Jump to content

Google redirect and other issues


Miraluka

Recommended Posts

Looking around this forum, this seems to be a pretty common issue. A couple days ago I picked something up on my laptop (running Windows XP). Whatever it is redirects my Google search results. It also seems to be causing something call Generic Hot Process for Win32 to crash randomly, which shuts off the sound on my computer until I restart it. Also, I've had difficulty connecting with the internet, which a restart also usually fixes.

I followed the instructions, but was unable to get the GMER Rootkit Scanner to work after four tries. It froze twice and crashed my computer the other two times.

Here's the rest of the information. Let me know if I've left something out and thanks in advance for the help.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4673

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

9/22/2010 5:21:36 PM

mbam-log-2010-09-22 (17-21-36).txt

Scan type: Quick scan

Objects scanned: 143679

Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

----------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86

Run by Andrew at 18:37:38.43 on Wed 09/22/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2530 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\OEM02Mon.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Palm\Hotsync.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Andrew\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071106

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071106

uSearch Bar = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.dell.com

mDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = hxxp://us.slingmedia.com/page/downloads.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100922001126.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"

uRun: [Tunebite] c:\program files\rapidsolution\tunebite\Tunebite.exe -tray

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [EPSON NX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifca.exe /fu "c:\windows\temp\E_S9E.tmp" /EF "HKCU"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [Mouse Suite 98 Daemon] ICO.EXE

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe

IE: &Search - ?p=ZKfox000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\24h49aqu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.berlingske.dk/|http://www.google.com/ig

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\andrew\application data\move networks\plugins\npqmp071504000001.dll

FF - plugin: c:\documents and settings\andrew\application data\mozilla\firefox\profiles\24h49aqu.default\extensions\activegs@freetoolsassociation.com\platform\winnt_x86-msvc\plugins\npActiveGS.dll

FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 386712]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-25 84072]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-25 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-25 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-25 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 55840]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 152992]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 52104]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 312904]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 88544]

S2 gupdate1c9ee298b8ca355;Google Update Service (gupdate1c9ee298b8ca355);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]

S2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\slingagentservice.exe --> c:\program files\sling media\slingagent\SlingAgentService.exe [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 84264]

=============== Created Last 30 ================

2010-09-22 23:26:48 0 ----a-w- c:\documents and settings\andrew\defogger_reenable

2010-09-22 13:21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-22 13:21:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-22 13:21:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-22 12:08:22 0 d-----w- c:\docume~1\andrew\applic~1\Malwarebytes

2010-09-22 12:08:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-09-13 05:40:58 261480 ----a-w- c:\windows\system32\xactengine2_7.dll

2010-09-13 05:40:53 255848 ----a-w- c:\windows\system32\xactengine2_6.dll

2010-09-13 05:40:52 251672 ----a-w- c:\windows\system32\xactengine2_5.dll

2010-09-13 05:40:51 237848 ----a-w- c:\windows\system32\xactengine2_4.dll

2010-09-13 05:40:51 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll

2010-09-02 06:12:50 0 d-----w- c:\program files\iPod

2010-09-02 06:12:48 0 d-----w- c:\program files\iTunes

2010-08-31 12:58:32 0 d-----w- c:\program files\eRightSoft

2010-08-26 03:38:51 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-08-26 03:38:40 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2010-08-26 03:38:39 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-08-26 03:38:39 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2010-08-26 03:38:39 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-08-26 03:38:39 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-08-26 03:38:39 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-08-26 03:38:39 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-08-26 03:38:39 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-08-26 03:38:39 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

==================== Find3M ====================

2010-09-22 15:24:33 56344 ----a-w- c:\docume~1\andrew\applic~1\wklnhst.dat

2010-09-20 16:41:45 79950 ----a-w- c:\windows\system32\nvModes.dat

2010-09-12 13:32:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 18:38:05.20 ===============

Attach.zip

Link to post
Share on other sites

Welcome to the forum.

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:

Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

--------------------------

Next:

Download ComboFix from one of these locations:

Link 1

Link 2

ComboFix Guide <---please read!

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE<--------
    They may interfere with the running of ComboFix.
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please let me know.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

5.Give it atleast 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

Here are the requested logs:

2010/09/23 20:47:09.0000 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/23 20:47:09.0000 ================================================================================

2010/09/23 20:47:09.0000 SystemInfo:

2010/09/23 20:47:09.0000

2010/09/23 20:47:09.0000 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/23 20:47:09.0000 Product type: Workstation

2010/09/23 20:47:09.0000 ComputerName: SKAT

2010/09/23 20:47:09.0000 UserName: Andrew

2010/09/23 20:47:09.0000 Windows directory: C:\WINDOWS

2010/09/23 20:47:09.0000 System windows directory: C:\WINDOWS

2010/09/23 20:47:09.0000 Processor architecture: Intel x86

2010/09/23 20:47:09.0000 Number of processors: 2

2010/09/23 20:47:09.0000 Page size: 0x1000

2010/09/23 20:47:09.0000 Boot type: Normal boot

2010/09/23 20:47:09.0000 ================================================================================

2010/09/23 20:47:09.0328 Initialize success

2010/09/23 20:47:34.0343 ================================================================================

2010/09/23 20:47:34.0343 Scan started

2010/09/23 20:47:34.0343 Mode: Manual;

2010/09/23 20:47:34.0343 ================================================================================

2010/09/23 20:47:35.0156 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/09/23 20:47:35.0234 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/23 20:47:35.0281 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/23 20:47:35.0328 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/09/23 20:47:35.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/23 20:47:35.0453 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/23 20:47:35.0531 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/09/23 20:47:35.0562 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/09/23 20:47:35.0593 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/09/23 20:47:35.0671 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/09/23 20:47:35.0703 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/09/23 20:47:35.0765 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/09/23 20:47:35.0781 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/09/23 20:47:35.0843 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/09/23 20:47:35.0875 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/09/23 20:47:35.0921 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2010/09/23 20:47:36.0000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/09/23 20:47:36.0062 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/09/23 20:47:36.0093 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/09/23 20:47:36.0125 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/09/23 20:47:36.0187 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/23 20:47:36.0250 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/23 20:47:36.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/23 20:47:36.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/23 20:47:36.0468 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2010/09/23 20:47:36.0531 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

2010/09/23 20:47:36.0562 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/23 20:47:36.0656 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys

2010/09/23 20:47:36.0734 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys

2010/09/23 20:47:36.0828 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2010/09/23 20:47:36.0906 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2010/09/23 20:47:36.0937 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys

2010/09/23 20:47:36.0968 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys

2010/09/23 20:47:37.0000 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/09/23 20:47:37.0015 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/23 20:47:37.0062 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/09/23 20:47:37.0125 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/09/23 20:47:37.0171 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/23 20:47:37.0250 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/23 20:47:37.0281 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/23 20:47:37.0343 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys

2010/09/23 20:47:37.0437 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/09/23 20:47:37.0453 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/09/23 20:47:37.0500 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/09/23 20:47:37.0546 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/09/23 20:47:37.0593 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/09/23 20:47:37.0671 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/09/23 20:47:37.0734 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/23 20:47:37.0796 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

2010/09/23 20:47:37.0812 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2010/09/23 20:47:37.0828 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2010/09/23 20:47:37.0859 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS

2010/09/23 20:47:37.0890 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2010/09/23 20:47:37.0906 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2010/09/23 20:47:37.0921 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2010/09/23 20:47:38.0015 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2010/09/23 20:47:38.0046 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2010/09/23 20:47:38.0062 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2010/09/23 20:47:38.0156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/23 20:47:38.0218 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/23 20:47:38.0250 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/23 20:47:38.0312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/23 20:47:38.0375 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/09/23 20:47:38.0421 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/23 20:47:38.0484 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2010/09/23 20:47:38.0515 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2010/09/23 20:47:38.0671 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

2010/09/23 20:47:38.0765 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

2010/09/23 20:47:38.0828 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys

2010/09/23 20:47:38.0890 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/09/23 20:47:39.0000 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/23 20:47:39.0062 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/23 20:47:39.0109 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/23 20:47:39.0171 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/23 20:47:39.0203 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/23 20:47:39.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/23 20:47:39.0281 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/23 20:47:39.0343 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/09/23 20:47:39.0421 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/23 20:47:39.0500 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/09/23 20:47:39.0562 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/23 20:47:39.0656 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/09/23 20:47:39.0718 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2010/09/23 20:47:39.0781 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/09/23 20:47:39.0890 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/23 20:47:39.0968 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/09/23 20:47:40.0015 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/09/23 20:47:40.0062 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/23 20:47:40.0093 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys

2010/09/23 20:47:40.0140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/23 20:47:40.0203 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/09/23 20:47:40.0250 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/09/23 20:47:40.0312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/23 20:47:40.0359 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/23 20:47:40.0390 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/23 20:47:40.0406 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/23 20:47:40.0500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/23 20:47:40.0546 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/23 20:47:40.0593 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/23 20:47:40.0656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/23 20:47:40.0687 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/23 20:47:40.0718 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/23 20:47:40.0765 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/23 20:47:40.0906 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/09/23 20:47:40.0968 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys

2010/09/23 20:47:41.0031 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys

2010/09/23 20:47:41.0093 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys

2010/09/23 20:47:41.0140 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys

2010/09/23 20:47:41.0187 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys

2010/09/23 20:47:41.0234 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2010/09/23 20:47:41.0250 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2010/09/23 20:47:41.0312 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys

2010/09/23 20:47:41.0359 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys

2010/09/23 20:47:41.0390 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/23 20:47:41.0453 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/23 20:47:41.0531 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/23 20:47:41.0593 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/23 20:47:41.0640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/23 20:47:41.0687 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/09/23 20:47:41.0765 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/23 20:47:41.0843 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/23 20:47:41.0906 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/23 20:47:41.0968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/23 20:47:41.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/23 20:47:42.0015 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/23 20:47:42.0078 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/23 20:47:42.0093 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/09/23 20:47:42.0125 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/23 20:47:42.0171 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys

2010/09/23 20:47:42.0203 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/09/23 20:47:42.0265 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/23 20:47:42.0312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/09/23 20:47:42.0375 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/23 20:47:42.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/23 20:47:42.0421 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/23 20:47:42.0453 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/23 20:47:42.0468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/23 20:47:42.0546 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/23 20:47:42.0593 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/09/23 20:47:42.0625 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/23 20:47:42.0671 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/23 20:47:42.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/23 20:47:43.0046 nv (e531eaa795a273fc70c9de3f195069c8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/09/23 20:47:43.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/23 20:47:43.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/23 20:47:43.0421 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys

2010/09/23 20:47:43.0437 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys

2010/09/23 20:47:43.0515 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/09/23 20:47:43.0578 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2010/09/23 20:47:43.0687 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/23 20:47:43.0734 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/23 20:47:43.0781 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/23 20:47:43.0812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/23 20:47:43.0843 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/23 20:47:43.0906 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/23 20:47:44.0031 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/09/23 20:47:44.0062 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/09/23 20:47:44.0140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/23 20:47:44.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/23 20:47:44.0203 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/23 20:47:44.0250 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/09/23 20:47:44.0281 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/09/23 20:47:44.0312 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/09/23 20:47:44.0343 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/09/23 20:47:44.0359 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/09/23 20:47:44.0390 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/09/23 20:47:44.0437 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/23 20:47:44.0500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/23 20:47:44.0531 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/23 20:47:44.0593 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/23 20:47:44.0687 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/23 20:47:44.0718 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/23 20:47:44.0796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/09/23 20:47:44.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/23 20:47:44.0906 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/23 20:47:44.0984 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

2010/09/23 20:47:45.0031 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

2010/09/23 20:47:45.0046 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

2010/09/23 20:47:45.0156 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/09/23 20:47:45.0250 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/23 20:47:45.0312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/23 20:47:45.0359 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/23 20:47:45.0406 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/23 20:47:45.0500 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/09/23 20:47:45.0546 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/09/23 20:47:45.0593 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/09/23 20:47:45.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/23 20:47:45.0734 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/23 20:47:45.0781 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/23 20:47:45.0906 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys

2010/09/23 20:47:46.0000 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/09/23 20:47:46.0078 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/23 20:47:46.0109 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/23 20:47:46.0187 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/09/23 20:47:46.0203 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/09/23 20:47:46.0218 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/09/23 20:47:46.0250 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/09/23 20:47:46.0312 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/09/23 20:47:46.0375 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/23 20:47:46.0437 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\WINDOWS\system32\drivers\tbhsd.sys

2010/09/23 20:47:46.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/23 20:47:46.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/23 20:47:46.0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/23 20:47:46.0703 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/23 20:47:46.0765 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/09/23 20:47:46.0796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/23 20:47:46.0828 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/09/23 20:47:46.0859 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/23 20:47:46.0968 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/09/23 20:47:47.0031 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/23 20:47:47.0093 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/23 20:47:47.0125 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/23 20:47:47.0187 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/09/23 20:47:47.0218 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/09/23 20:47:47.0281 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/23 20:47:47.0296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/23 20:47:47.0359 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/09/23 20:47:47.0406 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/23 20:47:47.0468 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/09/23 20:47:47.0500 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/09/23 20:47:47.0531 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/23 20:47:47.0625 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/23 20:47:47.0687 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/23 20:47:47.0781 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/09/23 20:47:47.0906 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/09/23 20:47:47.0968 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/09/23 20:47:48.0000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/09/23 20:47:48.0062 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/23 20:47:48.0093 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/23 20:47:48.0156 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/09/23 20:47:48.0156 ================================================================================

2010/09/23 20:47:48.0156 Scan finished

2010/09/23 20:47:48.0156 ================================================================================

2010/09/23 20:47:48.0171 Detected object count: 1

2010/09/23 20:48:03.0640 \HardDisk0\MBR - will be cured after reboot

2010/09/23 20:48:03.0640 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/09/23 20:48:07.0859 Deinitialize success

***************************************************************

ComboFix 10-09-23.01 - Andrew 09/23/2010 21:12:03.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2557 [GMT -5:00]

Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\VCREDI~3.EXE

c:\windows\system32\spool\prtprocs\w32x86\CNMPD8O.DLL

c:\windows\system32\spool\prtprocs\w32x86\CNMPP8O.DLL

.

((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))

.

2010-09-23 04:12 . 2010-09-23 04:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-09-22 13:21 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-22 13:21 . 2010-09-22 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-22 13:21 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-22 12:08 . 2010-09-22 12:08 -------- d-----w- c:\documents and settings\Andrew\Application Data\Malwarebytes

2010-09-22 12:08 . 2010-09-22 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-22 02:11 . 2010-09-22 02:11 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-09-21 10:51 . 2010-09-21 12:08 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Unity

2010-09-14 21:52 . 2010-09-14 21:51 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll

2010-09-14 21:52 . 2010-09-14 21:52 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-09-14 21:52 . 2010-09-14 21:52 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-09-13 05:43 . 2010-09-13 05:43 -------- d--h--r- c:\documents and settings\Andrew\Application Data\SecuROM

2010-09-13 05:40 . 2007-04-04 23:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll

2010-09-13 05:40 . 2007-01-24 20:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll

2010-09-13 05:40 . 2006-12-08 17:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll

2010-09-13 05:40 . 2007-03-05 17:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll

2010-09-13 05:40 . 2006-09-28 21:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll

2010-09-13 05:04 . 2010-09-13 06:54 -------- d-----w- c:\program files\7-Zip

2010-09-02 06:12 . 2010-09-02 06:12 -------- d-----w- c:\program files\iPod

2010-09-02 06:12 . 2010-09-02 06:13 -------- d-----w- c:\program files\iTunes

2010-09-02 06:05 . 2010-09-02 06:05 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 02:38 . 2010-07-09 14:26 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe

2010-09-01 02:38 . 2010-07-02 14:25 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll

2010-09-01 02:38 . 2010-07-02 14:25 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll

2010-09-01 02:37 . 2010-08-17 18:10 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe

2010-08-31 12:58 . 2010-08-31 12:58 -------- d-----w- c:\program files\eRightSoft

2010-08-26 03:38 . 2010-08-24 19:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-08-26 03:38 . 2010-08-24 19:57 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2010-08-26 03:38 . 2010-08-24 19:57 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-08-26 03:38 . 2010-08-24 19:57 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2010-08-26 03:38 . 2010-08-24 19:57 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-08-26 03:38 . 2010-08-24 19:57 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-08-26 03:38 . 2010-08-24 19:57 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-08-26 03:38 . 2010-08-24 19:57 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-08-26 03:38 . 2010-08-24 19:57 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-08-26 03:38 . 2010-08-24 19:57 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-23 08:50 . 2007-12-05 05:46 77 -c--a-w- c:\windows\popcinfot.dat

2010-09-23 08:50 . 2007-12-05 05:46 204 -c-h--w- c:\windows\popcreg.dat

2010-09-23 04:12 . 2008-02-27 18:56 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-22 15:24 . 2007-12-04 18:38 56344 ----a-w- c:\documents and settings\Andrew\Application Data\wklnhst.dat

2010-09-20 16:41 . 2007-11-06 19:29 79950 ----a-w- c:\windows\system32\nvModes.dat

2010-09-14 21:52 . 2010-05-08 14:30 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-09-14 21:52 . 2010-05-08 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-09-14 21:52 . 2007-12-05 06:23 -------- d-----w- c:\program files\DivX

2010-09-14 21:51 . 2010-06-22 09:03 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-09-14 21:51 . 2010-05-08 14:30 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-09-14 21:51 . 2010-05-08 14:30 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-09-13 05:34 . 2010-05-16 04:41 -------- d-----w- c:\program files\LucasArts

2010-09-12 14:08 . 2007-12-05 05:46 -------- d-----w- c:\program files\PopCap Games

2010-09-12 14:03 . 2007-11-06 19:44 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-12 13:32 . 2008-09-04 02:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-09-04 07:16 . 2007-11-06 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell

2010-09-02 06:12 . 2007-12-04 18:01 -------- d-----w- c:\program files\Common Files\Apple

2010-08-31 03:22 . 2008-08-24 01:10 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-28 16:14 . 2007-11-06 19:55 -------- d-----w- c:\program files\McAfee.com

2010-08-28 03:03 . 2007-12-05 04:10 -------- d-----w- c:\program files\Family Tree Maker 16

2010-08-27 03:44 . 2007-11-06 19:54 -------- d-----w- c:\program files\McAfee

2010-08-27 03:44 . 2007-11-06 19:55 -------- d-----w- c:\program files\Common Files\McAfee

2010-08-20 04:44 . 2010-02-04 06:06 -------- d-----w- c:\program files\QuickTime

2010-08-19 11:27 . 2010-08-19 11:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-08-19 11:27 . 2010-08-19 11:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-08-19 11:27 . 2010-08-19 11:27 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-08-19 11:27 . 2010-08-19 11:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-08-19 11:27 . 2010-08-19 11:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-08-19 11:27 . 2010-08-19 11:27 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-08-19 11:27 . 2010-08-19 11:27 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-08-19 11:27 . 2010-08-19 11:27 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-08-19 11:27 . 2010-08-19 11:27 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-08-19 11:27 . 2009-04-03 14:26 -------- d-----w- c:\program files\Common Files\Real

2010-08-19 11:27 . 2010-08-19 11:26 -------- d-----w- c:\program files\Real

2010-08-19 11:27 . 2010-08-19 11:27 -------- d-----w- c:\program files\Common Files\xing shared

2010-08-17 13:17 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-27 01:28 . 2010-07-27 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games

2010-07-22 15:49 . 2004-08-10 18:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-16 04:26 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-04 20:08 . 2010-07-04 20:08 77824 ----a-w- c:\documents and settings\Andrew\Application Data\Wuala\Program0\swt-gdip-win32-3550.dll

2010-07-04 20:08 . 2010-07-04 20:08 353792 ----a-w- c:\documents and settings\Andrew\Application Data\Wuala\Program0\orangevolt-4n-1.1.1.dll

2010-07-04 20:08 . 2010-07-04 20:08 78336 ----a-w- c:\documents and settings\Andrew\Application Data\Wuala\Program0\WDokan.dll

2010-07-04 20:07 . 2010-07-04 20:07 407928 ----a-w- c:\documents and settings\Andrew\Application Data\Wuala\Roaming\Wuala.exe

2010-07-04 20:07 . 2010-07-04 20:07 348160 ----a-w- c:\documents and settings\Andrew\Application Data\Wuala\Program0\swt-win32-3550.dll

2010-06-30 12:31 . 2004-08-10 18:51 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-27 22:39 . 2010-06-27 22:39 0 ----a-w- c:\windows\popcinfo.dat

2010-08-24 19:57 . 2010-08-26 03:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

2006-05-03 09:06 . 2009-07-11 08:24 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47 . 2009-07-11 08:24 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30 . 2009-07-11 08:24 216064 --sh--r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]

"nwiz"="nwiz.exe" [2007-06-06 1626112]

"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]

"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]

"SigmatelSysTrayApp"="stsystra.exe" [2007-07-10 405504]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"Mouse Suite 98 Daemon"="ICO.EXE" [2006-10-23 56128]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2006-10-03 221184]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-19 202256]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1193848]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-6 50688]

HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/25/2010 10:38 PM 84072]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 10:38 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 10:38 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/25/2010 10:39 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/25/2010 10:38 PM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/25/2010 10:38 PM 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/25/2010 10:38 PM 312904]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 10:38 PM 88544]

S2 gupdate1c9ee298b8ca355;Google Update Service (gupdate1c9ee298b8ca355);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 9:24 PM 133104]

S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe --> c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 10:38 PM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/25/2010 10:38 PM 84264]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 02:24]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 02:24]

2010-09-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1440613019-865028710-2365220557-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-09-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1440613019-865028710-2365220557-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071106

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = hxxp://us.slingmedia.com/page/downloads.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\24h49aqu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.berlingske.dk/|http://www.google.com/ig

FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\24h49aqu.default\extensions\activegs@freetoolsassociation.com\platform\WINNT_x86-msvc\plugins\npActiveGS.dll

FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgCtl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe

HKCU-Run-Tunebite - c:\program files\RapidSolution\Tunebite\Tunebite.exe

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu

AddRemove-SimParkv1.0 - c:\maxis\SimPark\DeIsL1.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-23 21:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AE7AC76]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f37852

\Driver\iaStor -> iaStor.sys @ 0xb9e7cc1a

IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d12bb0

PacketIndicateHandler -> NDIS.sys @ 0xb9d01a0d

SendHandler -> NDIS.sys @ 0xb9d15b40

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1440613019-865028710-2365220557-1006\Software\SecuROM\License information*]

"datasecu"=hex:22,a7,f2,c1,74,fd,73,03,ce,7a,1a,6d,d3,ef,9e,3d,83,31,1f,c5,69,

ae,6f,e6,9b,de,29,31,f8,c1,e8,9c,3e,76,59,90,af,d1,3a,50,f4,08,c9,05,3a,cd,\

"rkeysecu"=hex:0e,03,c4,95,13,33,ba,65,d3,ab,6b,44,a1,42,e4,5c

.

Completion time: 2010-09-23 21:29:58

ComboFix-quarantined-files.txt 2010-09-24 02:29

Pre-Run: 91,673,387,008 bytes free

Post-Run: 91,960,291,328 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 93156F3791DEF058383E764B8D5093A5

Link to post
Share on other sites

Sorry for posting twice in a row, but since running ComboFix and TDSSKiller, my touchpad has not been working properly. When I try to move it, the mouse on my screen moves on its own. It kind of spasms and then comes back to where it's supposed to be, even when I'm not moving my finger on the touchpad. I don't know if either of those programs could cause that problem, but I didn't have it before I ran them. Any advice?

Link to post
Share on other sites

OK, it looks like ComboFix targeted these files.....lets restore them and see if that corrects the problem:

c:\documents and settings\All Users\VCREDI~3.EXE

c:\windows\system32\spool\prtprocs\w32x86\CNMPD8O.DLL

c:\windows\system32\spool\prtprocs\w32x86\CNMPP8O.DLL

Please do this:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DeQuarantine::

C:\Qoobox\Quarantine\c:\documents and settings\All Users\VCREDI~3.EXE.vir

C:\Qoobox\Quarantine\c:\windows\system32\spool\prtprocs\w32x86\CNMPD8O.DLL.vir

C:\Qoobox\Quarantine\c:\windows\system32\spool\prtprocs\w32x86\CNMPP8O.DLL.vir

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply and the DeQuarantine.txt

MrC

Link to post
Share on other sites

I currently have an Epson printer, but I believe the first printer I had with this computer was a Canon. It's been over two years since I owned that printer, so I can't be certain. I also think at some point I installed software in order to use my parents' printer, which may or may not have been a Canon, I don't really know.

I'm still having the same problems as when I first posted. The redirects are still happening and I just got another "process for Win32" crash about an hour ago.

Thanks for your help so far.

Link to post
Share on other sites

Are you using a router?

-----------------------

Please do this:

Download and unzip Rootrepeal from the link below:

http://rootrepeal.googlepages.com/

Run rootrepeal.exe by double clicking on it

Click on Report tab on the bottom right of the software then press Scan

Put at check in all box's except the 2 SSDT option's then press OK

Place a check in drive to be scanned (it is usually C)

Click OK, the scan will start and when done it will produce a log

Please save the logfile generated and copy and paste the contents of that log into your next reply.

-----------------------------

Next:

Run ComboFix again and post the log.

If ComboFix wants to update....please let it.

MrC

Link to post
Share on other sites

Yes, I do use a router. A Linksys model WRT54G, if that's important.

I also feel like I should have mentioned that I have an iPod and an external hard drive that are frequently connected to my computer. Can they be infected and/or reinfect my computer? (Maybe should have mentioned that sooner. Oops.)

Here are the requested logs:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/09/24 14:15

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: DLAIFS_M.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS

Address: 0xAD318000 Size: 97568 File Visible: - Signed: -

Status: Hidden from the Windows API!

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB0353000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA5F6000 Size: 8192 File Visible: No Signed: -

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xA7250000 Size: 143744 File Visible: - Signed: -

Status: Hidden from the Windows API!

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xBA62A000 Size: 7936 File Visible: - Signed: -

Status: Hidden from the Windows API!

Name: Mup.sys

Image Path: Mup.sys

Address: 0xB9CE3000 Size: 105344 File Visible: - Signed: -

Status: Hidden from the Windows API!

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xB9D2A000 Size: 574976 File Visible: - Signed: -

Status: Hidden from the Windows API!

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA7F94000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: c:\windows\temp\perflib_perfdata_330.dat

Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\networkservice\cookies\index.dat

Status: Allocation size mismatch (API: 8192, Raw: 4096)

Path: c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\index.dat

Status: Allocation size mismatch (API: 2199552, Raw: 2191360)

Path: C:\Documents and Settings\Andrew\My Documents\YouTube\Verbotene Liebe\2007\2007-1~1.MOV:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

Status: Visible to the Windows API, but not on disk.

==EOF==

*********************************

ComboFix 10-09-23.01 - Andrew 09/24/2010 14:42:24.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2411 [GMT -5:00]

Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))

.

2010-09-23 04:12 . 2010-09-23 04:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-09-22 13:21 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-22 13:21 . 2010-09-22 13:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-22 13:21 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-22 12:08 . 2010-09-22 12:08 -------- d-----w- c:\documents and settings\Andrew\Application Data\Malwarebytes

2010-09-22 12:08 . 2010-09-22 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-22 02:11 . 2010-09-22 02:11 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-09-21 10:51 . 2010-09-21 12:08 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Unity

2010-09-14 21:52 . 2010-09-14 21:51 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll

2010-09-14 21:52 . 2010-09-14 21:52 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-09-14 21:52 . 2010-09-14 21:52 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-09-13 05:43 . 2010-09-13 05:43 -------- d--h--r- c:\documents and settings\Andrew\Application Data\SecuROM

2010-09-13 05:40 . 2007-04-04 23:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll

2010-09-13 05:40 . 2007-01-24 20:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll

2010-09-13 05:40 . 2006-12-08 17:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll

2010-09-13 05:40 . 2007-03-05 17:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll

2010-09-13 05:40 . 2006-09-28 21:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll

2010-09-13 05:04 . 2010-09-13 06:54 -------- d-----w- c:\program files\7-Zip

2010-09-02 06:12 . 2010-09-02 06:12 -------- d-----w- c:\program files\iPod

2010-09-02 06:12 . 2010-09-02 06:13 -------- d-----w- c:\program files\iTunes

2010-09-02 06:05 . 2010-09-02 06:05 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-01 02:38 . 2010-07-09 14:26 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe

2010-09-01 02:38 . 2010-07-02 14:25 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll

2010-09-01 02:38 . 2010-07-02 14:25 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll

2010-09-01 02:37 . 2010-08-17 18:10 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe

2010-08-31 12:58 . 2010-08-31 12:58 -------- d-----w- c:\program files\eRightSoft

2010-08-26 03:38 . 2010-08-24 19:57 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-08-26 03:38 . 2010-08-24 19:57 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2010-08-26 03:38 . 2010-08-24 19:57 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-08-26 03:38 . 2010-08-24 19:57 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2010-08-26 03:38 . 2010-08-24 19:57 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-08-26 03:38 . 2010-08-24 19:57 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-08-26 03:38 . 2010-08-24 19:57 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-08-26 03:38 . 2010-08-24 19:57 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-08-26 03:38 . 2010-08-24 19:57 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-08-26 03:38 . 2010-08-24 19:57 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-24 18:19 . 2007-12-05 05:46 77 -c--a-w- c:\windows\popcinfot.dat

2010-09-24 18:19 . 2007-12-05 05:46 204 -c-h--w- c:\windows\popcreg.dat

2010-09-24 11:53 . 2007-12-04 18:38 56344 ----a-w- c:\documents and settings\Andrew\Application Data\wklnhst.dat

2010-09-24 05:17 . 2008-02-27 18:56 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-20 16:41 . 2007-11-06 19:29 79950 ----a-w- c:\windows\system32\nvModes.dat

2010-09-14 21:52 . 2010-05-08 14:30 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-09-14 21:52 . 2010-05-08 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-09-14 21:52 . 2007-12-05 06:23 -------- d-----w- c:\program files\DivX

2010-09-14 21:51 . 2010-06-22 09:03 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-09-14 21:51 . 2010-05-08 14:30 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-09-14 21:51 . 2010-05-08 14:30 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-09-13 05:34 . 2010-05-16 04:41 -------- d-----w- c:\program files\LucasArts

2010-09-12 14:08 . 2007-12-05 05:46 -------- d-----w- c:\program files\PopCap Games

2010-09-12 14:03 . 2007-11-06 19:44 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-12 13:32 . 2008-09-04 02:51 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2010-09-04 07:16 . 2007-11-06 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell

2010-09-02 06:12 . 2007-12-04 18:01 -------- d-----w- c:\program files\Common Files\Apple

2010-08-31 03:22 . 2008-08-24 01:10 -------- d-----w- c:\program files\Microsoft Silverlight

2010-08-28 16:14 . 2007-11-06 19:55 -------- d-----w- c:\program files\McAfee.com

2010-08-28 03:03 . 2007-12-05 04:10 -------- d-----w- c:\program files\Family Tree Maker 16

2010-08-27 03:44 . 2007-11-06 19:54 -------- d-----w- c:\program files\McAfee

2010-08-27 03:44 . 2007-11-06 19:55 -------- d-----w- c:\program files\Common Files\McAfee

2010-08-20 04:44 . 2010-02-04 06:06 -------- d-----w- c:\program files\QuickTime

2010-08-19 11:27 . 2010-08-19 11:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-08-19 11:27 . 2010-08-19 11:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-08-19 11:27 . 2010-08-19 11:27 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-08-19 11:27 . 2010-08-19 11:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-08-19 11:27 . 2010-08-19 11:27 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-08-19 11:27 . 2010-08-19 11:27 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-08-19 11:27 . 2010-08-19 11:27 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-08-19 11:27 . 2010-08-19 11:27 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-08-19 11:27 . 2010-08-19 11:27 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-08-19 11:27 . 2009-04-03 14:26 -------- d-----w- c:\program files\Common Files\Real

2010-08-19 11:27 . 2010-08-19 11:26 -------- d-----w- c:\program files\Real

2010-08-19 11:27 . 2010-08-19 11:27 -------- d-----w- c:\program files\Common Files\xing shared

2010-08-17 13:17 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-07-27 01:28 . 2010-07-27 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games

2010-07-22 15:49 . 2004-08-10 18:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57 . 2009-04-16 04:26 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-07-04 20:08 . 2010-07-04 20:08 77824 ----a-w- c:\documents and settings\Andrew\Application Data\Wuala\Program0\swt-gdip-win32-3550.dll

2010-07-04 20:08 . 2010-07-04 20:08 353792 ----a-w- c:\documents and settings\Andrew\Application Data\Wuala\Program0\orangevolt-4n-1.1.1.dll

2010-07-04 20:08 . 2010-07-04 20:08 78336 ----a-w- c:\documents and settings\Andrew\Application Data\Wuala\Program0\WDokan.dll

2010-07-04 20:07 . 2010-07-04 20:07 407928 ----a-w- c:\documents and settings\Andrew\Application Data\Wuala\Roaming\Wuala.exe

2010-07-04 20:07 . 2010-07-04 20:07 348160 ----a-w- c:\documents and settings\Andrew\Application Data\Wuala\Program0\swt-win32-3550.dll

2010-06-30 12:31 . 2004-08-10 18:51 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-27 22:39 . 2010-06-27 22:39 0 ----a-w- c:\windows\popcinfo.dat

2010-08-24 19:57 . 2010-08-26 03:38 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

2006-05-03 09:06 . 2009-07-11 08:24 163328 --sh--r- c:\windows\system32\flvDX.dll

2007-02-21 10:47 . 2009-07-11 08:24 31232 --sh--r- c:\windows\system32\msfDX.dll

2008-03-16 12:30 . 2009-07-11 08:24 216064 --sh--r- c:\windows\system32\nbDX.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-09-24_02.24.08 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-24 16:31 . 2010-09-24 16:31 16384 c:\windows\Temp\Perflib_Perfdata_330.dat

+ 2007-11-12 22:01 . 2010-09-24 16:38 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2007-11-12 22:01 . 2010-09-22 23:07 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-11-12 22:01 . 2010-09-24 16:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2007-11-12 22:01 . 2010-09-22 23:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2010-09-24 15:19 . 2010-09-24 16:38 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2007-11-12 22:01 . 2010-09-22 23:07 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]

"nwiz"="nwiz.exe" [2007-06-06 1626112]

"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]

"NvMediaCenter"="NvMCTray.dll" [2007-06-06 81920]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]

"SigmatelSysTrayApp"="stsystra.exe" [2007-07-10 405504]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"Mouse Suite 98 Daemon"="ICO.EXE" [2006-10-23 56128]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2006-10-03 221184]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-19 202256]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1193848]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-6 50688]

HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [8/25/2010 10:38 PM 84072]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 10:38 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [8/25/2010 10:38 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [8/25/2010 10:39 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [8/25/2010 10:38 PM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [8/25/2010 10:38 PM 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [8/25/2010 10:38 PM 312904]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 10:38 PM 88544]

S2 gupdate1c9ee298b8ca355;Google Update Service (gupdate1c9ee298b8ca355);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 9:24 PM 133104]

S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe --> c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [8/25/2010 10:38 PM 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/25/2010 10:38 PM 84264]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

2010-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 02:24]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 02:24]

2010-09-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1440613019-865028710-2365220557-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-09-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1440613019-865028710-2365220557-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071106

mStart Page = hxxp://www.dell.com

uInternet Connection Wizard,ShellNext = hxxp://us.slingmedia.com/page/downloads.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\24h49aqu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.berlingske.dk/|http://www.google.com/ig

FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\24h49aqu.default\extensions\activegs@freetoolsassociation.com\platform\WINNT_x86-msvc\plugins\npActiveGS.dll

FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgCtl.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-24 14:48

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AF0BC76]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f37852

\Driver\iaStor -> iaStor.sys @ 0xb9e7cc1a

IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d12bb0

PacketIndicateHandler -> NDIS.sys @ 0xb9d01a0d

SendHandler -> NDIS.sys @ 0xb9d15b40

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1440613019-865028710-2365220557-1006\Software\SecuROM\License information*]

"datasecu"=hex:22,a7,f2,c1,74,fd,73,03,ce,7a,1a,6d,d3,ef,9e,3d,83,31,1f,c5,69,

ae,6f,e6,9b,de,29,31,f8,c1,e8,9c,3e,76,59,90,af,d1,3a,50,f4,08,c9,05,3a,cd,\

"rkeysecu"=hex:0e,03,c4,95,13,33,ba,65,d3,ab,6b,44,a1,42,e4,5c

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3616)

c:\windows\system32\btmmhook.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-09-24 14:50:54

ComboFix-quarantined-files.txt 2010-09-24 19:50

ComboFix2.txt 2010-09-24 02:29

Pre-Run: 91,789,004,800 bytes free

Post-Run: 91,778,609,152 bytes free

- - End Of File - - 9D6CEB247B9DDE6BD7AD6E5757A36CDC

Link to post
Share on other sites

Your MBR is infected with a rootkit and looks like ComboFix couldn't fix it so lets let Windows fix it:

Reboot the computer and before Windows loads you'll be asked to choose which operating system.

Use the up and down keys to choose Microsoft Windows Recovery Console

You'll be asked which Windows installation to log onto. Type 1 and press enter

Enter your administrator password and press enter (if none is set, just press enter).

You'll end up at the C:\Windows prompt, type:

fixmbr

and press Enter:

When its done type exit and hit enter

Windows will now load.

Let me know, MrC

Link to post
Share on other sites

I tried to follow your instructions, but each time I did, my computer got stuck on the starting recovery console screen. The bar at the bottom fills up, then nothing happens. I tried three times and waited for fifteen minutes each time. How long is it supposed to take to load into recovery console? Should I just wait longer? Keep trying?

Link to post
Share on other sites

Hopefully you have access to a burner.

You're going to have to burn the XP recovery console to a cd:

Download this file:

http://www.thecomputerparamedic.com/files/rc.iso

If you don't have any software to burn an .ISO file:

Download and install Active@ ISO Burner

Click HERE for ISOBurner Instructions.

Install the program, and follow the next set of steps.

After you install Active@ ISO Burner, put a blank cd-r in your burner and double click on the rc.iso you downloaded and Active@ ISO Burner should automatically open up.....now click BURN.

Put the cd in and restart the computer, it should boot to the recovery console.

MrC

Link to post
Share on other sites

Is the computer booting from the cd?

You should never get to the screen where it asks you what operating system to choose.

It should boot to the recovery console.

You should never get to this screen:

http://www.bleepstatic.com/tutorials/rc/startup.gif <-----click on it for the image

It's possible that your computer isn't set to boot from the cd drive.

Let me know.....MrC

Link to post
Share on other sites

That's no good.

Are you sure you burned the cd correctly and are you familiar with creating a cd from an ISO file?

Did you use the burning software I recommended?

Make sure you use a CD-R, not a CD-RW

If you did everything right, then you computer isn't set to boot from your cd first.

The link below will show you how to fix that:

http://www.hiren.info/pages/bios-boot-cdrom

Let me know, MrC

Link to post
Share on other sites

I seem to have gotten past one problem only to run into another.

The option to reboot from CD-ROM was fourth of four on the priority list. I moved it to first. Then the computer started booting from the disc. It got as far as "setup is starting Windows" and then I got a 'blue screen of death.' Twice. I wrote down the "technical information" it gave me. No idea if it's any help, but here it is in case:

*** STOP:0X0000007E (0XC0000005, 0XF748E0BF, 0XF78DA208, 0XF78D9F08)

*** pci.sys - Address F748E0BF base at F7487000, DateStamp 3b7d855c

Link to post
Share on other sites

Lets try this instead:

Download MBRCheck.exe to your desktop

XP users > double click on MBRCheck.exe to run it

Vista and Windows 7 users > right click on MBRCheck.exe and select Run as Administrator

It will show a black screen with some data on it

Don't run any of the options!!!

When it's done > Press Enter to close the program

A file will called MBRCheck_ will appear on your desktop

Please copy into to your next reply

MrC

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 151):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E4000 \WINDOWS\system32\hal.dll

0x8ADD6000 \WINDOWS\system32\KDCOM.DLL

0xBA4BC000 \WINDOWS\system32\BOOTVID.dll

0xB9EB4000 spiv.sys

0xBA5A8000 \WINDOWS\System32\Drivers\WMILIB.SYS

0xB9E9C000 \WINDOWS\System32\Drivers\SCSIPORT.SYS

0xB9E6E000 ACPI.sys

0xB9E5D000 pci.sys

0xBA0A8000 isapnp.sys

0xBA4C0000 compbatt.sys

0xBA4C4000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xBA0B8000 MountMgr.sys

0xB9E3E000 ftdisk.sys

0xBA330000 PartMgr.sys

0xBA0C8000 VolSnap.sys

0xB9E26000 atapi.sys

0xB9D68000 iaStor.sys

0xBA0D8000 disk.sys

0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9D48000 fltmgr.sys

0xB9D36000 sr.sys

0xB9CD9000 mfehidk.sys

0xB9CC3000 DRVMCDB.SYS

0xBA0F8000 PxHelp20.sys

0xB9CAC000 KSecDD.sys

0xB9C1F000 Ntfs.sys

0xB9BF2000 NDIS.sys

0xBA108000 ohci1394.sys

0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xB9BD8000 Mup.sys

0xBA2C8000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xB9734000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB7EE1000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB7ECD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xBA458000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB7EA9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA460000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB7E81000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB7DED000 \SystemRoot\system32\DRIVERS\bcmwl5.sys

0xB9724000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

0xB7DD9000 \SystemRoot\system32\DRIVERS\sdbus.sys

0xB9714000 \SystemRoot\system32\DRIVERS\rimmptsk.sys

0xB7DC5000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

0xB7D74000 \SystemRoot\system32\DRIVERS\rixdptsk.sys

0xB9704000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xB7D42000 \SystemRoot\system32\DRIVERS\SynTP.sys

0xBA5CE000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xBA478000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA480000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xB96F4000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA5D0000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0xB96E4000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA2D8000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB7D1F000 \SystemRoot\system32\DRIVERS\ks.sys

0xBA488000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xBA564000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xBA568000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xB7C4E000 \SystemRoot\system32\DRIVERS\btkrnl.sys

0xBA7BB000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB7C3A000 \SystemRoot\system32\DRIVERS\mfendisk.sys

0xBA2E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA570000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB7C23000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB8635000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB8625000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xBA490000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB7C12000 \SystemRoot\system32\DRIVERS\psched.sys

0xB8615000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xB7BEE000 \SystemRoot\system32\drivers\mfeavfk.sys

0xB7BA3000 \SystemRoot\system32\drivers\mfefirek.sys

0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB8605000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA5D4000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB7B1D000 \SystemRoot\system32\DRIVERS\update.sys

0xBA584000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB8517000 \SystemRoot\system32\DRIVERS\btport.sys

0xB6680000 \SystemRoot\system32\drivers\btaudio.sys

0xB665C000 \SystemRoot\system32\drivers\portcls.sys

0xBA1E8000 \SystemRoot\system32\drivers\drmk.sys

0xBA168000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xBA178000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xB2CAA000 \SystemRoot\system32\drivers\sthda.sys

0xB2C90000 \SystemRoot\system32\drivers\dxec02.sys

0xB2C5C000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

0xB2B6A000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

0xB2AB7000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xBA3B0000 \SystemRoot\System32\Drivers\Modem.SYS

0xB5109000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xBA622000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA7BC000 \SystemRoot\System32\Drivers\Null.SYS

0xBA624000 \SystemRoot\System32\Drivers\Beep.SYS

0xB28DC000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0xB28D4000 \SystemRoot\System32\drivers\vga.sys

0xBA626000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA628000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xB28CC000 \SystemRoot\System32\Drivers\Msfs.SYS

0xB28C4000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB2DE4000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB03B7000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB035E000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB034B000 \SystemRoot\system32\drivers\mfetdi2k.sys

0xB0325000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB02FD000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB299F000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xB2DC8000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xB02DB000 \SystemRoot\System32\drivers\afd.sys

0xB29AF000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB4A9C000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xB02B0000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB0240000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB4AAC000 \SystemRoot\System32\Drivers\Fips.SYS

0xAD919000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xABFEA000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys

0xBA616000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys

0xAD8A1000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

0xAD0CA000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xABFD2000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xADB79000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xAD52B000 \SystemRoot\System32\drivers\Dxapi.sys

0xAD30A000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA749000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xACDF0000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xBA70F000 \SystemRoot\System32\DLA\DLADResM.SYS

0xA9044000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0xBA410000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0xBA640000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0xBA3A8000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0xBA390000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0xA902E000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0xA9017000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0xB9B7B000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA8EFA000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xBA664000 \SystemRoot\system32\DRIVERS\dsunidrv.sys

0xA8E53000 \SystemRoot\system32\DRIVERS\srv.sys

0xA8EEE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xA895F000 \SystemRoot\system32\drivers\cfwids.sys

0xA8812000 \SystemRoot\System32\Drivers\HTTP.sys

0xA86E5000 \SystemRoot\system32\drivers\wdmaud.sys

0xBA1D8000 \SystemRoot\system32\drivers\sysaudio.sys

0xA7E4B000 \SystemRoot\system32\drivers\mfeapfk.sys

0xA8C23000 \SystemRoot\system32\drivers\mfebopk.sys

0xA6D10000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):

0 System Idle Process

4 System

1272 C:\WINDOWS\system32\smss.exe

1376 csrss.exe

1408 C:\WINDOWS\system32\winlogon.exe

1452 C:\WINDOWS\system32\services.exe

1464 C:\WINDOWS\system32\lsass.exe

1648 C:\WINDOWS\system32\svchost.exe

1724 svchost.exe

1768 C:\WINDOWS\system32\svchost.exe

1800 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

1852 svchost.exe

1984 svchost.exe

512 C:\WINDOWS\system32\WLTRYSVC.EXE

528 C:\WINDOWS\system32\BCMWLTRY.EXE

592 C:\WINDOWS\system32\spoolsv.exe

688 svchost.exe

752 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

768 C:\Program Files\Bonjour\mDNSResponder.exe

840 C:\Program Files\Java\jre6\bin\jqs.exe

888 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

968 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

1016 C:\WINDOWS\system32\nvsvc32.exe

1248 C:\Program Files\Dell Support Center\bin\sprtsvc.exe

1300 C:\WINDOWS\system32\svchost.exe

1516 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

216 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

3948 alg.exe

3584 C:\WINDOWS\explorer.exe

2960 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2980 C:\WINDOWS\system32\rundll32.exe

2996 C:\WINDOWS\system32\rundll32.exe

2992 C:\WINDOWS\OEM02Mon.exe

3008 C:\WINDOWS\system32\WLTRAY.EXE

3012 C:\WINDOWS\stsystra.exe

3024 C:\WINDOWS\system32\KADxMain.exe

3032 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

3040 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

3136 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

3160 C:\Program Files\Dell\MediaDirect\PCMService.exe

3220 C:\WINDOWS\system32\ico.exe

3240 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

3256 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

3424 C:\Program Files\McAfee.com\Agent\mcagent.exe

3148 C:\Program Files\iTunes\iTunesHelper.exe

1200 C:\Program Files\DivX\DivX Update\DivXUpdate.exe

3636 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

3644 C:\Program Files\Digital Line Detect\DLG.exe

4040 C:\Program Files\Palm\Hotsync.exe

136 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

920 C:\Program Files\iPod\bin\iPodService.exe

3604 C:\Documents and Settings\Andrew\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04e71400 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-75UST0, Rev: 01.01A01

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Dell MBR code detected

SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E

Done!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.