Inactive Possible rootkit infection, Internet Explorer pop ups from Red Orbit/The Rugged

Status
Not open for further replies.

KaptainKristi

Posts: 7   +0
For the past week, I have been getting what looks like pop up ads that randomly appear in IE windows. I know something is wrong since I use Google Chrome. I techie friend of mine told me this was a rootkis infection, and ran a live cd on my computer 2 days ago. Problem is, the "pop ups" are sill appearing,
They are usually displaying RedOrbit.com or TheRugged, if that info is at all relevant.

Here is my HiJack This log. Is there anything I can do to remove whatever this malware is? I'm prepared to wipe my hard drive entirely if I have to.
Thank you in advance to anyone who can offer any help!
 

Attachments

  • hijackthis 8-22.txt
    11.3 KB · Views: 1
Welcome aboard
yahooo.gif


We don't use HJT around here anymore.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Make sure, you disable "word wrap" in Notepad, because your logs will be hard to read.
 
Sorry about that- I really should have browsed for instructions!

Here are my logs from Malware Bytes, GMER, and DDS. Any help at all is *greatly* appreciated! I have done everything I know to do, but have been unable to get rid of this infection on my own.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4479

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/25/2010 8:51:25 PM
mbam-log-2010-08-25 (20-51-25).txt

Scan type: Quick scan
Objects scanned: 141053
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
____________________________________________



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-25 20:41:41
Windows 5.1.2600 Service Pack 3
Running: 8fugpfox.exe; Driver: C:\DOCUME~1\KRISTE~1\LOCALS~1\Temp\fwldqpog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xF73117AE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF7311708]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF73116F2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF73117EE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF7311748]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF731164E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF73115D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF73115E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF73117C2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xF7311784]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF73116DC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF73116C6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xF731163A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF731179A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xF7311732]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF7311804]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF73117D8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 2100

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-03-17.01) - NTFSx86
Run by Kristen Lunde at 20:56:03.29 on Wed 08/25/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.420 [GMT -4:00]

AV: Antivirus Soft *On-access scanning enabled* (Updated) {B316C67E-09F1-44c7-85E0-94F6DA8A4AA1}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe 4
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
svchost.exe 4
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Kristen Lunde\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071129
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File
TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [ISUSPM] -scheduler
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search - ?p=ZJfox000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201316630906
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kriste~1\applic~1\mozilla\firefox\profiles\7hpdwmvc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&q=
FF - component: c:\documents and settings\kristen lunde\application data\mozilla\firefox\profiles\7hpdwmvc.default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}\components\Engine.dll
FF - component: c:\documents and settings\kristen lunde\application data\mozilla\firefox\profiles\7hpdwmvc.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\kristen lunde\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\kristen lunde\application data\mozilla\firefox\profiles\7hpdwmvc.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\documents and settings\kristen lunde\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
 
============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-8-31 146448]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-3 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 343664]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-4-6 532224]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 493032]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-8-31 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-8-31 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-8-24 70728]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-24 91672]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355416]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 DVOALEADF;DVOALEADF;c:\docume~1\kriste~1\locals~1\temp\dvoaleadf.exe --> c:\docume~1\kriste~1\locals~1\temp\DVOALEADF.exe [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-12-16 39048]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-24 43288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-24 65448]
S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]

=============== Created Last 30 ================

2010-08-25 00:14:22 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-25 00:14:21 91672 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-25 00:14:21 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-25 00:14:21 70728 ----a-w- c:\windows\system32\mfevtps.exe
2010-08-25 00:14:21 63728 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2010-08-25 00:14:21 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-25 00:14:21 343664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-08-25 00:13:01 0 d-----w- c:\program files\McAfee
2010-08-25 00:13:01 0 d-----w- c:\program files\common files\McAfee
2010-08-23 04:09:06 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-21 00:00:05 262144 ---ha-w- c:\documents and settings\kristen lunde\ntuser.dat.LOG1
2010-08-21 00:00:05 0 ---ha-w- c:\documents and settings\kristen lunde\ntuser.dat.LOG2
2010-08-09 01:26:45 0 d-----w- c:\docume~1\kriste~1\applic~1\OpenOffice.org
2010-08-09 01:17:55 0 d-----w- c:\program files\JRE
2010-08-09 01:17:18 0 d-----w- c:\program files\OpenOffice.org 3
2010-08-01 00:05:12 0 d-----w- c:\docume~1\kriste~1\applic~1\E-centives

==================== Find3M ====================

2010-08-26 00:47:51 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-08-12 12:15:20 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10:44 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10:44 667136 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:10:44 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:10:44 3073024 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:10:44 251904 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:10:44 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-06-24 12:10:44 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-06-23 17:51:22 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-17 05:09:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

============= FINISH: 20:56:47.43 ===============
 
Attach.txt part of DDS is missing.
Please, post it.

=====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)
Here's the Attach.txt:


Microsoft Windows XP Home Edition
Boot Device: \Device\Harddisk0\DP(2)0x5649600-0xd32e7d800+2
Install Date: 12/16/2007 12:04:22 PM
System Uptime: 8/25/2010 8:31:32 PM (0 hours ago)

Motherboard: Dell Inc. | | 0UW744
Processor: Mobile AMD Sempron(tm) Processor 3600+ | Socket M2/S1G1 | 1999/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 53 GiB total, 26.32 GiB free.
D: is CDROM ()
E: is FIXED (FAT) - 0 GiB total, 0.076 GiB free.
F: is FIXED (FAT32) - 3 GiB total, 1.15 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.2.2
AikaOnline
AIM 7
AIM Toolbar
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 4
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI Catalyst Control Center
ATI Display Driver
BitTorrent
Bonjour
Canon iP2600 series
Canon iP2600 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CCScore
Comcast Desktop Software (v1.2.0.9)
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.0
Conexant HDA D110 MDC V.92 Modem
Defraggler
Dell DataSafe Online
Dell Support Center
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Desktop Doctor
Digimax Viewer 2.1
Digital Line Detect
DivX Setup
Documentation & Support Launcher
Download Updater (AOL LLC)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
fflink
Free Mp3 Wma Converter V 1.9
Games, Music, & Photos Launcher
Google Chrome
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 18
Kodak EasyShare software
LEGO Star Wars II
Malwarebytes' Anti-Malware
Mario Forever 4.0
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Helper
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
netbrdg
NetWaiting
OfotoXMI
OpenOffice.org 3.2
PIXMA Extended Survey Program
PowerDVD 5.7
QuickSet
QuickTime
Rosetta Stone Ltd Services
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SFR
SHASTA
skin0001
SKINXSDK
Sony Digital Voice Editor 2
SoulSeek 157 NS 13d
staticcr
Synaptics Pointing Device Driver
The Oregon Trail
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
VoiceOver Kit
VPRINTOL
WebFldrs XP
WIAT-III Scoring Assistant
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinZip 11.1
WIRELESS
ZoneAlarm
ZoneAlarm Toolbar

==== Event Viewer Messages From Past Week ========

8/25/2010 8:30:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.
8/25/2010 8:30:40 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2010 8:30:05 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/25/2010 8:15:15 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:15 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:14 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (ddoctorv2) service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:14 PM, error: Service Control Manager [7034] - The RosettaStoneDaemon service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:13 PM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:08 PM, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:08 PM, error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:07 PM, error: Service Control Manager [7034] - The PIXMA Extended Survey Program service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:07 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:07 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:06 PM, error: Service Control Manager [7034] - The Comcast AntiSpyware service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:06 PM, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:06 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/25/2010 8:15:05 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
8/25/2010 8:15:05 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
8/24/2010 8:07:39 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/24/2010 7:50:58 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer PIXIE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6DE14AB7-E9AF-4051-9A6. The master browser is stopping or an election is being forced.
8/24/2010 11:52:39 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(2)0x5649600-0xd32e7d800+2'. It has stopped monitoring the volume.
8/24/2010 1:01:44 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E4C4B639E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
8/24/2010 1:01:24 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001E4C4B639E has been denied by the DHCP server 10.75.64.175 (The DHCP Server sent a DHCPNACK message).
8/24/2010 1:00:03 PM, error: Service Control Manager [7000] - The OfficeScan NT Listener service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2010 1:00:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the OfficeScan NT Listener service to connect.
8/20/2010 5:06:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the OfficeScan NT Firewall service to connect.
8/20/2010 5:06:11 PM, error: Service Control Manager [7000] - The OfficeScan NT Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/20/2010 1:21:09 PM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 001E4C4B639E has been denied by the DHCP server 10.75.129.175 (The DHCP Server sent a DHCPNACK message).
8/20/2010 1:19:59 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
8/19/2010 1:03:32 AM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 001E4C4B639E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/18/2010 12:57:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

==== End Of File ===========================
 
I'll do ComboFix now.
Here's MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7AC4000 \WINDOWS\system32\KDCOM.DLL
0xF79D4000 \WINDOWS\system32\BOOTVID.dll
0xF7495000 ACPI.sys
0xF7AC6000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7484000 pci.sys
0xF75C4000 isapnp.sys
0xF79D8000 compbatt.sys
0xF79DC000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B8C000 pciide.sys
0xF7844000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75D4000 MountMgr.sys
0xF7465000 ftdisk.sys
0xF784C000 PartMgr.sys
0xF79E0000 ACPIEC.sys
0xF7B8D000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF75E4000 VolSnap.sys
0xF744D000 atapi.sys
0xF75F4000 disk.sys
0xF7604000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF742D000 fltmgr.sys
0xF7614000 Lbd.sys
0xF7624000 PxHelp20.sys
0xF7416000 KSecDD.sys
0xF7389000 Ntfs.sys
0xF735C000 NDIS.sys
0xF7342000 Mup.sys
0xF72F0000 mfehidk.sys
0xF77C4000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF7AA4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF692E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF691A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6886000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7924000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6862000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF792C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77D4000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77E4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77F4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF683F000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7934000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF6817000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7804000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF793C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF67E8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AEC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7944000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7814000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF67D4000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF794C000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF7AB0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7C8F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7824000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AB4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF67BD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7834000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7634000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7954000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF67AC000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7644000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF795C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7964000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7654000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AEE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF674E000 \SystemRoot\system32\DRIVERS\update.sys
0xF7ABC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7664000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7694000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEE4A8000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xEE3B1000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xEE2FB000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xF7974000 \SystemRoot\System32\Drivers\Modem.SYS
0xEE1E8000 \SystemRoot\system32\drivers\sthda.sys
0xEE1C4000 \SystemRoot\system32\drivers\portcls.sys
0xF76C4000 \SystemRoot\system32\drivers\drmk.sys
0xF6B01000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B02000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D06000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B04000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7984000 \SystemRoot\System32\drivers\vga.sys
0xF7B06000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B08000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF798C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7994000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6AFD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE191000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE138000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF76D4000 \SystemRoot\system32\drivers\mfetdik.sys
0xEE0CA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE0A2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE021000 \SystemRoot\System32\vsdatant.sys
0xEDFFF000 \SystemRoot\System32\drivers\afd.sys
0xF76E4000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEDFD4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDF64000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7714000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7A84000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF7744000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6695000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xED562000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xED54A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B28000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6B05000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78DC000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CFF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09D000 \SystemRoot\System32\atikvmag.dll
0xBF0E3000 \SystemRoot\System32\ati3duag.dll
0xBF34A000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEB1DE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xED6DE000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xEDC7A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEDC3D000 \SystemRoot\system32\drivers\wdmaud.sys
0xED709000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7B16000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xEDE49000 \SystemRoot\system32\DRIVERS\srv.sys
0xED897000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBA79B000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB9122000 \SystemRoot\System32\Drivers\HTTP.sys
0xB8F42000 \??\C:\DOCUME~1\KRISTE~1\LOCALS~1\Temp\fwldqpog.sys
0xB8F17000 \SystemRoot\system32\drivers\kmixer.sys
0xB8F06000 \SystemRoot\system32\drivers\mfeapfk.sys
0xF6E46000 \SystemRoot\system32\drivers\mfebopk.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
752 C:\WINDOWS\system32\smss.exe
816 csrss.exe
844 C:\WINDOWS\system32\winlogon.exe
888 C:\WINDOWS\system32\services.exe
900 C:\WINDOWS\system32\lsass.exe
1044 C:\WINDOWS\system32\ati2evxx.exe
1056 C:\WINDOWS\system32\svchost.exe
1160 svchost.exe
1200 C:\WINDOWS\system32\svchost.exe
1252 svchost.exe
1284 svchost.exe
1380 C:\WINDOWS\system32\ati2evxx.exe
1748 C:\WINDOWS\explorer.exe
2016 C:\WINDOWS\system32\svchost.exe
2024 C:\WINDOWS\system32\WLTRYSVC.EXE
2040 C:\WINDOWS\system32\BCMWLTRY.EXE
140 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
260 C:\WINDOWS\system32\spoolsv.exe
360 svchost.exe
640 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
760 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
1000 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
1080 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1088 C:\WINDOWS\system32\WLTRAY.EXE
1224 C:\WINDOWS\system32\svchost.exe
1228 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1320 C:\Program Files\Bonjour\mDNSResponder.exe
1408 C:\WINDOWS\stsystra.exe
1416 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
932 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1612 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
1628 C:\Program Files\Java\jre6\bin\jqs.exe
1908 C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
1968 C:\Program Files\iTunes\iTunesHelper.exe
2068 C:\Program Files\McAfee\Common Framework\FrameworkService.exe
2116 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2124 C:\Program Files\McAfee\Common Framework\UdaterUI.exe
2132 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
2220 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
2360 C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
2424 C:\WINDOWS\system32\mfevtps.exe
2444 naPrdMgr.exe
2492 C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
2576 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
2620 C:\WINDOWS\system32\svchost.exe
2688 wdfmgr.exe
2780 C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
3060 mfeann.exe
3092 C:\Program Files\McAfee\Common Framework\McTray.exe
3584 C:\Program Files\Digital Line Detect\DLG.exe
2932 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
1424 unsecapp.exe
2476 C:\Program Files\iPod\bin\iPodService.exe
3788 wmiprvse.exe
3824 C:\WINDOWS\system32\wbem\wmiapsrv.exe
1676 alg.exe
3520 C:\WINDOWS\system32\svchost.exe
1516 C:\Documents and Settings\Kristen Lunde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3228 C:\Documents and Settings\Kristen Lunde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
652 C:\Documents and Settings\Kristen Lunde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
236 C:\Documents and Settings\Kristen Lunde\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3340 C:\Documents and Settings\Kristen Lunde\My Documents\Downloads\MBRCheck.exe

\\.\C: --> error 1
\\.\E: --> error 1
\\.\F: --> error 1

PhysicalDrive0 Model Number: HitachiHTS541660J9SA00, Rev: SBBOC7KP

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: 528D76AF92636551CD15423543A72AE085CACA37


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 
Help!
I went to run ComboFix, and it told me that Antivirus Soft was running. I remember that this fake software hijacked my browser before. How do I disable/delete it so ComboFix can run properly?
 
Status
Not open for further replies.
Back