's Music\Application Data\Mikogo 4\M4-Service.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

C:\Documents and Settings\Mike's Music\Application Data\Mikogo 4\M4-Capture.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=AVBR

uSearch Page = hxxp://www.bing.com/?pc=AVBR

uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"

uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

uRun: [Google Update] "c:\documents and settings\mike's music\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [setDefPrt] c:\program files\brother\brmfl05c\BrStDvPt.exe

mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\mike's~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: intuit.com\ttlc

DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/E/1/F/E1F6B9B3-49AA-42BB-9115-D9FB57768CC2/wmavax.CAB

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267483563402

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{8B4BF036-8AC2-4A69-9BFD-6FFFFBABE2FF} : DhcpNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: LMIinit - LMIinit.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-17 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-17 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-17 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-17 66616]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-4 47640]

R2 M4-Service;M4-Service;c:\documents and settings\mike's music\application data\mikogo 4\M4-Service.exe [2011-8-3 1003888]

R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [2010-4-1 6656]

S0 dfym;dfym;c:\windows\system32\drivers\wlurfrtl.sys --> c:\windows\system32\drivers\wlurfrtl.sys [?]

S0 jndx;jndx;c:\windows\system32\drivers\xakx.sys --> c:\windows\system32\drivers\xakx.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-27 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-27 136176]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2012-02-21 21:52:57 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-02-21 20:46:24 -------- d-----w- c:\program files\747F1

2012-02-21 20:45:57 -------- d-----w- c:\program files\LP

2012-02-21 20:45:57 -------- d-----w- c:\documents and settings\mike's music\application data\C4B74

2012-02-21 01:34:26 -------- d-----w- c:\program files\eBay

2012-02-21 01:34:26 -------- d-----w- c:\documents and settings\all users.windows\eBay

2012-02-16 00:24:21 -------- d-----w- c:\documents and settings\mike's music\local settings\application data\Citrix

2012-02-16 00:24:19 102248 ----a-w- c:\documents and settings\mike's music\GoToAssistDownloadHelper.exe

2012-02-15 22:47:00 -------- d-----w- c:\program files\Audible

2012-02-08 23:48:37 -------- d-----w- c:\documents and settings\mike's music\local settings\application data\Intuit

2012-02-08 23:35:28 -------- d-----w- c:\documents and settings\mike's music\application data\Intuit

2012-02-08 23:34:00 -------- d-----w- c:\documents and settings\mike's music\local settings\application data\IsolatedStorage

2012-02-08 23:33:57 -------- d-----w- c:\program files\common files\Intuit

2012-02-08 23:31:00 -------- d-----w- c:\program files\TurboTax

2012-02-08 23:30:39 -------- d-----w- c:\documents and settings\all users.windows\application data\Intuit

2012-02-04 00:36:22 49152 ----a-r- c:\windows\system32\inetwh32.dll

2012-02-04 00:36:22 1044480 ----a-r- c:\windows\system32\roboex32.dll

2012-02-02 22:27:15 -------- d-----w- C:\Pinger

.

==================== Find3M ====================

.

2012-02-07 20:51:52 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-02-07 20:51:52 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-02-07 20:51:51 87424 ----a-w- c:\windows\system32\LMIinit.dll

2012-02-07 20:51:51 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-12-15 21:02:18 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-12-15 21:02:16 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-12-11 00:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 17:55:35.71 ===============

Attach Log

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/1/2010 1:19:33 PM

System Uptime: 2/23/2012 5:40:58 PM (0 hours ago)

.

Motherboard: | | NF-MCP61

Processor: AMD Athlon Processor LE-1600 | Socket AM2 | 2210/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 13.272 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMATAPI_DVD_C__DH52C2S____________________NP57\3032383036303332303034323637353220202020

Manufacturer: (Standard CD-ROM drives)

Name: ATAPI DVD C DH52C2S

PNP Device ID: IDE\CDROMATAPI_DVD_C__DH52C2S____________________NP57\3032383036303332303034323637353220202020

Service: cdrom

.

==== System Restore Points ===================

.

RP503: 11/21/2011 1:11:33 PM - System Checkpoint

RP504: 11/22/2011 1:19:21 PM - System Checkpoint

RP505: 11/23/2011 1:47:54 PM - System Checkpoint

RP506: 11/28/2011 3:44:51 PM - System Checkpoint

RP507: 11/29/2011 4:30:27 PM - System Checkpoint

RP508: 11/30/2011 6:49:35 PM - System Checkpoint

RP509: 12/2/2011 12:51:01 PM - System Checkpoint

RP510: 12/3/2011 1:22:12 PM - System Checkpoint

RP511: 12/5/2011 12:42:02 PM - System Checkpoint

RP512: 12/6/2011 3:14:31 PM - System Checkpoint

RP513: 12/7/2011 4:09:25 PM - System Checkpoint

RP514: 12/8/2011 5:01:31 PM - System Checkpoint

RP515: 12/9/2011 5:39:20 PM - System Checkpoint

RP516: 12/12/2011 12:25:17 PM - System Checkpoint

RP517: 12/14/2011 12:15:21 PM - System Checkpoint

RP518: 12/15/2011 12:16:33 PM - System Checkpoint

RP519: 12/16/2011 12:11:55 PM - Printer Driver LogMeIn Printer Driver Installed

RP520: 12/17/2011 12:29:12 PM - System Checkpoint

RP521: 12/19/2011 12:13:02 PM - System Checkpoint

RP522: 12/20/2011 12:19:07 PM - System Checkpoint

RP523: 12/21/2011 1:03:53 PM - System Checkpoint

RP524: 12/22/2011 2:53:53 PM - System Checkpoint

RP525: 12/23/2011 3:26:40 PM - System Checkpoint

RP526: 12/27/2011 12:55:36 PM - System Checkpoint

RP527: 12/28/2011 3:06:22 PM - System Checkpoint

RP528: 12/29/2011 6:35:16 PM - System Checkpoint

RP529: 1/3/2012 10:08:18 AM - System Checkpoint

RP530: 1/4/2012 12:12:00 PM - System Checkpoint

RP531: 1/5/2012 1:45:23 PM - System Checkpoint

RP532: 1/6/2012 4:09:59 PM - System Checkpoint

RP533: 1/7/2012 4:42:36 PM - System Checkpoint

RP534: 1/9/2012 12:41:13 PM - System Checkpoint

RP535: 1/10/2012 5:19:54 PM - System Checkpoint

RP536: 1/11/2012 6:01:28 PM - System Checkpoint

RP537: 1/12/2012 3:38:04 PM - Removed Opera 11.51.

RP538: 1/13/2012 6:12:54 PM - System Checkpoint

RP539: 1/16/2012 1:36:49 PM - System Checkpoint

RP540: 1/17/2012 4:52:30 PM - System Checkpoint

RP541: 1/18/2012 5:53:01 PM - System Checkpoint

RP542: 1/25/2012 12:22:51 PM - System Checkpoint

RP543: 1/26/2012 2:08:51 PM - System Checkpoint

RP544: 1/27/2012 3:21:28 PM - System Checkpoint

RP545: 2/1/2012 2:53:09 PM - System Checkpoint

RP546: 2/2/2012 3:25:27 PM - System Checkpoint

RP547: 2/3/2012 5:13:53 PM - System Checkpoint

RP548: 2/7/2012 1:56:48 PM - System Checkpoint

RP549: 2/8/2012 11:53:42 AM - Printer Driver LogMeIn Printer Driver Installed

RP550: 2/8/2012 2:34:08 PM - Installed TurboTax 2011 wrapper

RP551: 2/10/2012 12:14:18 PM - System Checkpoint

RP552: 2/11/2012 12:24:23 PM - System Checkpoint

RP553: 2/13/2012 5:32:19 PM - System Checkpoint

RP554: 2/15/2012 1:08:53 PM - System Checkpoint

RP555: 2/15/2012 5:22:28 PM - Installed Windows Media Player Firefox Plugin

RP556: 2/15/2012 5:40:20 PM - Removed Windows Media Player Firefox Plugin

RP557: 2/15/2012 5:40:31 PM - Installed Windows Media Player Firefox Plugin

RP558: 2/16/2012 6:44:11 PM - System Checkpoint

RP559: 2/18/2012 12:13:10 PM - System Checkpoint

RP560: 2/20/2012 4:34:21 PM - Installed Turbo Lister 2.

RP561: 2/23/2012 4:58:15 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Acrobat 6.0.1 Standard

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.7

AIMsi RunTime

AnyDVD

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audible Download Manager

AudioConverter Studio 6.1

Auslogics Disk Defrag

Avira AntiVir Personal - Free Antivirus

AviSynth 2.5

BeerSmith Brewing Software

Bonjour

Brother HL-4040CN

Brother MFL-Pro Suite

CloneDVD2

CoffeeCup Free FTP

Compatibility Pack for the 2007 Office system

Data Lifeguard Diagnostic for Windows 1.22

DBF Commander 1.1.25

DBF Doctor 2.6

DBF Manager

DBF Recovery 3.1

DBFWonder 1.3 Standard Version

Express Burn Disc Burning Software

Free RAR Extract Frog

Free YouTube to iPod Converter version 3.8

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

GoToMeeting 4.5.0.457

HandBrake 0.9.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB971276-v3)

Hulu Downloader 2.4.5.2

iExplorer 2.2.1.3

iTunes

Java Auto Updater

Java DB 10.5.3.0

Java 6 Update 21

Java SE Development Kit 6 Update 21

LogMeIn

Lorex Internet Remote Software

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft ActiveSync

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office Access database engine 2007 (English)

Microsoft Office Small Business Edition 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual FoxPro OLE DB Provider

Mikogo 4

Mozilla Firefox 10.0.2 (x86 en-US)

Mozilla Thunderbird 10.0.2 (x86 en-US)

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

Octoshape add-in for Adobe Flash Player

Opera 11.61

Paros 3.2.13

PC Inspector File Recovery

PE Explorer 1.99 R6

PGPfreeware 6.5.8

PNY Movie Player

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recover Files 3.21

Registry First Aid

RentASoft Image Converter v2.3

Sibelius Scorch (Firefox, Opera, Netscape only)

Skype Click to Call

Skype™ 5.5

Solero Music Control NP 1.0.0.5

Solero Music Viewer 8.0.32.2

StreamTransport version: 1.0.2.2171

Turbo Lister 2

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Uninstall 1.0.0.1

Unity Web Player

Videora iPhone Converter 6

VLC media player 1.1.11

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Media Player Firefox Plugin

Windows XP Service Pack 3

WinHTTrack Website Copier 3.44-1

WinX DVD to iPhone Ripper 4.0.8

WinX Free VOB to MP4 Converter 2.0.5

XPS Essentials Pack

XPS Essentials Pack 1.0

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

2/23/2012 3:54:44 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file redbook.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.

2/23/2012 3:20:16 PM, error: Service Control Manager [7023] - The Aclient service terminated with the following error: Access is denied.

2/23/2012 3:05:11 PM, error: Service Control Manager [7023] - The w300bus service terminated with the following error: Access is denied.

2/23/2012 12:35:11 PM, error: Service Control Manager [7023] - The Vpcusb service terminated with the following error: Access is denied.

2/23/2012 12:21:46 PM, error: Service Control Manager [7023] - The Psdistributionagent service terminated with the following error: Access is denied.

2/23/2012 12:02:00 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'redbook.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

2/22/2012 11:57:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

2/21/2012 12:37:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb ElbyCDIO Fips Processor ssmdrv

2/21/2012 12:26:41 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

2/21/2012 12:24:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'redbook.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

2/21/2012 12:21:53 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

2/21/2012 12:20:52 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

2/21/2012 11:58:34 AM, error: Service Control Manager [7034] - The System Restore Service service terminated unexpectedly. It has done this 1 time(s).

2/21/2012 11:58:34 AM, error: Service Control Manager [7034] - The Logical Disk Manager service terminated unexpectedly. It has done this 1 time(s).

2/21/2012 11:58:34 AM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).

2/21/2012 11:58:34 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/21/2012 11:58:34 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

2/21/2012 11:58:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb ElbyCDIO Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip

2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The Forceware Web Interface service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2012 11:58:34 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2012 11:57:35 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

2/21/2012 11:56:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

[Maniac]

OK, so I finally got everything you want. Please note that this is my work computer and being 12 hours differance this is getting very hard. I've been out of a computer now 3 days because of time differance. If there is anything I can do in steps please tell me everything. I can't be doing one step this day and this step tomorrow....I need to get this fixed. I do appriciate your help please know. This is just killing me at getting work done!

I understand that is important for you, but note that your system is seriously infected. Follow the instructions and to keep me informed of the status of your system and this will help us more quickly to work.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[umshewa]

Thank you. Here is the ComboFix.txt file. Also, just to make sure, I still have some proxy thing automaticly starting with my browser. I'm using firefox. Just making sure you know this. Thank you again for your help!!

ComboFix 12-02-24.02 - Mike's Music 02/24/2012 12:36:14.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1529 [GMT -9:00]

Running from: c:\documents and settings\Mike's Music\My Documents\CW Musical\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

ADS - WINDOWS: deleted 72 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users.WINDOWS\Application Data\~zDyjS4nzjxmJwu

c:\documents and settings\All Users.WINDOWS\Application Data\~zDyjS4nzjxmJwur

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

c:\documents and settings\All Users.WINDOWS\Application Data\zDyjS4nzjxmJwu

c:\documents and settings\Charlie\Local Settings\Temporary Internet Files\fbk.sts

c:\documents and settings\Joe\g2mdlhlpx.exe

c:\documents and settings\Joe\WINDOWS

c:\documents and settings\Mike's Music\Application Data\EurekaLog

c:\documents and settings\Mike's Music\g2mdlhlpx.exe

c:\documents and settings\Mike's Music\GoToAssistDownloadHelper.exe

c:\documents and settings\Mike's Music\Start Menu\Programs\System Check

c:\documents and settings\Mike's Music\Start Menu\Programs\System Check\System Check.lnk

c:\documents and settings\Mike's Music\Start Menu\Programs\System Check\Uninstall System Check.lnk

c:\program files\iexplorer

c:\program files\iexplorer\AxInterop.QTOControlLib.dll

c:\program files\iexplorer\ICSharpCode.SharpZipLib.dll

c:\program files\iexplorer\iExplorer.exe

c:\program files\iexplorer\Interop.QTOControlLib.dll

c:\program files\iexplorer\Interop.QTOLibrary.dll

c:\program files\iexplorer\isxdl.dll

c:\program files\iexplorer\MPCrashReporter.dll

c:\program files\iexplorer\MPUpdater.dll

c:\program files\iexplorer\msvcr71.dll

c:\program files\iexplorer\PodPhone2.dll

c:\program files\iexplorer\unins000.dat

c:\program files\iexplorer\unins000.exe

c:\program files\iexplorer\unins000.msg

c:\program files\LP

c:\program files\LP\BC6C\16.tmp

c:\program files\LP\BC6C\17.tmp

c:\program files\LP\BC6C\18.tmp

c:\program files\WinPCap

c:\program files\WinPCap\LICENSE

c:\program files\WinPCap\rpcapd.exe

c:\program files\WinPCap\uninstall.exe

c:\windows\$NtUninstallKB54259$

c:\windows\$NtUninstallKB54259$\2474209116

c:\windows\$NtUninstallKB54259$\936043577\@

c:\windows\$NtUninstallKB54259$\936043577\cfg.ini

c:\windows\$NtUninstallKB54259$\936043577\Desktop.ini

c:\windows\$NtUninstallKB54259$\936043577\L\mwfklnci

c:\windows\$NtUninstallKB54259$\936043577\oemid

c:\windows\$NtUninstallKB54259$\936043577\U\00000001.@

c:\windows\$NtUninstallKB54259$\936043577\U\00000002.@

c:\windows\$NtUninstallKB54259$\936043577\U\00000004.@

c:\windows\$NtUninstallKB54259$\936043577\U\80000000.@

c:\windows\$NtUninstallKB54259$\936043577\U\80000004.@

c:\windows\$NtUninstallKB54259$\936043577\U\80000032.@

c:\windows\$NtUninstallKB54259$\936043577\version

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_6TO4

-------\Legacy_NETWORKLOG

-------\Service_6to4

.

.

((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))

.

.

2012-02-21 22:04 . 2012-02-21 22:04 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY.000\UserData

2012-02-21 21:52 . 2012-02-24 00:46 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-02-21 20:46 . 2012-02-21 20:46 -------- d-----w- c:\program files\747F1

2012-02-21 20:45 . 2012-02-22 21:42 -------- d-----w- c:\documents and settings\Mike's Music\Application Data\C4B74

2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\program files\eBay

2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\eBay

2012-02-16 00:24 . 2012-02-16 00:24 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Citrix

2012-02-15 22:47 . 2012-02-15 22:47 -------- d-----w- c:\program files\Audible

2012-02-08 23:48 . 2012-02-08 23:48 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Intuit

2012-02-08 23:35 . 2012-02-08 23:35 -------- d-----w- c:\documents and settings\Mike's Music\Application Data\Intuit

2012-02-08 23:34 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\IsolatedStorage

2012-02-08 23:33 . 2012-02-08 23:34 -------- d-----w- c:\program files\Common Files\Intuit

2012-02-08 23:31 . 2012-02-08 23:31 -------- d-----w- c:\program files\TurboTax

2012-02-08 23:30 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Intuit

2012-02-04 00:36 . 2012-02-04 00:36 49152 ----a-r- c:\windows\system32\inetwh32.dll

2012-02-04 00:36 . 2012-02-04 00:36 1044480 ----a-r- c:\windows\system32\roboex32.dll

2012-02-02 22:27 . 2012-02-02 23:41 -------- d-----w- C:\Pinger

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-07 20:51 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-02-07 20:51 . 2010-03-05 01:27 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-02-07 20:51 . 2010-03-05 01:27 30592 ----a-w- c:\windows\system32\LMIport.dll

2012-02-07 20:51 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll

2012-01-25 23:38 . 2012-01-25 23:38 10 ----a-w- c:\windows\Fonts\wfonts.key

2011-12-15 21:02 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-12-15 21:02 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-12-11 00:24 . 2010-03-19 02:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll

2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll

2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll

2012-02-18 22:03 . 2011-05-09 20:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-17 4763256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-31 7634944]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-31 86016]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]

"SetDefPrt"="c:\program files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-27 49152]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2008-05-24 1011712]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-22 273544]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]

.

c:\documents and settings\Mike's Music\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-02-07 20:51 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PGPtray.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PGPtray.lnk

backup=c:\windows\pss\PGPtray.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-04 03:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-02-02 21:18 136176 ----atw- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-10-31 06:35 1622016 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 20:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-07-06 01:08 16380416 ----a-w- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-10-13 18:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2007-06-16 01:45 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Aji Reader Service\\ARService.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Paros\\IEEmbed.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Documents and Settings\\Mike's Music\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2010 4:04 PM 136360]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 8:13 AM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]

R2 M4-Service;M4-Service;c:\documents and settings\Mike's Music\Application Data\Mikogo 4\M4-Service.exe [8/3/2011 11:40 PM 1003888]

R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [4/1/2010 9:36 AM 6656]

S0 dfym;dfym;c:\windows\system32\drivers\wlurfrtl.sys --> c:\windows\system32\drivers\wlurfrtl.sys [?]

S0 jndx;jndx;c:\windows\system32\drivers\xakx.sys --> c:\windows\system32\drivers\xakx.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

Rasman

mcmscsvc

GoToAssist

mctskshd.exe

w300bus

DCFS2K

a016obex

lxce_device

winvnc4

BCMModem

se58nd5

viaagp

protectionservice

nisum

bdftdif

digirefresh

rapapp

mcproxy

tdimsys

smstsmgr

RSAFAL

quickhealfirewall

Mtlmnt5

mscsptisrv

iolo_srv

s117mdfl

GTF32BUS

Atmuni

emAudio

LwUsbHid

govsrv

dlcj_device

symredrv

PCDRSRVC

Ktp

U2SP

ISODrive

s217obex

ventrilo

slpmonx

rtl8023

avidstartup

smartscaps

WscNetDr

NETMDUSB

epoxusdm

tossmbnt

alcaudsl

iaimtv1

admservice

tvtnetwk

avgtdi

upsentry_smart

ctmmfilt

roxmediadb

roxliveshare

w550bus

GV600_4

VHidMinidrv

PSI_SVC_2

SISNICXP

s616unic

defwatch

mssql$microsoftsmlbiz

M2500

rdnaoflsvc

stylexphelper

npapimon

gearsecurity

PCTINDIS5

ca-messagequeuing

atitunep

sit_mdm

se2Bnd5

tomcatcws3

clmtomcatstartersvc

nipxirmu

motoswitchservice

SaiNtSub

symappcore

iaimfp2

vmnetdhcp

cmdmon

btserial

slimsvc

R300

k750bus

VNUSB

IFPUSB

oraclexeclragent

om518p

penrendezvous

PEVSystemStart

fasttrackinstallerservice

vmsprog

WacomVKHid

SANDRA

VAIOMediaPlatform-MusicServer-HTTP

dlaboiom

aswlsvc

besclient

zmxpzip

atimtag

NETw3x32

NVR0Dev

s716nd5

ipassconnectengine

twotrack

qbfcservice

dm1service

hpzius12

hpt3xx

snare

iaimfp0

wintabservice

db2das00

vwd

LEX_AS_NIC_SERVICE_YNOS

symantecantibotagent

athr

CTEDSPIO.DLL

vncdrv

ihcservice

portio

smapint

LXARScan

npkcusb

sonypvs1

vpcusb

sonicwall_netextender

elnkupdateservice

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

TermService

wuauserv

BITS

ShellHWDetection

helpsvc

xmlprov

wscsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-17 c:\windows\Tasks\AIMsi backup.job

- c:\windows\system32\ntbackup.exe [2003-07-16 14:42]

.

2011-05-10 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-12-02 23:47]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11]

.

2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003Core.job

- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003UA.job

- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18]

.

2012-02-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1035525444-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47]

.

2012-02-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1035525444-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=AVBR

uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files\iExplorer\unins000.exe

AddRemove-313212019.www1.movie-promo.com - c:\program files\Microsoft Silverlight\4.0.60129.0\Silverlight.Configuration.exe

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Mike's Music\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-24 12:54

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-583907252-1035525444-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A20EFFE-A0CB-5B69-CEAE-6BC814877705}*]

"iafhmchhlnhjjbpmka"=hex:63,61,64,6a,6d,68,00,7c

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(668)

c:\windows\system32\LMIinit.dll

.

- - - - - - - > 'explorer.exe'(2388)

c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll

c:\windows\system32\LMIRfsClientNP.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\progra~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\progra~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

c:\windows\System32\nvsvc32.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

c:\documents and settings\Mike's Music\Application Data\Mikogo 4\M4-Capture.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-02-24 12:59:30 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-24 21:59

.

Pre-Run: 14,157,324,288 bytes free

Post-Run: 15,050,653,696 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

- - End Of File - - AFFF1B782AFE03703F3CEEC458AE9D2A

[Maniac]

Step 1

Open notepad and copy and paste next present in the quotebox below in it (don't forget to copy and paste REGEDIT4):

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
  76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
  65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
  00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
  62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
  49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
  57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
  6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
  61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
  52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
  75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
  63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
  68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
  56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
  73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
  6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
  57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this:

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Finally, reboot your PC.

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\inetwh32.dll
c:\windows\system32\roboex32.dll

Folder::
c:\program files\747F1
c:\documents and settings\Mike's Music\Application Data\C4B74

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[umshewa]

Here you go....

ComboFix 12-02-24.02 - Mike's Music 02/25/2012 12:13:04.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1466 [GMT -9:00]

Running from: c:\documents and settings\Mike's Music\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mike's Music\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

FILE ::

"c:\windows\system32\inetwh32.dll"

"c:\windows\system32\roboex32.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Mike's Music\Application Data\C4B74

c:\documents and settings\Mike's Music\Application Data\C4B74\47F1.4B7

c:\documents and settings\Mike's Music\Desktop\System Check.lnk

c:\program files\747F1

C:\Thumbs.db

c:\windows\system32\inetwh32.dll

c:\windows\system32\roboex32.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))

.

.

2012-02-21 22:04 . 2012-02-21 22:04 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY.000\UserData

2012-02-21 21:52 . 2012-02-24 00:46 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\program files\eBay

2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\eBay

2012-02-16 00:24 . 2012-02-16 00:24 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Citrix

2012-02-15 22:47 . 2012-02-15 22:47 -------- d-----w- c:\program files\Audible

2012-02-08 23:48 . 2012-02-08 23:48 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Intuit

2012-02-08 23:35 . 2012-02-08 23:35 -------- d-----w- c:\documents and settings\Mike's Music\Application Data\Intuit

2012-02-08 23:34 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\IsolatedStorage

2012-02-08 23:33 . 2012-02-08 23:34 -------- d-----w- c:\program files\Common Files\Intuit

2012-02-08 23:31 . 2012-02-08 23:31 -------- d-----w- c:\program files\TurboTax

2012-02-08 23:30 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Intuit

2012-02-02 22:27 . 2012-02-02 23:41 -------- d-----w- C:\Pinger

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-07 20:51 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-02-07 20:51 . 2010-03-05 01:27 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-02-07 20:51 . 2010-03-05 01:27 30592 ----a-w- c:\windows\system32\LMIport.dll

2012-02-07 20:51 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll

2012-01-25 23:38 . 2012-01-25 23:38 10 ----a-w- c:\windows\Fonts\wfonts.key

2011-12-15 21:02 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-12-15 21:02 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-12-11 00:24 . 2010-03-19 02:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll

2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll

2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll

2012-02-18 22:03 . 2011-05-09 20:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-24_21.54.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-25 21:09 . 2012-02-25 21:09 16384 c:\windows\Temp\Perflib_Perfdata_148.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-17 4763256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-31 7634944]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-31 86016]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]

"SetDefPrt"="c:\program files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-27 49152]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2008-05-24 1011712]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-22 273544]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]

.

c:\documents and settings\Mike's Music\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-02-07 20:51 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PGPtray.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PGPtray.lnk

backup=c:\windows\pss\PGPtray.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-04 03:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-02-02 21:18 136176 ----atw- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-10-31 06:35 1622016 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 20:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-07-06 01:08 16380416 ----a-w- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-10-13 18:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2007-06-16 01:45 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Aji Reader Service\\ARService.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Paros\\IEEmbed.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Documents and Settings\\Mike's Music\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2010 4:04 PM 136360]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 8:13 AM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]

R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [4/1/2010 9:36 AM 6656]

S0 dfym;dfym;c:\windows\system32\drivers\wlurfrtl.sys --> c:\windows\system32\drivers\wlurfrtl.sys [?]

S0 jndx;jndx;c:\windows\system32\drivers\xakx.sys --> c:\windows\system32\drivers\xakx.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176]

S2 M4-Service;M4-Service;c:\documents and settings\Mike's Music\Application Data\Mikogo 4\M4-Service.exe [8/3/2011 11:40 PM 1003888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-17 c:\windows\Tasks\AIMsi backup.job

- c:\windows\system32\ntbackup.exe [2003-07-16 14:42]

.

2011-05-10 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-12-02 23:47]

.

2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11]

.

2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003Core.job

- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18]

.

2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003UA.job

- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18]

.

2012-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1035525444-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47]

.

2012-02-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1035525444-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=AVBR

uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.0.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-25 12:22

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-583907252-1035525444-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A20EFFE-A0CB-5B69-CEAE-6BC814877705}*]

"iafhmchhlnhjjbpmka"=hex:63,61,64,6a,6d,68,00,7c

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(664)

c:\windows\system32\LMIinit.dll

.

Completion time: 2012-02-25 12:23:44

ComboFix-quarantined-files.txt 2012-02-25 21:23

ComboFix2.txt 2012-02-24 21:59

.

Pre-Run: 15,054,090,240 bytes free

Post-Run: 15,035,129,856 bytes free

.

- - End Of File - - 7B31C22F5A425990686BE54AD21C2465

[Maniac]

Very good!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[umshewa]

Hope this all makes sense. Thanks again for the help!!

# utc_time=2012-02-27 10:29:03

# local_time=2012-02-27 01:29:03 (-0900, Alaskan Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1026 16777214 0 100 63170875 96329597 0 0

# compatibility_mode=1797 16775145 100 94 261467 95736367 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=165822

# found=40

# cleaned=39

# scan_time=4767

C:\Documents and Settings\Joe\Desktop\jZipV1c.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Mike's Music\My Documents\cnet_DBFWonder1_3StandardSetup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0114164.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0118180.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0118192.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0118207.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0119206.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0119226.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0121235.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126242.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126248.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126249.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126250.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126251.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126252.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126253.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126254.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126255.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126256.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126257.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126258.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126259.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126260.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126261.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126262.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126263.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126264.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126265.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126266.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126267.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126268.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126269.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126270.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126271.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126272.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP560\A0126275.sys a variant of Win32/Rootkit.Kryptik.JM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{0F953BAA-2560-4C1E-99B9-E61D5C0F6015}\RP562\A0137528.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{CB23DD1B-4F0E-46B1-A565-B8C402183FD5}\RP67\A0027123.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{CB23DD1B-4F0E-46B1-A565-B8C402183FD5}\RP67\A0028144.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\redbook.sys a variant of Win32/Rootkit.Kryptik.JM trojan (unable to clean) 00000000000000000000000000000000 I

[Maniac]

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• 
  
• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  *redbook*

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

[umshewa]

Here's the next thing...thanks!!!

SystemLook 30.07.11 by jpshortstuff

Log created at 11:49 on 28/02/2012 by Mike's Music

Administrator - Elevation successful

========== filefind ==========

Searching for "*redbook*"

C:\WINDOWS\$NtServicePackUninstall$\redbook.sys -----c- 57472 bytes [00:25 05/03/2010] [07:59 04/08/2004] B31B4588E4086D8D84ADBF9845C2402B

C:\WINDOWS\ServicePackFiles\i386\redbook.sys -----c- 57600 bytes [00:03 05/03/2010] [09:10 14/04/2008] F828DD7E1419B6653894A8F97A0094C5

C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\backup\redbook.sys -----c- 56576 bytes [23:10 01/03/2010] [01:27 29/08/2002] AB56D6ED4E86D2B6F819A24A070F35F7

C:\WINDOWS\system32\dllcache\redbook.sys --a--c- 57600 bytes [20:03 26/02/2010] [09:10 14/04/2008] F828DD7E1419B6653894A8F97A0094C5

C:\WINDOWS\system32\drivers\redbook.sys --a---- 57600 bytes [20:03 26/02/2010] [09:10 14/04/2008] (Unable to calculate MD5)

-= EOF =-

[Maniac]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
C:\WINDOWS\ServicePackFiles\i386\redbook.sys | C:\WINDOWS\system32\drivers\redbook.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[umshewa]

ComboFix 12-02-24.02 - Mike's Music 02/28/2012 14:36:42.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1463 [GMT -9:00]

Running from: c:\documents and settings\Mike's Music\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mike's Music\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\redbook.sys --> c:\windows\system32\drivers\redbook.sys

.

((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))

.

.

2012-02-27 21:01 . 2012-02-27 21:01 -------- d-----w- c:\program files\ESET

2012-02-21 22:04 . 2012-02-21 22:04 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY.000\UserData

2012-02-21 21:52 . 2012-02-24 00:46 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\program files\eBay

2012-02-21 01:34 . 2012-02-21 01:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\eBay

2012-02-16 00:24 . 2012-02-16 00:24 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Citrix

2012-02-15 22:47 . 2012-02-15 22:47 -------- d-----w- c:\program files\Audible

2012-02-08 23:48 . 2012-02-08 23:48 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\Intuit

2012-02-08 23:35 . 2012-02-08 23:35 -------- d-----w- c:\documents and settings\Mike's Music\Application Data\Intuit

2012-02-08 23:34 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\Mike's Music\Local Settings\Application Data\IsolatedStorage

2012-02-08 23:33 . 2012-02-08 23:34 -------- d-----w- c:\program files\Common Files\Intuit

2012-02-08 23:31 . 2012-02-08 23:31 -------- d-----w- c:\program files\TurboTax

2012-02-08 23:30 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Intuit

2012-02-02 22:27 . 2012-02-02 23:41 -------- d-----w- C:\Pinger

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-07 20:51 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-02-07 20:51 . 2010-03-05 01:27 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-02-07 20:51 . 2010-03-05 01:27 30592 ----a-w- c:\windows\system32\LMIport.dll

2012-02-07 20:51 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll

2012-01-25 23:38 . 2012-01-25 23:38 10 ----a-w- c:\windows\Fonts\wfonts.key

2011-12-15 21:02 . 2010-03-05 01:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-12-15 21:02 . 2010-03-05 01:27 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-12-11 00:24 . 2010-03-19 02:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll

2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2009-09-04 03:37 . 2009-09-04 03:37 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll

2010-04-08 20:36 . 2010-04-08 20:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll

2012-02-18 22:03 . 2011-05-09 20:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-24_21.54.13 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-02-28 23:46 . 2012-02-28 23:46 16384 c:\windows\temp\Perflib_Perfdata_cc.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2010-12-17 4763256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-31 7634944]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-31 86016]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]

"SetDefPrt"="c:\program files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-27 49152]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2008-05-24 1011712]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-22 273544]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]

.

c:\documents and settings\Mike's Music\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-02-07 20:51 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^PGPtray.lnk]

path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\PGPtray.lnk

backup=c:\windows\pss\PGPtray.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-04 03:43 69632 ----a-w- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-02-02 21:18 136176 ----atw- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-10-31 06:35 1622016 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 20:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-07-06 01:08 16380416 ----a-w- c:\windows\RTHDCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-10-13 18:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2007-06-16 01:45 1826816 ----a-w- c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

"c:\\Program Files\\Aji Reader Service\\ARService.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\CoffeeCup Software\\Free FTP\\FreeFTP.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Paros\\IEEmbed.exe"=

"c:\\WINDOWS\\system32\\javaw.exe"=

"c:\\Documents and Settings\\Mike's Music\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2010 4:04 PM 136360]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 8:13 AM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]

R2 M4-Service;M4-Service;c:\documents and settings\Mike's Music\Application Data\Mikogo 4\M4-Service.exe [8/3/2011 11:40 PM 1003888]

R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [4/1/2010 9:36 AM 6656]

S0 dfym;dfym;c:\windows\system32\drivers\wlurfrtl.sys --> c:\windows\system32\drivers\wlurfrtl.sys [?]

S0 jndx;jndx;c:\windows\system32\drivers\xakx.sys --> c:\windows\system32\drivers\xakx.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2011 2:11 PM 136176]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-17 c:\windows\Tasks\AIMsi backup.job

- c:\windows\system32\ntbackup.exe [2003-07-16 14:42]

.

2011-05-10 c:\windows\Tasks\expressburnShakeIcon.job

- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-12-02 23:47]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-27 23:11]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003Core.job

- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-1035525444-1801674531-1003UA.job

- c:\documents and settings\Mike's Music\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-02 21:18]

.

2012-02-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1035525444-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47]

.

2012-02-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1035525444-1801674531-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 18:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/?pc=AVBR

uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.0.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-28 14:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-583907252-1035525444-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4A20EFFE-A0CB-5B69-CEAE-6BC814877705}*]

"iafhmchhlnhjjbpmka"=hex:63,61,64,6a,6d,68,00,7c

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(668)

c:\windows\system32\LMIinit.dll

.

- - - - - - - > 'explorer.exe'(2864)

c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\progra~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\progra~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

c:\windows\System32\nvsvc32.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\progra~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

c:\documents and settings\Mike's Music\Application Data\Mikogo 4\M4-Capture.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-02-28 14:51:55 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-28 23:51

ComboFix2.txt 2012-02-25 21:23

ComboFix3.txt 2012-02-24 21:59

.

Pre-Run: 14,871,916,544 bytes free

Post-Run: 14,852,595,712 bytes free

.

- - End Of File - - F721476593EC94E19E57B101FF10B564

[Maniac]

How are things now?

[umshewa]

They seem much better....I would like to fix my proxy problem. Each time I open Firefox it puts me on a proxy of 127.0.0.1 and port 52061. I would like it to stop this. I think it is doing it in Opera too. Can you help me with that? Thanks for everything so far!! This was amazing!!!

[umshewa]

I did just get this notification on my antivirus.

[umshewa]

The picture didn't paste...sorry....

virus.bmp

[umshewa]

I fixed the firefox problem...thank

[Maniac]

Do you still need help?

[umshewa]

I think most things are solved. I'll open a new case if needed...Thank you!!