ajhorney Posted November 14, 2011 ID:494490 Share Posted November 14, 2011 I got something that downloaded and was a fake anti virus named privacy protector. ran computer in safe mode and deleted it. downloaded malwarebytes, which caught about 15 more things including a search engine redirect bug, then it keeps popping up saying blocked suspicious outgoing connection to a couple different ip addresses about every minute or so it does this. Here are the two logs:dds.txtattach.zip Link to post Share on other sites More sharing options...
Maniac Posted November 14, 2011 ID:494555 Share Posted November 14, 2011 Hello ajhorney! My name is Maniac and I will be glad to help you solve your malware problem.Please note:I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/paste in your next reply.Download the latest version of TDSSKiller from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.In your next reply, please post the following log files:TDSSKiller loga new fresh DDS log with Attach.txt Link to post Share on other sites More sharing options...
ajhorney Posted November 16, 2011 Author ID:495293 Share Posted November 16, 2011 Thanks for your help I have followed your directions and here are the logs:14:28:50.0421 3068 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:5014:28:51.0609 3068 ============================================================14:28:51.0609 3068 Current date / time: 2011/11/16 14:28:51.060914:28:51.0609 3068 SystemInfo:14:28:51.0609 3068 14:28:51.0609 3068 OS Version: 5.1.2600 ServicePack: 3.014:28:51.0609 3068 Product type: Workstation14:28:51.0609 3068 ComputerName: YOUR-89BFE66D4214:28:51.0609 3068 UserName: Owner14:28:51.0609 3068 Windows directory: C:\WINDOWS14:28:51.0609 3068 System windows directory: C:\WINDOWS14:28:51.0609 3068 Processor architecture: Intel x8614:28:51.0609 3068 Number of processors: 114:28:51.0609 3068 Page size: 0x100014:28:51.0609 3068 Boot type: Normal boot14:28:51.0609 3068 ============================================================14:28:52.0328 3068 Initialize success14:29:10.0343 3880 ============================================================14:29:10.0343 3880 Scan started14:29:10.0343 3880 Mode: Manual; SigCheck; TDLFS; 14:29:10.0343 3880 ============================================================14:29:11.0875 3880 Abiosdsk - ok14:29:11.0968 3880 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS14:29:13.0890 3880 abp480n5 - ok14:29:14.0062 3880 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys14:29:14.0234 3880 ACPI - ok14:29:14.0265 3880 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys14:29:14.0453 3880 ACPIEC - ok14:29:14.0656 3880 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys14:29:14.0812 3880 adpu160m - ok14:29:14.0875 3880 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys14:29:15.0046 3880 aec - ok14:29:15.0140 3880 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys14:29:15.0234 3880 AFD - ok14:29:15.0375 3880 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys14:29:15.0546 3880 agp440 - ok14:29:15.0593 3880 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys14:29:15.0750 3880 agpCPQ - ok14:29:15.0781 3880 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys14:29:15.0843 3880 Aha154x - ok14:29:15.0937 3880 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys14:29:16.0078 3880 aic78u2 - ok14:29:16.0140 3880 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys14:29:16.0296 3880 aic78xx - ok14:29:16.0421 3880 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys14:29:16.0578 3880 AliIde - ok14:29:16.0609 3880 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys14:29:16.0781 3880 alim1541 - ok14:29:16.0828 3880 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys14:29:17.0000 3880 amdagp - ok14:29:17.0125 3880 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys14:29:17.0203 3880 amsint - ok14:29:17.0265 3880 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys14:29:17.0453 3880 Arp1394 - ok14:29:17.0656 3880 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys14:29:17.0843 3880 asc - ok14:29:17.0875 3880 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys14:29:17.0937 3880 asc3350p - ok14:29:18.0062 3880 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys14:29:18.0203 3880 asc3550 - ok14:29:18.0296 3880 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys14:29:18.0468 3880 AsyncMac - ok14:29:18.0578 3880 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys14:29:18.0750 3880 atapi - ok14:29:18.0765 3880 Atdisk - ok14:29:18.0796 3880 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys14:29:18.0953 3880 Atmarpc - ok14:29:19.0000 3880 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys14:29:19.0156 3880 audstub - ok14:29:19.0312 3880 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys14:29:19.0468 3880 Beep - ok14:29:19.0531 3880 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys14:29:19.0718 3880 cbidf - ok14:29:19.0734 3880 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys14:29:19.0890 3880 cbidf2k - ok14:29:19.0906 3880 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys14:29:19.0984 3880 cd20xrnt - ok14:29:20.0015 3880 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys14:29:20.0187 3880 Cdaudio - ok14:29:20.0375 3880 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys14:29:20.0546 3880 Cdfs - ok14:29:20.0593 3880 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys14:29:20.0765 3880 Cdrom - ok14:29:20.0812 3880 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys14:29:20.0859 3880 cfwids - ok14:29:21.0000 3880 Changer - ok14:29:21.0062 3880 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys14:29:21.0234 3880 CmBatt - ok14:29:21.0359 3880 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys14:29:21.0546 3880 CmdIde - ok14:29:21.0562 3880 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys14:29:21.0718 3880 Compbatt - ok14:29:21.0765 3880 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys14:29:21.0937 3880 Cpqarray - ok14:29:21.0953 3880 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys14:29:22.0125 3880 dac2w2k - ok14:29:22.0156 3880 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys14:29:22.0328 3880 dac960nt - ok14:29:22.0437 3880 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys14:29:22.0593 3880 Disk - ok14:29:22.0640 3880 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys14:29:22.0843 3880 dmboot - ok14:29:22.0921 3880 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys14:29:23.0109 3880 dmio - ok14:29:23.0296 3880 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys14:29:23.0484 3880 dmload - ok14:29:23.0546 3880 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys14:29:23.0718 3880 DMusic - ok14:29:23.0890 3880 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys14:29:24.0062 3880 dpti2o - ok14:29:24.0156 3880 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys14:29:24.0312 3880 drmkaud - ok14:29:24.0421 3880 el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys14:29:24.0593 3880 el575nd5 - ok14:29:24.0656 3880 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys14:29:24.0828 3880 Fastfat - ok14:29:24.0968 3880 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys14:29:25.0140 3880 Fdc - ok14:29:25.0265 3880 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys14:29:25.0421 3880 Fips - ok14:29:25.0531 3880 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys14:29:25.0703 3880 Flpydisk - ok14:29:25.0781 3880 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys14:29:25.0937 3880 FltMgr - ok14:29:26.0078 3880 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys14:29:26.0250 3880 Fs_Rec - ok14:29:26.0312 3880 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys14:29:26.0515 3880 Ftdisk - ok14:29:26.0625 3880 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys14:29:26.0812 3880 Gpc - ok14:29:26.0875 3880 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys14:29:27.0031 3880 HDAudBus - ok14:29:27.0171 3880 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys14:29:27.0343 3880 hpn - ok14:29:27.0390 3880 HSFHWBS2 (f3e718604c5a8a28003280d861d96c19) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys14:29:27.0453 3880 HSFHWBS2 - ok14:29:27.0609 3880 HSF_DPV (4290713b7c3289ef87ee5ca474b21221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys14:29:27.0718 3880 HSF_DPV - ok14:29:27.0906 3880 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys14:29:27.0968 3880 HTTP - ok14:29:28.0140 3880 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys14:29:28.0296 3880 i2omgmt - ok14:29:28.0343 3880 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys14:29:28.0515 3880 i2omp - ok14:29:28.0546 3880 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys14:29:28.0718 3880 i8042prt - ok14:29:28.0859 3880 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS14:29:28.0953 3880 iaStor ( UnsignedFile.Multi.Generic ) - warning14:29:28.0953 3880 iaStor - detected UnsignedFile.Multi.Generic (1)14:29:29.0125 3880 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys14:29:29.0296 3880 Imapi - ok14:29:29.0343 3880 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys14:29:29.0500 3880 ini910u - ok14:29:29.0703 3880 IntcAzAudAddService (574c9b2f9406d28f8f7e5c7b46b470e6) C:\WINDOWS\system32\drivers\RtkHDAud.sys14:29:29.0937 3880 IntcAzAudAddService - ok14:29:30.0093 3880 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys14:29:30.0250 3880 IntelIde - ok14:29:30.0296 3880 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys14:29:30.0468 3880 Ip6Fw - ok14:29:30.0500 3880 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys14:29:30.0656 3880 IpFilterDriver - ok14:29:30.0765 3880 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys14:29:30.0937 3880 IpInIp - ok14:29:30.0968 3880 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys14:29:31.0140 3880 IpNat - ok14:29:31.0171 3880 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys14:29:31.0328 3880 IPSec - ok14:29:31.0468 3880 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys14:29:31.0531 3880 IRENUM - ok14:29:31.0593 3880 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys14:29:31.0750 3880 isapnp - ok14:29:31.0781 3880 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys14:29:31.0937 3880 Kbdclass - ok14:29:32.0078 3880 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys14:29:32.0234 3880 kmixer - ok14:29:32.0281 3880 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys14:29:32.0375 3880 KSecDD - ok14:29:32.0484 3880 lbrtfdc - ok14:29:32.0546 3880 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys14:29:32.0562 3880 MBAMProtector - ok14:29:32.0578 3880 MBAMSwissArmy - ok14:29:32.0671 3880 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys14:29:32.0703 3880 mdmxsdk - ok14:29:32.0765 3880 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys14:29:32.0781 3880 mfeapfk - ok14:29:32.0921 3880 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys14:29:32.0953 3880 mfeavfk - ok14:29:32.0984 3880 mfeavfk01 - ok14:29:33.0015 3880 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys14:29:33.0031 3880 mfebopk - ok14:29:33.0046 3880 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys14:29:33.0093 3880 mfefirek - ok14:29:33.0156 3880 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys14:29:33.0187 3880 mfehidk - ok14:29:33.0296 3880 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys14:29:33.0328 3880 mfendisk - ok14:29:33.0328 3880 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys14:29:33.0343 3880 mfendiskmp - ok14:29:33.0375 3880 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys14:29:33.0390 3880 mferkdet - ok14:29:33.0437 3880 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys14:29:33.0437 3880 mfetdi2k - ok14:29:33.0500 3880 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys14:29:33.0656 3880 mnmdd - ok14:29:33.0828 3880 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys14:29:34.0000 3880 Modem - ok14:29:34.0046 3880 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys14:29:34.0234 3880 Mouclass - ok14:29:34.0390 3880 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys14:29:34.0562 3880 MountMgr - ok14:29:34.0593 3880 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys14:29:34.0750 3880 mraid35x - ok14:29:34.0890 3880 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys14:29:35.0046 3880 MRxDAV - ok14:29:35.0171 3880 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys14:29:35.0296 3880 MRxSmb - ok14:29:35.0468 3880 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys14:29:35.0656 3880 Msfs - ok14:29:35.0671 3880 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys14:29:35.0828 3880 MSKSSRV - ok14:29:35.0859 3880 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys14:29:36.0031 3880 MSPCLOCK - ok14:29:36.0187 3880 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys14:29:36.0359 3880 MSPQM - ok14:29:36.0406 3880 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys14:29:36.0562 3880 mssmbios - ok14:29:36.0609 3880 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys14:29:36.0656 3880 Mup - ok14:29:36.0828 3880 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys14:29:36.0984 3880 NDIS - ok14:29:37.0062 3880 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys14:29:37.0125 3880 NdisTapi - ok14:29:37.0218 3880 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys14:29:37.0453 3880 Ndisuio - ok14:29:37.0515 3880 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys14:29:37.0687 3880 NdisWan - ok14:29:37.0781 3880 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys14:29:37.0828 3880 NDProxy - ok14:29:37.0906 3880 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys14:29:38.0078 3880 NetBIOS - ok14:29:38.0234 3880 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys14:29:38.0390 3880 NetBT - ok14:29:38.0468 3880 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys14:29:38.0640 3880 NIC1394 - ok14:29:38.0703 3880 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys14:29:38.0859 3880 Npfs - ok14:29:38.0906 3880 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys14:29:39.0078 3880 Ntfs - ok14:29:39.0187 3880 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys14:29:39.0375 3880 Null - ok14:29:39.0593 3880 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys14:29:39.0765 3880 nv - ok14:29:39.0937 3880 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys14:29:39.0984 3880 NVENETFD - ok14:29:40.0031 3880 nvgts (fa740e97a0fe36e368c2299d9f3c01c1) C:\WINDOWS\system32\DRIVERS\NVGTS.SYS14:29:40.0093 3880 nvgts - ok14:29:40.0234 3880 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys14:29:40.0281 3880 nvnetbus - ok14:29:40.0328 3880 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys14:29:40.0500 3880 NwlnkFlt - ok14:29:40.0578 3880 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys14:29:40.0765 3880 NwlnkFwd - ok14:29:40.0828 3880 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys14:29:40.0984 3880 ohci1394 - ok14:29:41.0062 3880 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys14:29:41.0203 3880 Parport - ok14:29:41.0265 3880 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys14:29:41.0437 3880 PartMgr - ok14:29:41.0468 3880 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys14:29:41.0625 3880 ParVdm - ok14:29:41.0734 3880 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys14:29:41.0906 3880 PCI - ok14:29:41.0953 3880 PCIDump - ok14:29:41.0984 3880 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys14:29:42.0140 3880 PCIIde - ok14:29:42.0234 3880 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys14:29:42.0406 3880 Pcmcia - ok14:29:42.0453 3880 PDCOMP - ok14:29:42.0468 3880 PDFRAME - ok14:29:42.0484 3880 PDRELI - ok14:29:42.0500 3880 PDRFRAME - ok14:29:42.0531 3880 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys14:29:42.0687 3880 perc2 - ok14:29:42.0765 3880 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys14:29:42.0921 3880 perc2hib - ok14:29:42.0984 3880 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys14:29:43.0156 3880 PptpMiniport - ok14:29:43.0234 3880 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys14:29:43.0375 3880 Processor - ok14:29:43.0437 3880 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys14:29:43.0593 3880 PSched - ok14:29:43.0640 3880 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys14:29:43.0796 3880 Ptilink - ok14:29:43.0875 3880 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys14:29:43.0890 3880 PxHelp20 - ok14:29:43.0984 3880 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys14:29:44.0156 3880 ql1080 - ok14:29:44.0328 3880 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys14:29:44.0500 3880 Ql10wnt - ok14:29:44.0578 3880 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys14:29:44.0734 3880 ql12160 - ok14:29:44.0828 3880 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys14:29:45.0000 3880 ql1240 - ok14:29:45.0015 3880 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys14:29:45.0187 3880 ql1280 - ok14:29:45.0281 3880 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys14:29:45.0437 3880 RasAcd - ok14:29:45.0562 3880 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys14:29:45.0718 3880 Rasl2tp - ok14:29:45.0750 3880 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys14:29:45.0906 3880 RasPppoe - ok14:29:46.0046 3880 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys14:29:46.0187 3880 Raspti - ok14:29:46.0250 3880 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys14:29:46.0406 3880 Rdbss - ok14:29:46.0546 3880 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys14:29:46.0687 3880 RDPCDD - ok14:29:46.0734 3880 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys14:29:46.0890 3880 rdpdr - ok14:29:46.0921 3880 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys14:29:46.0968 3880 RDPWD - ok14:29:47.0156 3880 redbook (ea9cb095c2a49261dfdefc4b6c3ed5e9) C:\WINDOWS\system32\DRIVERS\redbook.sys14:29:47.0156 3880 redbook ( Rootkit.Win32.ZAccess.k ) - infected14:29:47.0156 3880 redbook - detected Rootkit.Win32.ZAccess.k (0)14:29:47.0265 3880 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys14:29:47.0421 3880 sdbus - ok14:29:47.0531 3880 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys14:29:47.0609 3880 Secdrv - ok14:29:47.0671 3880 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys14:29:47.0812 3880 Serenum - ok14:29:47.0843 3880 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys14:29:48.0031 3880 Serial - ok14:29:48.0156 3880 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys14:29:48.0312 3880 Sfloppy - ok14:29:48.0328 3880 Simbad - ok14:29:48.0375 3880 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys14:29:48.0531 3880 sisagp - ok14:29:48.0718 3880 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys14:29:48.0781 3880 Sparrow - ok14:29:48.0828 3880 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys14:29:48.0968 3880 splitter - ok14:29:48.0984 3880 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys14:29:49.0046 3880 sr - ok14:29:49.0218 3880 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys14:29:49.0281 3880 Srv - ok14:29:49.0328 3880 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys14:29:49.0468 3880 swenum - ok14:29:49.0609 3880 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys14:29:49.0781 3880 swmidi - ok14:29:49.0843 3880 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys14:29:49.0984 3880 symc810 - ok14:29:50.0000 3880 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys14:29:50.0156 3880 symc8xx - ok14:29:50.0171 3880 SymIM - ok14:29:50.0187 3880 SymIMMP - ok14:29:50.0203 3880 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys14:29:50.0343 3880 sym_hi - ok14:29:50.0453 3880 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys14:29:50.0609 3880 sym_u3 - ok14:29:50.0671 3880 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys14:29:51.0125 3880 sysaudio - ok14:29:51.0234 3880 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys14:29:51.0500 3880 Tcpip - ok14:29:51.0656 3880 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys14:29:52.0046 3880 TDPIPE - ok14:29:52.0125 3880 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys14:29:52.0515 3880 TDTCP - ok14:29:52.0656 3880 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys14:29:53.0031 3880 TermDD - ok14:29:53.0078 3880 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys14:29:53.0468 3880 TosIde - ok14:29:53.0640 3880 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys14:29:53.0968 3880 Udfs - ok14:29:54.0046 3880 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys14:29:54.0312 3880 ultra - ok14:29:54.0468 3880 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys14:29:54.0875 3880 Update - ok14:29:54.0968 3880 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys14:29:55.0328 3880 usbehci - ok14:29:55.0468 3880 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys14:29:55.0859 3880 usbhub - ok14:29:55.0890 3880 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys14:29:56.0234 3880 usbohci - ok14:29:56.0437 3880 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys14:29:56.0593 3880 usbscan - ok14:29:56.0640 3880 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS14:29:56.0765 3880 USBSTOR - ok14:29:56.0890 3880 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys14:29:57.0046 3880 usbuhci - ok14:29:57.0109 3880 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys14:29:57.0250 3880 VgaSave - ok14:29:57.0296 3880 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys14:29:57.0453 3880 viaagp - ok14:29:57.0531 3880 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys14:29:57.0671 3880 ViaIde - ok14:29:57.0703 3880 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys14:29:57.0859 3880 VolSnap - ok14:29:57.0921 3880 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys14:29:58.0078 3880 Wanarp - ok14:29:58.0140 3880 WDICA - ok14:29:58.0203 3880 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys14:29:58.0343 3880 wdmaud - ok14:29:58.0437 3880 winachsf (cb2dc26de2c815fc2309566f92d22ed4) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys14:29:58.0500 3880 winachsf - ok14:29:58.0703 3880 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys14:29:58.0750 3880 WudfPf - ok14:29:58.0781 3880 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys14:29:58.0796 3880 WudfRd - ok14:29:58.0859 3880 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR014:29:58.0906 3880 \Device\Harddisk0\DR0 - ok14:29:58.0937 3880 Boot (0x1200) (e782f1a76bc28bdc7ecbf0a5c12369b0) \Device\Harddisk0\DR0\Partition014:29:58.0937 3880 \Device\Harddisk0\DR0\Partition0 - ok14:29:58.0953 3880 Boot (0x1200) (d15158421a38e0c4e393be5a71aa55fa) \Device\Harddisk0\DR0\Partition114:29:58.0953 3880 \Device\Harddisk0\DR0\Partition1 - ok14:29:58.0953 3880 ============================================================14:29:58.0953 3880 Scan finished14:29:58.0953 3880 ============================================================14:29:59.0062 2732 Detected object count: 214:29:59.0062 2732 Actual detected object count: 214:30:28.0734 2732 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user14:30:28.0734 2732 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:30:28.0968 2732 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 181314:30:31.0000 2732 Backup copy found, using it..14:30:31.0015 2732 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot14:30:33.0703 2732 redbook ( Rootkit.Win32.ZAccess.k ) - User select action: Cure 14:30:55.0984 3400 Deinitialize success.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29Run by Owner at 14:37:18 on 2011-11-16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.125 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Spare Backup\SpareBackup.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEsvchost.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WINDOWS\system32\mfevtps.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Oberon Media\Parts\1.0.0.16\OberonParts.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://start.pogo.iplay.com/?o=shpuSearch Page = hxxp://www.google.comuInternet Settings,ProxyOverride = <local>mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dllBHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No FileBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110511132028.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [Xvid] c:\program files\xvid\CheckUpdate.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [RTHDCPL] RTHDCPL.EXEmRun: [skyTel] SkyTel.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXEmRun: [Reminder] %WINDIR%\Creator\Remind_XP.exemRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [bigFix] c:\program files\bigfix\bigfix.exe /atstartupmRun: [spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silentmRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exeIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLLSP: mswsock.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{238C4367-5E2E-4024-B9EE-97C81F3FF3A8} : DhcpNameServer = 192.168.1.254Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: necusb - nwusbw32.dllAppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\qj1tufh7.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - www.google.comFF - prefs.js: network.proxy.type - 0FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dllFF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLLFF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dllFF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dllFF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dllFF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dllFF - plugin: c:\program files\virtools\3d life player\npvirtools.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.comFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtensionFF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5videoFF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpaFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ffFF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\mcafee\SiteAdvisor.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-3 84200]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-13 366152]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-3 271480]R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-3 171168]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-3 188136]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-3 141792]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-3 56064]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-13 22216]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-3 153280]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-3 52320]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-3 314088]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-3 88736]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-25 135664]S2 necusb;NEC USB Device Service;c:\windows\system32\svchost.exe -k necusb3 [2008-8-21 14336]S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2011-3-3 69692]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-25 135664]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-3 88736]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-3 84488].=============== Created Last 30 ================.2011-11-13 19:35:09 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes2011-11-13 19:34:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-11-13 19:34:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-13 19:34:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-10-18 20:48:46 -------- d-----w- c:\program files\VideoLAN.==================== Find3M ====================.2011-11-16 19:31:57 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-19 19:16:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec.============= FINISH: 14:38:52.39 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 3/3/2011 6:52:34 PMSystem Uptime: 11/16/2011 2:31:55 PM (0 hours ago).Motherboard: Gateway | | MCP61SM2MAProcessor: AMD Sempron Processor LE-1200 | Socket AM2 | 2109/201mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 144 GiB total, 113.14 GiB free.D: is FIXED (FAT32) - 5 GiB total, 1.791 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP179: 8/19/2011 10:52:05 AM - System CheckpointRP180: 8/20/2011 12:51:27 PM - System CheckpointRP181: 8/21/2011 1:34:30 PM - System CheckpointRP182: 8/22/2011 1:51:28 PM - System CheckpointRP183: 8/23/2011 2:30:00 PM - System CheckpointRP184: 8/24/2011 3:00:14 AM - Software Distribution Service 3.0RP185: 8/25/2011 3:29:57 AM - System CheckpointRP186: 8/26/2011 3:30:18 AM - System CheckpointRP187: 8/27/2011 3:30:25 AM - System CheckpointRP188: 8/28/2011 3:59:40 AM - System CheckpointRP189: 8/29/2011 4:59:40 AM - System CheckpointRP190: 8/30/2011 5:59:41 AM - System CheckpointRP191: 8/31/2011 7:40:48 AM - System CheckpointRP192: 9/1/2011 11:45:55 AM - System CheckpointRP193: 9/2/2011 9:45:20 PM - System CheckpointRP194: 9/3/2011 11:46:19 PM - System CheckpointRP195: 9/5/2011 12:38:27 AM - System CheckpointRP196: 9/6/2011 7:13:55 AM - System CheckpointRP197: 9/7/2011 12:40:02 AM - Software Distribution Service 3.0RP198: 9/8/2011 1:29:01 AM - System CheckpointRP199: 9/9/2011 2:29:06 AM - System CheckpointRP200: 9/10/2011 3:29:10 AM - System CheckpointRP201: 9/11/2011 3:32:13 AM - System CheckpointRP202: 9/12/2011 4:32:13 AM - System CheckpointRP203: 9/13/2011 5:33:18 AM - System CheckpointRP204: 9/14/2011 5:49:08 AM - System CheckpointRP205: 9/15/2011 6:02:30 AM - System CheckpointRP206: 9/15/2011 6:04:52 PM - Removed WorldWinner GamesRP207: 9/16/2011 3:00:40 AM - Software Distribution Service 3.0RP208: 9/17/2011 3:31:14 AM - System CheckpointRP209: 9/18/2011 3:49:21 AM - System CheckpointRP210: 9/19/2011 4:35:43 AM - System CheckpointRP211: 9/19/2011 3:21:28 PM - Installed Microsoft Office Web Apps Browser PluginRP212: 9/20/2011 3:35:42 PM - System CheckpointRP213: 9/21/2011 8:28:13 PM - System CheckpointRP214: 9/22/2011 9:44:03 PM - System CheckpointRP215: 9/23/2011 11:10:55 PM - System CheckpointRP216: 9/25/2011 11:46:25 AM - System CheckpointRP217: 9/26/2011 1:54:58 PM - System CheckpointRP218: 9/27/2011 2:07:53 PM - System CheckpointRP219: 9/28/2011 3:08:27 PM - System CheckpointRP220: 9/29/2011 3:35:59 AM - Software Distribution Service 3.0RP221: 9/30/2011 3:44:16 AM - System CheckpointRP222: 10/1/2011 3:45:20 AM - System CheckpointRP223: 10/2/2011 4:44:14 AM - System CheckpointRP224: 10/3/2011 5:40:22 AM - System CheckpointRP225: 10/4/2011 5:45:00 AM - System CheckpointRP226: 10/5/2011 6:40:25 AM - System CheckpointRP227: 10/6/2011 7:41:27 AM - System CheckpointRP228: 10/7/2011 7:56:44 AM - System CheckpointRP229: 10/8/2011 8:27:50 AM - System CheckpointRP230: 10/9/2011 8:34:58 AM - System CheckpointRP231: 10/10/2011 9:44:00 AM - System CheckpointRP232: 10/11/2011 10:16:52 AM - System CheckpointRP233: 10/12/2011 10:16:56 AM - System CheckpointRP234: 10/13/2011 10:29:07 AM - System CheckpointRP235: 10/14/2011 3:00:17 AM - Software Distribution Service 3.0RP236: 10/15/2011 11:14:21 AM - System CheckpointRP237: 10/16/2011 11:39:02 AM - System CheckpointRP238: 10/17/2011 11:39:07 AM - System CheckpointRP239: 10/18/2011 3:00:23 AM - Software Distribution Service 3.0RP240: 10/19/2011 3:05:19 AM - System CheckpointRP241: 10/19/2011 3:52:07 PM - Removed Microsoft Office Professional 2010RP242: 10/20/2011 3:00:21 AM - Software Distribution Service 3.0RP243: 10/21/2011 7:50:08 AM - System CheckpointRP244: 10/22/2011 8:22:48 AM - System CheckpointRP245: 10/23/2011 8:37:03 AM - System CheckpointRP246: 10/24/2011 8:39:45 AM - System CheckpointRP247: 10/25/2011 9:39:46 AM - System CheckpointRP248: 10/26/2011 1:19:59 PM - System CheckpointRP249: 10/27/2011 1:33:25 PM - System CheckpointRP250: 10/28/2011 3:06:02 PM - System CheckpointRP251: 10/29/2011 11:18:47 PM - System CheckpointRP252: 10/31/2011 12:50:47 AM - System CheckpointRP253: 11/1/2011 1:32:53 AM - System CheckpointRP254: 11/2/2011 2:29:22 AM - System CheckpointRP255: 11/3/2011 8:47:42 AM - System CheckpointRP256: 11/4/2011 9:54:22 AM - System CheckpointRP257: 11/5/2011 10:22:59 AM - System CheckpointRP258: 11/6/2011 9:37:57 AM - System CheckpointRP259: 11/7/2011 12:42:56 PM - System CheckpointRP260: 11/8/2011 12:51:35 PM - System CheckpointRP261: 11/9/2011 1:09:57 PM - System CheckpointRP262: 11/10/2011 3:00:17 AM - Software Distribution Service 3.0RP263: 11/11/2011 3:00:18 AM - Software Distribution Service 3.0RP264: 11/12/2011 3:45:16 AM - System CheckpointRP265: 11/13/2011 3:50:07 AM - System CheckpointRP266: 11/13/2011 3:12:50 PM - Installed Java 6 Update 29RP267: 11/13/2011 3:17:38 PM - Removed Java SE Runtime Environment 6 Update 1RP268: 11/13/2011 3:18:52 PM - Removed Java 6 Update 22RP269: 11/14/2011 4:53:04 PM - System CheckpointRP270: 11/15/2011 8:31:55 PM - System Checkpoint.==== Installed Programs ======================.3DVIA player 5.0AC3Filter (remove only)Activation Assistant for the 2007 Microsoft Office suitesAdobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Reader 9.4.5Browser Address Error RedirectorCanon Camera Access LibraryCanon DIGITAL CAMERA Solution Disk Software GuideCANON iMAGE GATEWAY Task for ZoomBrowser EXCanon Internet Library for ZoomBrowser EXCanon MovieEdit Task for ZoomBrowser EXCanon Personal Printing GuideCanon PowerShot A3100 IS and PowerShot A3000 IS Camera User GuideCanon Utilities CameraWindowCanon Utilities CameraWindow DC 8Canon Utilities Movie Uploader for YouTubeCanon Utilities MyCameraCanon Utilities PhotoStitchCanon Utilities ZoomBrowser EXCanon ZoomBrowser EX Memory Card UtilityCompatibility Pack for the 2007 Office systemDivX SetupDVD SuiteeMachines ConnectFavorite PlacesFrostWire 4.21.8Google ChromeGoogle DesktopGoogle Toolbar for Internet ExplorerGoogle Update HelperHigh Definition Audio Driver Package - KB888111Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB981793)Java Auto UpdaterJava 6 Update 29Laugh, Smile & Learn™Malwarebytes' Anti-Malware version 1.51.2.1300McAfee SecurityCenterMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2572067)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office 2007 Service Pack 2 (SP2)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Web Apps Browser PluginMicrosoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Software Update for Web Folders (English) 12Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMicrosoft WSE 2.0 SP3 RuntimeMozilla Firefox (3.6.24)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6 Service Pack 2 (KB973686)NVIDIA DriversOpenOffice.org 3.3Realtek High Definition Audio DriverRecovery Software Suite eMachinesSecurity Update for 2007 Microsoft Office System (KB2288621)Security Update for 2007 Microsoft Office System (KB2288931)Security Update for 2007 Microsoft Office System (KB2345043)Security Update for 2007 Microsoft Office System (KB2553074)Security Update for 2007 Microsoft Office System (KB2553089)Security Update for 2007 Microsoft Office System (KB2553090)Security Update for 2007 Microsoft Office System (KB2584063)Security Update for 2007 Microsoft Office System (KB969559)Security Update for 2007 Microsoft Office System (KB976321)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Microsoft Office Excel 2007 (KB2553073)Security Update for Microsoft Office InfoPath 2007 (KB979441)Security Update for Microsoft Office PowerPoint 2007 (KB2535818)Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)Security Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft Office Visio Viewer 2007 (KB973709)Security Update for Microsoft Office Word 2007 (KB2344993)Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB931768)Security Update for Windows Internet Explorer 7 (KB933566)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB913433)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Soft Data Fax Modem with SmartCPSpare BackupUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2007 System (KB2539530)Update for Microsoft Office OneNote 2007 (KB980729)Update for Windows Internet Explorer 8 (KB976662)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB951978)Update for Windows XP (KB953356)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VC80CRTRedist - 8.0.50727.4053VideoLAN VLC media player 0.8.6fWebFldrs XPWindows Backup UtilityWindows Driver Package - NVIDIA (NVENETFD) Net (11/27/2006 65.4.8)Windows Driver Package - NVIDIA (nvnetbus) NVIDIA Network Bus Enumerator (11/27/2006 65.4.8)Windows Genuine Advantage Validation ToolWindows Imaging ComponentWindows Internet Explorer 7Windows Internet Explorer 8Windows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3Xvid Video Codec.==== Event Viewer Messages From Past Week ========.11/16/2011 8:38:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 ACPIEC adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp iaStor ini910u IntelIde mraid35x Pcmcia perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde11/16/2011 8:38:33 AM, error: Service Control Manager [7023] - The NEC USB Device Service service terminated with the following error: The specified module could not be found.11/16/2011 8:38:05 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.11/16/2011 8:35:47 AM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.11/15/2011 6:45:20 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.11/13/2011 7:50:58 PM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.11/13/2011 3:19:16 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted November 16, 2011 ID:495299 Share Posted November 16, 2011 Please follow the instructions here to run the ComboFix tool:www.bleepingcomputer.com/combofix/how-to-use-combofix#usePost it when you are ready. Link to post Share on other sites More sharing options...
ajhorney Posted November 21, 2011 Author ID:496905 Share Posted November 21, 2011 I haven't had time to run combo fix yet just wanted to let you know I am still here. But the thing has stopped popping up since my last post do you still think that I should run combo fix? Thanks for all your help, you guys are great, I wish I was out of school and was able to donate to you all. Hopefully I can later in the year after graduation, Thanks again . Link to post Share on other sites More sharing options...
Maniac Posted November 21, 2011 ID:496922 Share Posted November 21, 2011 This does not mean that your system is clean. So.... yes, I thnk you should continue. Link to post Share on other sites More sharing options...
ajhorney Posted November 28, 2011 Author ID:499081 Share Posted November 28, 2011 Here is the log for Combo FixComboFix 11-11-28.02 - Owner 11/28/2011 17:31:23.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.434 [GMT -5:00]Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator.YOUR-89BFE66D42.000\WINDOWSc:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\Default User\WINDOWSc:\documents and settings\Owner\WINDOWSc:\windows\$NtUninstallKB11650$c:\windows\$NtUninstallKB11650$\403912081\@c:\windows\$NtUninstallKB11650$\403912081\bckfg.tmpc:\windows\$NtUninstallKB11650$\403912081\cfg.inic:\windows\$NtUninstallKB11650$\403912081\Desktop.inic:\windows\$NtUninstallKB11650$\403912081\keywordsc:\windows\$NtUninstallKB11650$\403912081\kwrd.dllc:\windows\$NtUninstallKB11650$\403912081\L\evpbxyyec:\windows\$NtUninstallKB11650$\403912081\lsflt7.verc:\windows\$NtUninstallKB11650$\403912081\U\00000001.@c:\windows\$NtUninstallKB11650$\403912081\U\00000002.@c:\windows\$NtUninstallKB11650$\403912081\U\00000004.@c:\windows\$NtUninstallKB11650$\403912081\U\80000000.@c:\windows\$NtUninstallKB11650$\403912081\U\80000004.@c:\windows\$NtUninstallKB11650$\403912081\U\80000032.@c:\windows\$NtUninstallKB11650$\44714038c:\windows\system32\config\systemprofile\WINDOWSc:\windows\system32\Thumbs.dbD:\Autorun.inf..((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))..2011-11-13 19:35 . 2011-11-13 19:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2011-11-13 19:34 . 2011-11-13 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-11-13 19:34 . 2011-11-13 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-11-13 19:34 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-12 18:45 . 2011-11-12 18:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2011-11-12 18:29 . 2011-11-28 22:41 -------- d-----w- c:\documents and settings\Administrator.YOUR-89BFE66D42.000...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-28 20:57 . 2011-06-09 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-16 19:31 . 2011-03-04 00:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-10-10 14:22 . 2006-05-07 00:36 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-03 10:06 . 2011-03-20 14:07 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-03 07:37 . 2011-03-03 23:20 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-09-28 07:06 . 2008-08-21 22:50 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41 . 2008-08-21 22:52 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41 . 2008-08-21 22:52 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-06 13:20 . 2006-05-07 00:24 1858944 ----a-w- c:\windows\system32\win32k.sys2011-04-14 18:01 . 2011-03-04 23:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-04 39408]"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]"nwiz"="nwiz.exe" [2006-10-31 1622016]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-03 1838592]"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-14 5252936]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\FrostWire\\FrostWire.exe"=.R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/3/2011 7:35 PM 84200]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/13/2011 2:34 PM 366152]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/3/2011 7:36 PM 188136]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2011 7:04 PM 141792]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/3/2011 7:35 PM 56064]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/13/2011 2:34 PM 22216]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/3/2011 7:35 PM 314088]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664]S2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe -k necusb3 [8/21/2008 5:52 PM 14336]S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [3/3/2011 7:50 PM 69692]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2011 7:35 PM 84488].--- Other Services/Drivers In Memory ---.*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]necusb3 REG_MULTI_SZ necusb.Contents of the 'Scheduled Tasks' folder.2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33].2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33]..------- Supplementary Scan -------.uStart Page = hxxp://start.pogo.iplay.com/?o=shpuInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - www.google.comFF - prefs.js: network.proxy.type - 0FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.comFF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5videoFF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpaFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ffFF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor.- - - - ORPHANS REMOVED - - - -.WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)HKLM-Run-BigFix - c:\program files\Bigfix\bigfix.exeNotify-necusb - nwusbw32.dllSafeBoot-25851173.sys...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-11-28 17:47Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(1812)c:\windows\system32\WININET.dllc:\progra~1\mcafee\SITEAD~1\saHook.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\RUNDLL32.EXEc:\windows\RTHDCPL.EXEc:\program files\OpenOffice.org 3\program\soffice.exec:\program files\OpenOffice.org 3\program\soffice.binc:\windows\system32\nvsvc32.exec:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYSc:\program files\Common Files\McAfee\SystemCore\mcshield.exec:\program files\Canon\CAL\CALMAIN.exec:\windows\system32\wscntfy.exec:\windows\system32\rundll32.exe.**************************************************************************.Completion time: 2011-11-28 17:53:46 - machine was rebootedComboFix-quarantined-files.txt 2011-11-28 22:53.Pre-Run: 121,345,462,272 bytes freePost-Run: 122,374,647,808 bytes free.WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect.- - End Of File - - F637E2FE8EED80C70AC4C2DC62B347CE Link to post Share on other sites More sharing options...
Maniac Posted November 29, 2011 ID:499229 Share Posted November 29, 2011 Open Notepad and copy and paste the text in the code box below into it:DDS::uStart Page = hxxp://start.pogo.iplay.com/?o=shpFireFox::FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.comSave the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.In your next post here, please include ComboFix.txt and let me know how are things there. Link to post Share on other sites More sharing options...
ajhorney Posted December 4, 2011 Author ID:501121 Share Posted December 4, 2011 Here is the combo fix log. so far every thing has been ok, there has been no signs of infection since I ran the TDSSKiller and the DDS log with Attach.txt My mcfee has caught about 5 viruses aon each scan since I first ran the combo fix tool, Thanks for all of your help. ComboFix 11-12-04.02 - Owner 12/04/2011 9:46.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.506 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Owner\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.comc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome.manifestc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome\chrome.jarc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\autocomplite.jsc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\logger.jsc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\omIGamesBarLogger.xptc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\gb.cfgc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\install.rdfc:\windows\system32\usmt\migwiz_a.exe..((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))..2011-11-13 19:35 . 2011-11-13 19:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2011-11-13 19:34 . 2011-11-13 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-11-13 19:34 . 2011-11-13 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-11-13 19:34 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-12 18:45 . 2011-11-12 18:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2011-11-12 18:29 . 2011-11-28 22:41 -------- d-----w- c:\documents and settings\Administrator.YOUR-89BFE66D42.000...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-28 20:57 . 2011-06-09 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-16 19:31 . 2011-03-04 00:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-10-10 14:22 . 2006-05-07 00:36 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-03 10:06 . 2011-03-20 14:07 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-03 07:37 . 2011-03-03 23:20 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-09-28 07:06 . 2008-08-21 22:50 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41 . 2008-08-21 22:52 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41 . 2008-08-21 22:52 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-06 13:20 . 2006-05-07 00:24 1858944 ----a-w- c:\windows\system32\win32k.sys2011-04-14 18:01 . 2011-03-04 23:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll..((((((((((((((((((((((((((((( SnapShot@2011-11-28_22.46.20 ))))))))))))))))))))))))))))))))))))))))).+ 2011-12-03 09:00 . 2011-12-03 09:00 16384 c:\windows\temp\Perflib_Perfdata_4a8.dat+ 2011-12-03 11:22 . 2011-12-03 11:22 16384 c:\windows\temp\Perflib_Perfdata_370.dat+ 2006-05-07 00:40 . 2011-12-04 11:44 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat- 2006-05-07 00:40 . 2011-11-28 15:42 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat+ 2006-05-07 00:40 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat- 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat+ 2011-11-28 23:37 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat- 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))).. Link to post Share on other sites More sharing options...
Maniac Posted December 4, 2011 ID:501211 Share Posted December 4, 2011 Your log file is cut. Please try to carefully copy/paste the entire log file. Link to post Share on other sites More sharing options...
ajhorney Posted December 4, 2011 Author ID:501260 Share Posted December 4, 2011 ok I think I got it all this time...........ComboFix 11-12-04.02 - Owner 12/04/2011 9:46.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.506 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Owner\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.comc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome.manifestc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\chrome\chrome.jarc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\autocomplite.jsc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\logger.jsc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\components\omIGamesBarLogger.xptc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\gb.cfgc:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\extensions\gamesbar@oberon-media.com\install.rdfc:\windows\system32\usmt\migwiz_a.exe..((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))..2011-11-13 19:35 . 2011-11-13 19:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2011-11-13 19:34 . 2011-11-13 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2011-11-13 19:34 . 2011-11-13 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-11-13 19:34 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-11-12 18:45 . 2011-11-12 18:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache2011-11-12 18:29 . 2011-11-28 22:41 -------- d-----w- c:\documents and settings\Administrator.YOUR-89BFE66D42.000...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-28 20:57 . 2011-06-09 14:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-16 19:31 . 2011-03-04 00:50 57600 ----a-w- c:\windows\system32\drivers\redbook.sys2011-10-10 14:22 . 2006-05-07 00:36 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-03 10:06 . 2011-03-20 14:07 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-03 07:37 . 2011-03-03 23:20 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-09-28 07:06 . 2008-08-21 22:50 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41 . 2008-08-21 22:52 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41 . 2008-08-21 22:52 20480 ----a-w- c:\windows\system32\oleaccrc.dll2011-09-06 13:20 . 2006-05-07 00:24 1858944 ----a-w- c:\windows\system32\win32k.sys2011-04-14 18:01 . 2011-03-04 23:19 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll..((((((((((((((((((((((((((((( SnapShot@2011-11-28_22.46.20 ))))))))))))))))))))))))))))))))))))))))).+ 2011-12-03 09:00 . 2011-12-03 09:00 16384 c:\windows\temp\Perflib_Perfdata_4a8.dat+ 2011-12-03 11:22 . 2011-12-03 11:22 16384 c:\windows\temp\Perflib_Perfdata_370.dat+ 2006-05-07 00:40 . 2011-12-04 11:44 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat- 2006-05-07 00:40 . 2011-11-28 15:42 65536 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat+ 2006-05-07 00:40 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat- 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat+ 2011-11-28 23:37 . 2011-12-04 11:44 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat- 2006-05-07 00:40 . 2011-11-28 15:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-04 39408]"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]"nwiz"="nwiz.exe" [2006-10-31 1622016]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-03 1838592]"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-14 5252936]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608].c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\FrostWire\\FrostWire.exe"=.R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/3/2011 7:35 PM 84200]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/13/2011 2:34 PM 366152]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/3/2011 7:35 PM 271480]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/3/2011 7:36 PM 188136]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/3/2011 7:04 PM 141792]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/3/2011 7:35 PM 56064]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/13/2011 2:34 PM 22216]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/3/2011 7:35 PM 314088]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664]S2 necusb;NEC USB Device Service;c:\windows\System32\svchost.exe -k necusb3 [8/21/2008 5:52 PM 14336]S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [3/3/2011 7:50 PM 69692]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 7:33 PM 135664]S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/3/2011 7:35 PM 88736]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/3/2011 7:35 PM 84488].--- Other Services/Drivers In Memory ---.*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]necusb3 REG_MULTI_SZ necusb.Contents of the 'Scheduled Tasks' folder.2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33].2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-26 00:33]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\qj1tufh7.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - www.google.comFF - prefs.js: network.proxy.type - 0FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5videoFF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpaFF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ffFF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-12-04 09:55Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.Completion time: 2011-12-04 09:58:09ComboFix-quarantined-files.txt 2011-12-04 14:57ComboFix2.txt 2011-11-28 22:53.Pre-Run: 122,456,915,968 bytes freePost-Run: 122,425,036,800 bytes free.- - End Of File - - D1D1A3D4A0558C34AFE0B931049AE1F5 Link to post Share on other sites More sharing options...
Maniac Posted December 5, 2011 ID:501340 Share Posted December 5, 2011 Step 1Launch Malwarebytes' Anti-MalwareGo to Update" tab and select Check for Updates.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 2Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scanTick the box next to YES, I accept the Terms of UseClick StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan (This scan can take several hours, so please be patient)Once the scan is completed, you may close the windowUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicIn your next reply, please post the following log files:Malwarebytes' Anti-Malware logESET Online Scanner log Link to post Share on other sites More sharing options...
Staff screen317 Posted December 19, 2011 Staff ID:506471 Share Posted December 19, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 16, 2012 Staff ID:527448 Share Posted February 16, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts