Jump to content

Im infected


Recommended Posts

I got something that downloaded and was a fake anti virus named privacy protector. ran computer in safe mode and deleted it. downloaded malwarebytes, which caught about 15 more things including a search engine redirect bug, then it keeps popping up saying blocked suspicious outgoing connection to a couple different ip addresses about every minute or so it does this. Here are the two logs:

dds.txt

attach.zip

Link to post
Share on other sites

Hello ajhorney! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply, please post the following log files:

  • TDSSKiller log
  • a new fresh DDS log with Attach.txt

Link to post
Share on other sites

Thanks for your help I have followed your directions and here are the logs:

14:28:50.0421 3068 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50

14:28:51.0609 3068 ============================================================

14:28:51.0609 3068 Current date / time: 2011/11/16 14:28:51.0609

14:28:51.0609 3068 SystemInfo:

14:28:51.0609 3068

14:28:51.0609 3068 OS Version: 5.1.2600 ServicePack: 3.0

14:28:51.0609 3068 Product type: Workstation

14:28:51.0609 3068 ComputerName: YOUR-89BFE66D42

14:28:51.0609 3068 UserName: Owner

14:28:51.0609 3068 Windows directory: C:\WINDOWS

14:28:51.0609 3068 System windows directory: C:\WINDOWS

14:28:51.0609 3068 Processor architecture: Intel x86

14:28:51.0609 3068 Number of processors: 1

14:28:51.0609 3068 Page size: 0x1000

14:28:51.0609 3068 Boot type: Normal boot

14:28:51.0609 3068 ============================================================

14:28:52.0328 3068 Initialize success

14:29:10.0343 3880 ============================================================

14:29:10.0343 3880 Scan started

14:29:10.0343 3880 Mode: Manual; SigCheck; TDLFS;

14:29:10.0343 3880 ============================================================

14:29:11.0875 3880 Abiosdsk - ok

14:29:11.0968 3880 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

14:29:13.0890 3880 abp480n5 - ok

14:29:14.0062 3880 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:29:14.0234 3880 ACPI - ok

14:29:14.0265 3880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

14:29:14.0453 3880 ACPIEC - ok

14:29:14.0656 3880 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

14:29:14.0812 3880 adpu160m - ok

14:29:14.0875 3880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:29:15.0046 3880 aec - ok

14:29:15.0140 3880 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

14:29:15.0234 3880 AFD - ok

14:29:15.0375 3880 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

14:29:15.0546 3880 agp440 - ok

14:29:15.0593 3880 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

14:29:15.0750 3880 agpCPQ - ok

14:29:15.0781 3880 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

14:29:15.0843 3880 Aha154x - ok

14:29:15.0937 3880 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

14:29:16.0078 3880 aic78u2 - ok

14:29:16.0140 3880 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

14:29:16.0296 3880 aic78xx - ok

14:29:16.0421 3880 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

14:29:16.0578 3880 AliIde - ok

14:29:16.0609 3880 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

14:29:16.0781 3880 alim1541 - ok

14:29:16.0828 3880 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

14:29:17.0000 3880 amdagp - ok

14:29:17.0125 3880 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

14:29:17.0203 3880 amsint - ok

14:29:17.0265 3880 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

14:29:17.0453 3880 Arp1394 - ok

14:29:17.0656 3880 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

14:29:17.0843 3880 asc - ok

14:29:17.0875 3880 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

14:29:17.0937 3880 asc3350p - ok

14:29:18.0062 3880 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

14:29:18.0203 3880 asc3550 - ok

14:29:18.0296 3880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:29:18.0468 3880 AsyncMac - ok

14:29:18.0578 3880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:29:18.0750 3880 atapi - ok

14:29:18.0765 3880 Atdisk - ok

14:29:18.0796 3880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:29:18.0953 3880 Atmarpc - ok

14:29:19.0000 3880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:29:19.0156 3880 audstub - ok

14:29:19.0312 3880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:29:19.0468 3880 Beep - ok

14:29:19.0531 3880 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

14:29:19.0718 3880 cbidf - ok

14:29:19.0734 3880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:29:19.0890 3880 cbidf2k - ok

14:29:19.0906 3880 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

14:29:19.0984 3880 cd20xrnt - ok

14:29:20.0015 3880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:29:20.0187 3880 Cdaudio - ok

14:29:20.0375 3880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:29:20.0546 3880 Cdfs - ok

14:29:20.0593 3880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:29:20.0765 3880 Cdrom - ok

14:29:20.0812 3880 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys

14:29:20.0859 3880 cfwids - ok

14:29:21.0000 3880 Changer - ok

14:29:21.0062 3880 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

14:29:21.0234 3880 CmBatt - ok

14:29:21.0359 3880 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

14:29:21.0546 3880 CmdIde - ok

14:29:21.0562 3880 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

14:29:21.0718 3880 Compbatt - ok

14:29:21.0765 3880 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

14:29:21.0937 3880 Cpqarray - ok

14:29:21.0953 3880 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

14:29:22.0125 3880 dac2w2k - ok

14:29:22.0156 3880 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

14:29:22.0328 3880 dac960nt - ok

14:29:22.0437 3880 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:29:22.0593 3880 Disk - ok

14:29:22.0640 3880 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

14:29:22.0843 3880 dmboot - ok

14:29:22.0921 3880 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

14:29:23.0109 3880 dmio - ok

14:29:23.0296 3880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:29:23.0484 3880 dmload - ok

14:29:23.0546 3880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:29:23.0718 3880 DMusic - ok

14:29:23.0890 3880 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

14:29:24.0062 3880 dpti2o - ok

14:29:24.0156 3880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:29:24.0312 3880 drmkaud - ok

14:29:24.0421 3880 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys

14:29:24.0593 3880 el575nd5 - ok

14:29:24.0656 3880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:29:24.0828 3880 Fastfat - ok

14:29:24.0968 3880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

14:29:25.0140 3880 Fdc - ok

14:29:25.0265 3880 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

14:29:25.0421 3880 Fips - ok

14:29:25.0531 3880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

14:29:25.0703 3880 Flpydisk - ok

14:29:25.0781 3880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

14:29:25.0937 3880 FltMgr - ok

14:29:26.0078 3880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:29:26.0250 3880 Fs_Rec - ok

14:29:26.0312 3880 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:29:26.0515 3880 Ftdisk - ok

14:29:26.0625 3880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:29:26.0812 3880 Gpc - ok

14:29:26.0875 3880 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

14:29:27.0031 3880 HDAudBus - ok

14:29:27.0171 3880 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

14:29:27.0343 3880 hpn - ok

14:29:27.0390 3880 HSFHWBS2 (f3e718604c5a8a28003280d861d96c19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

14:29:27.0453 3880 HSFHWBS2 - ok

14:29:27.0609 3880 HSF_DPV (4290713b7c3289ef87ee5ca474b21221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

14:29:27.0718 3880 HSF_DPV - ok

14:29:27.0906 3880 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:29:27.0968 3880 HTTP - ok

14:29:28.0140 3880 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

14:29:28.0296 3880 i2omgmt - ok

14:29:28.0343 3880 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

14:29:28.0515 3880 i2omp - ok

14:29:28.0546 3880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:29:28.0718 3880 i8042prt - ok

14:29:28.0859 3880 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS

14:29:28.0953 3880 iaStor ( UnsignedFile.Multi.Generic ) - warning

14:29:28.0953 3880 iaStor - detected UnsignedFile.Multi.Generic (1)

14:29:29.0125 3880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:29:29.0296 3880 Imapi - ok

14:29:29.0343 3880 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

14:29:29.0500 3880 ini910u - ok

14:29:29.0703 3880 IntcAzAudAddService (574c9b2f9406d28f8f7e5c7b46b470e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys

14:29:29.0937 3880 IntcAzAudAddService - ok

14:29:30.0093 3880 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

14:29:30.0250 3880 IntelIde - ok

14:29:30.0296 3880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

14:29:30.0468 3880 Ip6Fw - ok

14:29:30.0500 3880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:29:30.0656 3880 IpFilterDriver - ok

14:29:30.0765 3880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:29:30.0937 3880 IpInIp - ok

14:29:30.0968 3880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:29:31.0140 3880 IpNat - ok

14:29:31.0171 3880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:29:31.0328 3880 IPSec - ok

14:29:31.0468 3880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:29:31.0531 3880 IRENUM - ok

14:29:31.0593 3880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:29:31.0750 3880 isapnp - ok

14:29:31.0781 3880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:29:31.0937 3880 Kbdclass - ok

14:29:32.0078 3880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:29:32.0234 3880 kmixer - ok

14:29:32.0281 3880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

14:29:32.0375 3880 KSecDD - ok

14:29:32.0484 3880 lbrtfdc - ok

14:29:32.0546 3880 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

14:29:32.0562 3880 MBAMProtector - ok

14:29:32.0578 3880 MBAMSwissArmy - ok

14:29:32.0671 3880 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

14:29:32.0703 3880 mdmxsdk - ok

14:29:32.0765 3880 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys

14:29:32.0781 3880 mfeapfk - ok

14:29:32.0921 3880 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys

14:29:32.0953 3880 mfeavfk - ok

14:29:32.0984 3880 mfeavfk01 - ok

14:29:33.0015 3880 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys

14:29:33.0031 3880 mfebopk - ok

14:29:33.0046 3880 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys

14:29:33.0093 3880 mfefirek - ok

14:29:33.0156 3880 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys

14:29:33.0187 3880 mfehidk - ok

14:29:33.0296 3880 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

14:29:33.0328 3880 mfendisk - ok

14:29:33.0328 3880 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

14:29:33.0343 3880 mfendiskmp - ok

14:29:33.0375 3880 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys

14:29:33.0390 3880 mferkdet - ok

14:29:33.0437 3880 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys

14:29:33.0437 3880 mfetdi2k - ok

14:29:33.0500 3880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:29:33.0656 3880 mnmdd - ok

14:29:33.0828 3880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

14:29:34.0000 3880 Modem - ok

14:29:34.0046 3880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:29:34.0234 3880 Mouclass - ok

14:29:34.0390 3880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:29:34.0562 3880 MountMgr - ok

14:29:34.0593 3880 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

14:29:34.0750 3880 mraid35x - ok

14:29:34.0890 3880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:29:35.0046 3880 MRxDAV - ok

14:29:35.0171 3880 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:29:35.0296 3880 MRxSmb - ok

14:29:35.0468 3880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:29:35.0656 3880 Msfs - ok

14:29:35.0671 3880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:29:35.0828 3880 MSKSSRV - ok

14:29:35.0859 3880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:29:36.0031 3880 MSPCLOCK - ok

14:29:36.0187 3880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:29:36.0359 3880 MSPQM - ok

14:29:36.0406 3880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:29:36.0562 3880 mssmbios - ok

14:29:36.0609 3880 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

14:29:36.0656 3880 Mup - ok

14:29:36.0828 3880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:29:36.0984 3880 NDIS - ok

14:29:37.0062 3880 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:29:37.0125 3880 NdisTapi - ok

14:29:37.0218 3880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:29:37.0453 3880 Ndisuio - ok

14:29:37.0515 3880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:29:37.0687 3880 NdisWan - ok

14:29:37.0781 3880 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:29:37.0828 3880 NDProxy - ok

14:29:37.0906 3880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:29:38.0078 3880 NetBIOS - ok

14:29:38.0234 3880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:29:38.0390 3880 NetBT - ok

14:29:38.0468 3880 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

14:29:38.0640 3880 NIC1394 - ok

14:29:38.0703 3880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:29:38.0859 3880 Npfs - ok

14:29:38.0906 3880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:29:39.0078 3880 Ntfs - ok

14:29:39.0187 3880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:29:39.0375 3880 Null - ok

14:29:39.0593 3880 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

14:29:39.0765 3880 nv - ok

14:29:39.0937 3880 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

14:29:39.0984 3880 NVENETFD - ok

14:29:40.0031 3880 nvgts (fa740e97a0fe36e368c2299d9f3c01c1) C:\WINDOWS\system32\DRIVERS\NVGTS.SYS

14:29:40.0093 3880 nvgts - ok

14:29:40.0234 3880 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

14:29:40.0281 3880 nvnetbus - ok

14:29:40.0328 3880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:29:40.0500 3880 NwlnkFlt - ok

14:29:40.0578 3880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:29:40.0765 3880 NwlnkFwd - ok

14:29:40.0828 3880 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

14:29:40.0984 3880 ohci1394 - ok

14:29:41.0062 3880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

14:29:41.0203 3880 Parport - ok

14:29:41.0265 3880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:29:41.0437 3880 PartMgr - ok

14:29:41.0468 3880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

14:29:41.0625 3880 ParVdm - ok

14:29:41.0734 3880 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

14:29:41.0906 3880 PCI - ok

14:29:41.0953 3880 PCIDump - ok

14:29:41.0984 3880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

14:29:42.0140 3880 PCIIde - ok

14:29:42.0234 3880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

14:29:42.0406 3880 Pcmcia - ok

14:29:42.0453 3880 PDCOMP - ok

14:29:42.0468 3880 PDFRAME - ok

14:29:42.0484 3880 PDRELI - ok

14:29:42.0500 3880 PDRFRAME - ok

14:29:42.0531 3880 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

14:29:42.0687 3880 perc2 - ok

14:29:42.0765 3880 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

14:29:42.0921 3880 perc2hib - ok

14:29:42.0984 3880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:29:43.0156 3880 PptpMiniport - ok

14:29:43.0234 3880 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

14:29:43.0375 3880 Processor - ok

14:29:43.0437 3880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:29:43.0593 3880 PSched - ok

14:29:43.0640 3880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:29:43.0796 3880 Ptilink - ok

14:29:43.0875 3880 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

14:29:43.0890 3880 PxHelp20 - ok

14:29:43.0984 3880 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

14:29:44.0156 3880 ql1080 - ok

14:29:44.0328 3880 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

14:29:44.0500 3880 Ql10wnt - ok

14:29:44.0578 3880 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

14:29:44.0734 3880 ql12160 - ok

14:29:44.0828 3880 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

14:29:45.0000 3880 ql1240 - ok

14:29:45.0015 3880 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

14:29:45.0187 3880 ql1280 - ok

14:29:45.0281 3880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:29:45.0437 3880 RasAcd - ok

14:29:45.0562 3880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:29:45.0718 3880 Rasl2tp - ok

14:29:45.0750 3880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:29:45.0906 3880 RasPppoe - ok

14:29:46.0046 3880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:29:46.0187 3880 Raspti - ok

14:29:46.0250 3880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:29:46.0406 3880 Rdbss - ok

14:29:46.0546 3880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:29:46.0687 3880 RDPCDD - ok

14:29:46.0734 3880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:29:46.0890 3880 rdpdr - ok

14:29:46.0921 3880 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

14:29:46.0968 3880 RDPWD - ok

14:29:47.0156 3880 redbook (ea9cb095c2a49261dfdefc4b6c3ed5e9) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:29:47.0156 3880 redbook ( Rootkit.Win32.ZAccess.k ) - infected

14:29:47.0156 3880 redbook - detected Rootkit.Win32.ZAccess.k (0)

14:29:47.0265 3880 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

14:29:47.0421 3880 sdbus - ok

14:29:47.0531 3880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:29:47.0609 3880 Secdrv - ok

14:29:47.0671 3880 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:29:47.0812 3880 Serenum - ok

14:29:47.0843 3880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

14:29:48.0031 3880 Serial - ok

14:29:48.0156 3880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

14:29:48.0312 3880 Sfloppy - ok

14:29:48.0328 3880 Simbad - ok

14:29:48.0375 3880 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

14:29:48.0531 3880 sisagp - ok

14:29:48.0718 3880 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

14:29:48.0781 3880 Sparrow - ok

14:29:48.0828 3880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:29:48.0968 3880 splitter - ok

14:29:48.0984 3880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

14:29:49.0046 3880 sr - ok

14:29:49.0218 3880 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

14:29:49.0281 3880 Srv - ok

14:29:49.0328 3880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:29:49.0468 3880 swenum - ok

14:29:49.0609 3880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:29:49.0781 3880 swmidi - ok

14:29:49.0843 3880 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

14:29:49.0984 3880 symc810 - ok

14:29:50.0000 3880 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

14:29:50.0156 3880 symc8xx - ok

14:29:50.0171 3880 SymIM - ok

14:29:50.0187 3880 SymIMMP - ok

14:29:50.0203 3880 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

14:29:50.0343 3880 sym_hi - ok

14:29:50.0453 3880 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

14:29:50.0609 3880 sym_u3 - ok

14:29:50.0671 3880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:29:51.0125 3880 sysaudio - ok

14:29:51.0234 3880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:29:51.0500 3880 Tcpip - ok

14:29:51.0656 3880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:29:52.0046 3880 TDPIPE - ok

14:29:52.0125 3880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:29:52.0515 3880 TDTCP - ok

14:29:52.0656 3880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:29:53.0031 3880 TermDD - ok

14:29:53.0078 3880 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

14:29:53.0468 3880 TosIde - ok

14:29:53.0640 3880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:29:53.0968 3880 Udfs - ok

14:29:54.0046 3880 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

14:29:54.0312 3880 ultra - ok

14:29:54.0468 3880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:29:54.0875 3880 Update - ok

14:29:54.0968 3880 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:29:55.0328 3880 usbehci - ok

14:29:55.0468 3880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:29:55.0859 3880 usbhub - ok

14:29:55.0890 3880 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

14:29:56.0234 3880 usbohci - ok

14:29:56.0437 3880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:29:56.0593 3880 usbscan - ok

14:29:56.0640 3880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:29:56.0765 3880 USBSTOR - ok

14:29:56.0890 3880 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:29:57.0046 3880 usbuhci - ok

14:29:57.0109 3880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:29:57.0250 3880 VgaSave - ok

14:29:57.0296 3880 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

14:29:57.0453 3880 viaagp - ok

14:29:57.0531 3880 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

14:29:57.0671 3880 ViaIde - ok

14:29:57.0703 3880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

14:29:57.0859 3880 VolSnap - ok

14:29:57.0921 3880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:29:58.0078 3880 Wanarp - ok

14:29:58.0140 3880 WDICA - ok

14:29:58.0203 3880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:29:58.0343 3880 wdmaud - ok

14:29:58.0437 3880 winachsf (cb2dc26de2c815fc2309566f92d22ed4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

14:29:58.0500 3880 winachsf - ok

14:29:58.0703 3880 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:29:58.0750 3880 WudfPf - ok

14:29:58.0781 3880 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:29:58.0796 3880 WudfRd - ok

14:29:58.0859 3880 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0

14:29:58.0906 3880 \Device\Harddisk0\DR0 - ok

14:29:58.0937 3880 Boot (0x1200) (e782f1a76bc28bdc7ecbf0a5c12369b0) \Device\Harddisk0\DR0\Partition0

14:29:58.0937 3880 \Device\Harddisk0\DR0\Partition0 - ok

14:29:58.0953 3880 Boot (0x1200) (d15158421a38e0c4e393be5a71aa55fa) \Device\Harddisk0\DR0\Partition1

14:29:58.0953 3880 \Device\Harddisk0\DR0\Partition1 - ok

14:29:58.0953 3880 ============================================================

14:29:58.0953 3880 Scan finished

14:29:58.0953 3880 ============================================================

14:29:59.0062 2732 Detected object count: 2

14:29:59.0062 2732 Actual detected object count: 2

14:30:28.0734 2732 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user

14:30:28.0734 2732 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:30:28.0968 2732 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813

14:30:31.0000 2732 Backup copy found, using it..

14:30:31.0015 2732 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot

14:30:33.0703 2732 redbook ( Rootkit.Win32.ZAccess.k ) - User select action: Cure

14:30:55.0984 3400 Deinitialize success

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Owner at 14:37:18 on 2011-11-16

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.125 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Spare Backup\SpareBackup.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

svchost.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Oberon Media\Parts\1.0.0.16\OberonParts.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.pogo.iplay.com/?o=shp

uSearch Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = <local>

mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110511132028.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [bigFix] c:\program files\bigfix\bigfix.exe /atstartup

mRun: [spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{238C4367-5E2E-4024-B9EE-97C81F3FF3A8} : DhcpNameServer = 192.168.1.254

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: necusb - nwusbw32.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\qj1tufh7.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\mcafee\SiteAdvisor

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-3 84200]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-13 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-3 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-3 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-3 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-3 56064]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-13 22216]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-3 153280]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-3 52320]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-3 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-3 88736]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-25 135664]

S2 necusb;NEC USB Device Service;c:\windows\system32\svchost.exe -k necusb3 [2008-8-21 14336]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2011-3-3 69692]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-25 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-3 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-3 84488]

.

=============== Created Last 30 ================

.

2011-11-13 19:35:09 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes

2011-11-13 19:34:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-13 19:34:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-13 19:34:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-18 20:48:46 -------- d-----w- c:\program files\VideoLAN

.

==================== Find3M ====================

.

2011-11-16 19:31:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-19 19:16:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 14:38:52.39 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 3/3/2011 6:52:34 PM

System Uptime: 11/16/2011 2:31:55 PM (0 hours ago)

.

Motherboard: Gateway | | MCP61SM2MA

Processor: AMD Sempron Processor LE-1200 | Socket AM2 | 2109/201mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 113.14 GiB free.

D: is FIXED (FAT32) - 5 GiB total, 1.791 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP179: 8/19/2011 10:52:05 AM - System Checkpoint

RP180: 8/20/2011 12:51:27 PM - System Checkpoint

RP181: 8/21/2011 1:34:30 PM - System Checkpoint

RP182: 8/22/2011 1:51:28 PM - System Checkpoint

RP183: 8/23/2011 2:30:00 PM - System Checkpoint

RP184: 8/24/2011 3:00:14 AM - Software Distribution Service 3.0

RP185: 8/25/2011 3:29:57 AM - System Checkpoint

RP186: 8/26/2011 3:30:18 AM - System Checkpoint

RP187: 8/27/2011 3:30:25 AM - System Checkpoint

RP188: 8/28/2011 3:59:40 AM - System Checkpoint

RP189: 8/29/2011 4:59:40 AM - System Checkpoint

RP190: 8/30/2011 5:59:41 AM - System Checkpoint

RP191: 8/31/2011 7:40:48 AM - System Checkpoint

RP192: 9/1/2011 11:45:55 AM - System Checkpoint

RP193: 9/2/2011 9:45:20 PM - System Checkpoint

RP194: 9/3/2011 11:46:19 PM - System Checkpoint

RP195: 9/5/2011 12:38:27 AM - System Checkpoint

RP196: 9/6/2011 7:13:55 AM - System Checkpoint

RP197: 9/7/2011 12:40:02 AM - Software Distribution Service 3.0

RP198: 9/8/2011 1:29:01 AM - System Checkpoint

RP199: 9/9/2011 2:29:06 AM - System Checkpoint

RP200: 9/10/2011 3:29:10 AM - System Checkpoint

RP201: 9/11/2011 3:32:13 AM - System Checkpoint

RP202: 9/12/2011 4:32:13 AM - System Checkpoint

RP203: 9/13/2011 5:33:18 AM - System Checkpoint

RP204: 9/14/2011 5:49:08 AM - System Checkpoint

RP205: 9/15/2011 6:02:30 AM - System Checkpoint

RP206: 9/15/2011 6:04:52 PM - Removed WorldWinner Games

RP207: 9/16/2011 3:00:40 AM - Software Distribution Service 3.0

RP208: 9/17/2011 3:31:14 AM - System Checkpoint

RP209: 9/18/2011 3:49:21 AM - System Checkpoint

RP210: 9/19/2011 4:35:43 AM - System Checkpoint

RP211: 9/19/2011 3:21:28 PM - Installed Microsoft Office Web Apps Browser Plugin

RP212: 9/20/2011 3:35:42 PM - System Checkpoint

RP213: 9/21/2011 8:28:13 PM - System Checkpoint

RP214: 9/22/2011 9:44:03 PM - System Checkpoint

RP215: 9/23/2011 11:10:55 PM - System Checkpoint

RP216: 9/25/2011 11:46:25 AM - System Checkpoint

RP217: 9/26/2011 1:54:58 PM - System Checkpoint

RP218: 9/27/2011 2:07:53 PM - System Checkpoint

RP219: 9/28/2011 3:08:27 PM - System Checkpoint

RP220: 9/29/2011 3:35:59 AM - Software Distribution Service 3.0

RP221: 9/30/2011 3:44:16 AM - System Checkpoint

RP222: 10/1/2011 3:45:20 AM - System Checkpoint

RP223: 10/2/2011 4:44:14 AM - System Checkpoint

RP224: 10/3/2011 5:40:22 AM - System Checkpoint

RP225: 10/4/2011 5:45:00 AM - System Checkpoint

RP226: 10/5/2011 6:40:25 AM - System Checkpoint

RP227: 10/6/2011 7:41:27 AM - System Checkpoint

RP228: 10/7/2011 7:56:44 AM - System Checkpoint

RP229: 10/8/2011 8:27:50 AM - System Checkpoint

RP230: 10/9/2011 8:34:58 AM - System Checkpoint

RP231: 10/10/2011 9:44:00 AM - System Checkpoint

RP232: 10/11/2011 10:16:52 AM - System Checkpoint

RP233: 10/12/2011 10:16:56 AM - System Checkpoint

RP234: 10/13/2011 10:29:07 AM - System Checkpoint

RP235: 10/14/2011 3:00:17 AM - Software Distribution Service 3.0

RP236: 10/15/2011 11:14:21 AM - System Checkpoint

RP237: 10/16/2011 11:39:02 AM - System Checkpoint

RP238: 10/17/2011 11:39:07 AM - System Checkpoint

RP239: 10/18/2011 3:00:23 AM - Software Distribution Service 3.0

RP240: 10/19/2011 3:05:19 AM - System Checkpoint

RP241: 10/19/2011 3:52:07 PM - Removed Microsoft Office Professional 2010

RP242: 10/20/2011 3:00:21 AM - Software Distribution Service 3.0

RP243: 10/21/2011 7:50:08 AM - System Checkpoint

RP244: 10/22/2011 8:22:48 AM - System Checkpoint

RP245: 10/23/2011 8:37:03 AM - System Checkpoint

RP246: 10/24/2011 8:39:45 AM - System Checkpoint

RP247: 10/25/2011 9:39:46 AM - System Checkpoint

RP248: 10/26/2011 1:19:59 PM - System Checkpoint

RP249: 10/27/2011 1:33:25 PM - System Checkpoint

RP250: 10/28/2011 3:06:02 PM - System Checkpoint

RP251: 10/29/2011 11:18:47 PM - System Checkpoint

RP252: 10/31/2011 12:50:47 AM - System Checkpoint

RP253: 11/1/2011 1:32:53 AM - System Checkpoint

RP254: 11/2/2011 2:29:22 AM - System Checkpoint

RP255: 11/3/2011 8:47:42 AM - System Checkpoint

RP256: 11/4/2011 9:54:22 AM - System Checkpoint

RP257: 11/5/2011 10:22:59 AM - System Checkpoint

RP258: 11/6/2011 9:37:57 AM - System Checkpoint

RP259: 11/7/2011 12:42:56 PM - System Checkpoint

RP260: 11/8/2011 12:51:35 PM - System Checkpoint

RP261: 11/9/2011 1:09:57 PM - System Checkpoint

RP262: 11/10/2011 3:00:17 AM - Software Distribution Service 3.0

RP263: 11/11/2011 3:00:18 AM - Software Distribution Service 3.0

RP264: 11/12/2011 3:45:16 AM - System Checkpoint

RP265: 11/13/2011 3:50:07 AM - System Checkpoint

RP266: 11/13/2011 3:12:50 PM - Installed Java 6 Update 29

RP267: 11/13/2011 3:17:38 PM - Removed Java SE Runtime Environment 6 Update 1

RP268: 11/13/2011 3:18:52 PM - Removed Java 6 Update 22

RP269: 11/14/2011 4:53:04 PM - System Checkpoint

RP270: 11/15/2011 8:31:55 PM - System Checkpoint

.

==== Installed Programs ======================

.

3DVIA player 5.0

AC3Filter (remove only)

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

Browser Address Error Redirector

Canon Camera Access Library

Canon DIGITAL CAMERA Solution Disk Software Guide

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon Personal Printing Guide

Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC 8

Canon Utilities Movie Uploader for YouTube

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Compatibility Pack for the 2007 Office system

DivX Setup

DVD Suite

eMachines Connect

Favorite Places

FrostWire 4.21.8

Google Chrome

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

Java Auto Updater

Java 6 Update 29

Laugh, Smile & Learn™

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee SecurityCenter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Web Apps Browser Plugin

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft WSE 2.0 SP3 Runtime

Mozilla Firefox (3.6.24)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

NVIDIA Drivers

OpenOffice.org 3.3

Realtek High Definition Audio Driver

Recovery Software Suite eMachines

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB913433)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Soft Data Fax Modem with SmartCP

Spare Backup

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB953356)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

VideoLAN VLC media player 0.8.6f

WebFldrs XP

Windows Backup Utility

Windows Driver Package - NVIDIA (NVENETFD) Net (11/27/2006 65.4.8)

Windows Driver Package - NVIDIA (nvnetbus) NVIDIA Network Bus Enumerator (11/27/2006 65.4.8)

Windows Genuine Advantage Validation Tool

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

11/16/2011 8:38:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 ACPIEC adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp iaStor ini910u IntelIde mraid35x Pcmcia perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde

11/16/2011 8:38:33 AM, error: Service Control Manager [7023] - The NEC USB Device Service service terminated with the following error: The specified module could not be found.

11/16/2011 8:38:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

11/16/2011 8:35:47 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.

11/15/2011 6:45:20 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

11/13/2011 7:50:58 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

11/13/2011 3:19:16 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

.

==== End Of File ===========================

Link to post
Share on other sites

I haven't had time to run combo fix yet just wanted to let you know I am still here. But the thing has stopped popping up since my last post do you still think that I should run combo fix? Thanks for all your help, you guys are great, I wish I was out of school and was able to donate to you all. Hopefully I can later in the year after graduation, Thanks again .

Link to post
Share on other sites

Here is the log for Combo Fix

ComboFix 11-11-28.02 - Owner 11/28/2011 17:31:23.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.434 [GMT -5:00]

Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator.YOUR-89BFE66D42.000\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Owner\WINDOWS

c:\windows\$NtUninstallKB11650$

c:\windows\$NtUninstallKB11650$\403912081\@

c:\windows\$NtUninstallKB11650$\403912081\bckfg.tmp

c:\windows\$NtUninstallKB11650$\403912081\cfg.ini

c:\windows\$NtUninstallKB11650$\403912081\Desktop.ini

c:\windows\$NtUninstallKB11650$\403912081\keywords

c:\windows\$NtUninstallKB11650$\403912081\kwrd.dll

c:\windows\$NtUninstallKB11650$\403912081\L\evpbxyye

c:\windows\$NtUninstallKB11650$\403912081\lsflt7.ver

c:\windows\$NtUninstallKB11650$\403912081\U\00000001.@

c:\windows\$NtUninstallKB11650$\403912081\U\00000002.@

c:\windows\$NtUninstallKB11650$\403912081\U\00000004.@

c:\windows\$NtUninstallKB11650$\403912081\U\80000000.@

c:\windows\$NtUninstallKB11650$\403912081\U\80000004.@

c:\windows\$NtUninstallKB11650$\403912081\U\80000032.@

c:\windows\$NtUninstallKB11650$\44714038

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\Thumbs.db

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))

.

.

2011-11-13 19:35 . 2011-11-13 19:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-11-13 19:34 . 2011-11-13 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-13 19:34 . 2011-11-13 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-13 19:34 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 18:45 . 2011-11-12 18:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-11-12 18:29 . 2011-11-28 22:41 -------- d-----w- c:\documents and settings\Administrator.YOUR-89BFE66D42.000

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 20:57 . 2011-06-09 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-16 19:31 . 2011-03-04 00:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-10-10 14:22 . 2006-05-07 00:36 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 10:06 . 2011-03-20 14:07 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 07:37 . 2011-03-03 23:20 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06 . 2008-08-21 22:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2008-08-21 22:52 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2008-08-21 22:52 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2006-05-07 00:24 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-04-14 18:01 . 2011-03-04 23:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-04 39408]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"nwiz"="nwiz.exe" [2006-10-31 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-03 1838592]

"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-14 5252936]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/3/2011 7:35 PM 84200]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/13/2011 2:34 PM 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/3/2011 7:36 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2011 7:04 PM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/3/2011 7:35 PM 56064]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/13/2011 2:34 PM 22216]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/3/2011 7:35 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664]

S2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe -k necusb3 [8/21/2008 5:52 PM 14336]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [3/3/2011 7:50 PM 69692]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2011 7:35 PM 84488]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

necusb3 REG_MULTI_SZ necusb

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33]

.

2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://start.pogo.iplay.com/?o=shp

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exe

Notify-necusb - nwusbw32.dll

SafeBoot-25851173.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-28 17:47

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1812)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\RUNDLL32.EXE

c:\windows\RTHDCPL.EXE

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2011-11-28 17:53:46 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-28 22:53

.

Pre-Run: 121,345,462,272 bytes free

Post-Run: 122,374,647,808 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - F637E2FE8EED80C70AC4C2DC62B347CE

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

DDS::
uStart Page = hxxp://start.pogo.iplay.com/?o=shp

FireFox::
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\
FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

In your next post here, please include ComboFix.txt and let me know how are things there.

Link to post
Share on other sites

Here is the combo fix log. so far every thing has been ok, there has been no signs of infection since I ran the TDSSKiller and the DDS log with Attach.txt My mcfee has caught about 5 viruses aon each scan since I first ran the combo fix tool, Thanks for all of your help.

ComboFix 11-12-04.02 - Owner 12/04/2011 9:46.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.506 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome.manifest

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome\chrome.jar

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\autocomplite.js

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\logger.js

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\omIGamesBarLogger.xpt

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\gb.cfg

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\install.rdf

c:\windows\system32\usmt\migwiz_a.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))

.

.

2011-11-13 19:35 . 2011-11-13 19:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-11-13 19:34 . 2011-11-13 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-13 19:34 . 2011-11-13 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-13 19:34 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 18:45 . 2011-11-12 18:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-11-12 18:29 . 2011-11-28 22:41 -------- d-----w- c:\documents and settings\Administrator.YOUR-89BFE66D42.000

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 20:57 . 2011-06-09 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-16 19:31 . 2011-03-04 00:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-10-10 14:22 . 2006-05-07 00:36 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 10:06 . 2011-03-20 14:07 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 07:37 . 2011-03-03 23:20 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06 . 2008-08-21 22:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2008-08-21 22:52 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2008-08-21 22:52 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2006-05-07 00:24 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-04-14 18:01 . 2011-03-04 23:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-28_22.46.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-03 09:00 . 2011-12-03 09:00 16384 c:\windows\temp\Perflib_Perfdata_4a8.dat

+ 2011-12-03 11:22 . 2011-12-03 11:22 16384 c:\windows\temp\Perflib_Perfdata_370.dat

+ 2006-05-07 00:40 . 2011-12-04 11:44 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2006-05-07 00:40 . 2011-11-28 15:42 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-05-07 00:40 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-11-28 23:37 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Link to post
Share on other sites

ok I think I got it all this time...........

ComboFix 11-12-04.02 - Owner 12/04/2011 9:46.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.506 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome.manifest

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome\chrome.jar

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\autocomplite.js

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\logger.js

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\omIGamesBarLogger.xpt

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\gb.cfg

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\install.rdf

c:\windows\system32\usmt\migwiz_a.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))

.

.

2011-11-13 19:35 . 2011-11-13 19:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2011-11-13 19:34 . 2011-11-13 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-13 19:34 . 2011-11-13 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-13 19:34 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-12 18:45 . 2011-11-12 18:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2011-11-12 18:29 . 2011-11-28 22:41 -------- d-----w- c:\documents and settings\Administrator.YOUR-89BFE66D42.000

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 20:57 . 2011-06-09 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-16 19:31 . 2011-03-04 00:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2011-10-10 14:22 . 2006-05-07 00:36 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-03 10:06 . 2011-03-20 14:07 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-03 07:37 . 2011-03-03 23:20 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-09-28 07:06 . 2008-08-21 22:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2008-08-21 22:52 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2008-08-21 22:52 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20 . 2006-05-07 00:24 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-04-14 18:01 . 2011-03-04 23:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-11-28_22.46.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-03 09:00 . 2011-12-03 09:00 16384 c:\windows\temp\Perflib_Perfdata_4a8.dat

+ 2011-12-03 11:22 . 2011-12-03 11:22 16384 c:\windows\temp\Perflib_Perfdata_370.dat

+ 2006-05-07 00:40 . 2011-12-04 11:44 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2006-05-07 00:40 . 2011-11-28 15:42 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2006-05-07 00:40 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-11-28 23:37 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-04 39408]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"nwiz"="nwiz.exe" [2006-10-31 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]

"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-03 1838592]

"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-14 5252936]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/3/2011 7:35 PM 84200]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/13/2011 2:34 PM 366152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/3/2011 7:36 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2011 7:04 PM 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/3/2011 7:35 PM 56064]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/13/2011 2:34 PM 22216]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/3/2011 7:35 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664]

S2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe -k necusb3 [8/21/2008 5:52 PM 14336]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [3/3/2011 7:50 PM 69692]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2011 7:35 PM 84488]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

necusb3 REG_MULTI_SZ necusb

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33]

.

2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video

FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-04 09:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-12-04 09:58:09

ComboFix-quarantined-files.txt 2011-12-04 14:57

ComboFix2.txt 2011-11-28 22:53

.

Pre-Run: 122,456,915,968 bytes free

Post-Run: 122,425,036,800 bytes free

.

- - End Of File - - D1D1A3D4A0558C34AFE0B931049AE1F5

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.