TechSpot

Trouble with Firefox on startup

Inactive
By verity25
Jun 12, 2011
Topic Status:
Not open for further replies.
  1. Hi,

    I am getting a lot of problems with Firefox loading multiple times on startup of the program with blank pages. It seems to be the only way around it is to click on a link in an email to get it to run the selected webpage, but then it will still open more times in the background. Here are the log files after completing the 7 steps. This has been getting steadily worse over time. I formatted my HD some time ago to get rid of this problem but it came back soon after.

    Thanks in advance for any help you can give me.....

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6705

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/12/2011 15:22:03
    mbam-log-2011-06-12 (15-22-03).txt

    Scan type: Quick scan
    Objects scanned: 185500
    Time elapsed: 8 minute(s), 9 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-12 16:07:03
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AADS-00L4B1 rev.05.04C05
    Running: lht04dsi.exe; Driver: C:\DOCUME~1\Alan\LOCALS~1\Temp\uwwdaaoc.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E69210]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E692A0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E691FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E691D4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E691E8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E69276]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E6928A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
    Device \Driver\mv61xx \Device\Scsi\mv61xx1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Alan at 16:21:25 on 2011-06-12
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1858 [GMT 1:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: McAfee Firewall *Enabled*
    FW: Symantec Endpoint Protection *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\astsrv.exe
    C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\ASUS\Six Engine\SixEngine.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\WINDOWS\system32\nlssrv32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\program files\Mozilla Firefox\firefox.exe
    C:\program files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.talktalk.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110512184836.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Download with mediAvatar YouTube Video Converter - e:\youtube video converter\upod_link.HTM
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46}
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49}
    IE: {724d43aa-0d85-11d4-9908-00400523e39a}
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: prime-vip.com\www
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{E9B04050-F9AB-4B2A-A3D0-3AA1987A3490} : NameServer = 213.109.68.117,213.109.68.211
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: WBSrv - c:\program files\stardock\mycolors\wbsrv.dll
    AppInit_DLLs: wbsys.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
    STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockplus2\ODMenu.dll
    STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes3\deskscapes.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\alan\application data\mozilla\firefox\profiles\s46jwy6a.alan\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxps://www.talktalk.co.uk/index-version-6.html
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=
    FF - plugin: c:\documents and settings\alan\application data\mozilla\firefox\profiles\s46jwy6a.alan\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-26 387480]
    R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-23 150568]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-27 84200]
    R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-12 366640]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-27 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-27 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-27 141792]
    R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-1-29 66560]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-1 1822296]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-7-6 1373480]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-27 56064]
    R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-12-2 23888]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-11 105592]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-12 22712]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-26 153280]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-26 52320]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-27 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-27 88736]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110611.006\NAVENG.SYS [2011-6-11 86008]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110611.006\NAVEX15.SYS [2011-6-11 1542392]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-23 136176]
    S3 cpuz132;cpuz132;\??\c:\docume~1\alan\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\alan\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2010-7-7 30984]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-12 39984]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-27 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-27 84488]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2011-2-26 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2011-2-26 40552]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-5-20 1128944]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-4-12 121192]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-4-12 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-4-12 136680]
    S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2010-4-7 120232]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2010-6-15 19024]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
    .
    =============== Created Last 30 ================
    .
    2011-06-12 14:12:19 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-12 14:12:13 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-12 14:12:13 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2011-05-28 12:31:22 -------- dc----w- c:\documents and settings\alan\application data\TuneUpMedia
    2011-05-27 20:04:30 -------- dc----w- c:\program files\TuneUpMedia
    2011-05-27 20:03:00 -------- dc----w- c:\documents and settings\alan\local settings\application data\OpenCandy
    2011-05-27 20:02:58 -------- dc----w- c:\documents and settings\alan\application data\OpenCandy
    2011-05-23 16:19:35 -------- dc----w- c:\program files\common files\xing shared
    2011-05-21 15:01:26 -------- dc----w- c:\documents and settings\alan\local settings\application data\WMTools Downloaded Files
    2011-05-21 13:15:40 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
    2011-05-21 13:15:40 38912 ----a-w- c:\windows\system32\drivers\avc.sys
    2011-05-21 13:15:36 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
    2011-05-21 13:15:36 48128 ----a-w- c:\windows\system32\drivers\61883.sys
    2011-05-21 09:20:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ==================== Find3M ====================
    .
    2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-04-19 01:16:26 94536 -c--a-w- c:\windows\system32\UDBDef.exe
    2011-04-17 15:21:38 159008 -c--a-w- c:\windows\system32\UIAutomationCore.dll
    2011-04-14 13:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-04-14 13:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-04-14 13:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-04-14 13:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-04-14 13:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-04-14 13:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-04-14 13:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-04-14 13:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-04-14 13:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-04-14 13:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-04-14 13:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 15:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 15:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-25 16:04:20 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
    2011-03-19 15:50:24 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
    .
    ============= FINISH: 16:22:32.32 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/25/2010 03:42:25
    System Uptime: 6/12/2011 16:13:28 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5Q
    Processor: Intel Pentium III Xeon processor | LGA 775 | 2333/333mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 156 GiB total, 52.717 GiB free.
    D: is FIXED (NTFS) - 146 GiB total, 36.209 GiB free.
    E: is FIXED (NTFS) - 104 GiB total, 88.964 GiB free.
    F: is FIXED (NTFS) - 60 GiB total, 20.515 GiB free.
    G: is FIXED (NTFS) - 466 GiB total, 198.738 GiB free.
    I: is CDROM ()
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    A-Train8EU
    ACARS
    ACARS - 2
    ACARS - 3
    Act of War - Direct Action
    Active Sky Advanced
    Active Sky Evolution
    Adobe AIR
    Adobe Community Help
    Adobe Flash Media Live Encoder 3.1
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Photoshop Lightroom 3.4.1
    Adobe Reader X (10.0.1)
    Aerosoft's - MyTraffic 2010
    Age of Empires III
    AI Roboform Enterprise 7.2.8
    AlacrityPC
    AM-DeadLink 3.3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Assassin's Creed
    ATCsimulator®2 (Build 3.3.0.17) Professional Edition
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    ATI Catalyst Install Manager
    AudioLabel
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.3
    Big Fish Games Client
    Blitzkrieg 2
    Bonjour
    Calendar Printing Assistant for Microsoft Office Outlook 2007
    Call of Duty
    Call of Duty - United Offensive
    Call of Duty(R) - World at War(TM)
    Call of Duty(R) - World at War(TM) 1.2 Patch
    Call of Duty(R) - World at War(TM) 1.4 Patch
    Call of Duty(R) - World at War(TM) 1.5 Patch
    Call of Duty(R) 2
    Call of Duty(R) 2 Patch 1.3
    Canon MP Navigator EX 1.0
    Canon MP610 series
    Canon MP610 series User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    CD-LabelPrint
    Civilization III
    CloneDVD 4.0
    Command & Conquer 3
    Company of Heroes
    D-Day
    DBS Airport GPS
    Definition update for Microsoft Office 2010 (KB982726)
    Demon Stone
    DeskScapes
    Deus Ex - Invisible War
    DirectX 9 Runtime
    Disktrix UltimateDefrag
    Divine Divinity
    Don't Panic 2
    Doom 3
    Drive Manager
    Driver Detective
    Dungeon Siege Legends of Aranna
    Dungeon Siege Legends of Aranna Bonus Pack
    DVD Architect Pro 5.0
    Elecard Codec SDK G4 Eval
    EPU-6 Engine
    Euro Truck Simulator 1.3
    Falcon 4.0: Allied Force
    Family Historian 3.0
    Family Tree Maker 2009
    Far Cry
    FEAR
    FeelThere ERJ v.2 SP2
    FileMaker Pro 10 Advanced
    Filters Unlimited 2.0
    First to Fight
    FLAC 1.2.1b (remove only)
    Flight Simulator X
    Flight Simulator X Service Pack 1
    FolderVisualizer
    FollowMe
    Football Manager 2010
    Fotolia Powerpoint 2007_2010 Add-in
    Fotolia Word 2007_2010 Add-in
    Free Mp3 Wma Ogg Converter 7.1.3
    FreeArc 0.60
    Freelancer
    FS Recorder 2.01 for FSX
    FSX Beechcraft 1900D
    FSX Booster 2.9.6.0
    GameShadow
    Garmin POI Loader
    Garmin USB Drivers
    GoodSync
    Google Chrome
    Google Update Helper
    GPGNet
    Hidden Expedition: Titanic ™
    HiTilesAF
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB976002-v5)
    Hoyle Puzzle and Board Games 2011 (remove only)
    I am an Air Traffic Controller3
    IconPackager
    Impulse
    Internet Explorer (Enable DEP)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    jv16 PowerTools 2010
    jv16 PowerTools 2011
    KCLE v1.1.2 for FSX
    KDAL v1.1.2 for FSX
    KMCO v1.1.2 for FSX
    KMEM v1.1.2 for FSX
    KRDU v2.1.2 for FSX
    Legacy 7.0
    Legacy Charting 7.0
    Lernout & Hauspie TruVoice American English TTS Engine
    LightScribe System Software 1.17.90.1
    LiveUpdate 3.3 (Symantec Corporation)
    Logitech Desktop Messenger
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Logitech Updater
    LUMIX Simple Viewer
    Magic ISO Maker v5.5 (build 0276)
    MagicDisc 2.7.106
    Mahjong Mysteries of the Past 1.00
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Managed DirectX (0900)
    marvell 61xx
    McAfee AntiVirus Plus
    mediAvatar YouTube Video Converter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Fix it Center
    Microsoft Flight Simulator X
    Microsoft Flight Simulator X Service Pack 1
    Microsoft Flight Simulator X: Acceleration
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 14
    Microsoft Speech SDK 5.1
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Sync Framework 2.0 Core Components (x86) ENU
    Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WorldWide Telescope
    Microsoft WSE 3.0
    Microsoft XML Parser
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MobileMe Control Panel
    Monitor Calibration Wizard 1.0
    Movavi Theme Pack
    Movavi Video Suite 8
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Myst III: Exile
    Myst IV - Revelation
    Mystery Stories
    Nero 7 Essentials
    neroxml
    ObjectDock Plus
    ObjectDock Plus 2
    OGA Notifier 2.0.0048.0
    OpenAL
    PDF Settings CS5
    Pen Tablet
    PFPortChecker 1.0.36
    PhotoTools 2.6 Professional Edition
    PIXMA Extended Survey Program
    Plug-in Suite 5.0.1
    Portforward Static IP Address 1.0.44
    Prey
    Pro Backup
    Process Lasso
    ProShow Producer
    PxMergeModule
    Python 2.7
    Quake 4(TM)
    QuickTime
    Radar Contact Version 4.3
    Rapport
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    RedShift 5.1
    RoboForm 7-2-8
    RootsMagic 3.0
    Roxio Activation Module
    Roxio CinePlayer Decoder Pack
    Roxio Easy VHS to DVD
    Roxio Easy VHS to DVD Content
    Roxio Video Capture USB
    Roxio Video Capture USB Driver
    SAEZ-SVMI v1.1.2 for FSX
    Samsung Kies
    Samsung Mobile phone USB driver Software
    SAMSUNG USB Driver for Mobile Phones
    ScanSoft OmniPage SE 4
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Excel 2010 (KB2466146)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB923789)
    Segoe UI
    SimCharts 3.0
    SimPlates2004
    SmartSoft Video Converter
    Spybot - Search & Destroy
    Star Wars Battlefront II
    Stardock MyColors
    StumbleUpon IE Toolbar
    Supreme Commander
    Symantec Endpoint Protection
    SyncToy 2.1 (x86)
    SysResources Manager
    Temple of Elemental Evil
    The Bard's Tale
    The Serpent of Isis 1.00
    Tom Clancy's Rainbow Six: Lockdown
    TTS_Technology
    Tweak UI
    TweakFPS for FSX
    Ultimate Terrain X - USA
    Ultimate Traffic
    UltimateDefrag 2008
    Uniblue SpeedUpMyPC 2009
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2441641)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows Internet Explorer 8 (KB982664)
    UVA FSX Bombardier CRJ-700
    Vegas Movie Studio HD Platinum 10.0
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    Warlords Battlecry III
    WashAndGo
    WebFldrs XP
    WindowBlinds
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip 15.5
    Wondershare DVD Slideshow Builder Standard(Build 6.0.4.25)
    WOT for Internet Explorer
    XP Codec Pack
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/11/2011 15:06:28, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Is Firefox your only computer issue?

    You're running two AV programs, Norton and McAfee.
    One of them has to go.
    If McAfee, use this tool to uninstall it: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
    If Norton, use this tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
  3. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    I have removed Norton from my system and keeping McAfee. Firefox is giving me the most problems. If I sometimes have to use IE that can also open more than one window. Firefox also redirects to unwanted webpages.
  4. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    I did everything you said but somehow the registry got messed up. Couldn't get it fixed to get online so had to reinstall WinXP after formatting the HD. Reinstalled Firefox and all was going fine, then Google Analytics started re-directing to other sites. any ideas what to do?
  6. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Well, we'll have to check...

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
  7. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Here is the MBAM log file, however when I run GMER it crashes halfway through the scan.

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6705

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    17/06/2011 11:40:09
    mbam-log-2011-06-17 (11-40-09).txt

    Scan type: Quick scan
    Objects scanned: 162383
    Time elapsed: 17 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 1
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updater (Backdoor.IRCBot) -> Value: windows updater -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\Alan\local settings\Temp\xkgnnwo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
    c:\documents and settings\Alan\local settings\Temp\gaspci.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
    c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
  8. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Alan at 17:06:52 on 2011-06-17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2519 [GMT 1:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    svchost.exe
    C:\Program Files\ASUS\Drive Xpert\SteelVine.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
    C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    C:\Program Files\ASUS\AI Direct Link\AsShare.exe
    C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\Pen_Tablet.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Impulse\Now\ImpulseNow.exe
    C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Stardock\ObjectDockPlus2\ObjectDockTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.mytalktalk.co.uk
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll
    BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110617095446.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: : {b5205bfb-2051-498e-7323-23ea03f4f87a} - c:\windows\system32\wrbhaouj.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [java system update] %TEMP%\eumlm.exe
    uRun: [winupdate system] %TEMP%\icvcc.exe
    uRun: [java checksys] %TEMP%\rtpmp.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    mRun: [Six Engine] "c:\program files\asus\epu-6 engine\SixEngine.exe" -r
    mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
    mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
    mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
    mRun: [Launch Direct Link] "c:\program files\asus\ai direct link\AsShare.exe"
    mRun: [Launch As Cmd Runner] "c:\program files\asus\ai direct link\AsCmd.exe" -reg
    mRun: [Drive Xpert] c:\program files\asus\drive xpert\DriveXpert.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alan\startm~1\programs\startup\impuls~1.lnk - c:\program files\impulse\now\ImpulseNow.exe
    StartupFolder: c:\docume~1\alan\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockplus2\ObjectDock.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1308151277785
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{1937AF6F-F4D7-476E-93A0-A58FE538BEC1} : NameServer = 213.109.68.117,213.109.75.211
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
    STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockplus2\ODMenu.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\alan\application data\mozilla\firefox\profiles\o4c9q1d1.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - www.talktalk.net
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-6-15 387480]
    R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-23 150568]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-6-15 84200]
    R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-17 57144]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
    R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\asus\drive xpert\SteelVine.exe [2008-5-29 1286144]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-17 366640]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-6-15 203280]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-15 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-15 271480]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-15 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-15 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-15 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-15 141792]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2011-6-16 1373480]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-15 56064]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-17 22712]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-15 153280]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-15 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-6-15 88736]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S2 igytbyfj;Microcode Update Support;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-6-16 1691480]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-17 39984]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-15 52320]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-6-15 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-15 84488]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-5-20 1128944]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
    .
    =============== Created Last 30 ================
    .
    2011-06-17 14:18:19 -------- dc-h--w- c:\documents and settings\all users\application data\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
    2011-06-17 12:35:15 -------- d-----w- c:\documents and settings\alan\local settings\application data\ODUI
    2011-06-17 10:20:20 -------- d-----w- c:\documents and settings\alan\application data\Malwarebytes
    2011-06-17 10:20:01 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-17 10:20:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-17 10:19:57 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-17 10:19:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-17 09:53:58 -------- d-----w- c:\program files\common files\Stardock
    2011-06-17 09:53:55 -------- d-----w- c:\program files\Stardock
    2011-06-17 09:42:58 -------- d-----w- c:\documents and settings\alan\application data\Stardock
    2011-06-17 09:42:48 -------- d-----w- c:\documents and settings\all users\application data\Gibraltar
    2011-06-17 09:42:33 -------- d-----w- c:\program files\Impulse
    2011-06-17 09:42:33 -------- d-----w- c:\documents and settings\all users\application data\Stardock
    2011-06-17 09:42:17 -------- dc-h--w- c:\documents and settings\all users\application data\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}
    2011-06-17 08:54:46 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    2011-06-17 08:32:11 -------- d-----w- c:\documents and settings\alan\local settings\application data\Trusteer
    2011-06-16 22:33:28 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2011-06-16 22:30:59 -------- d-----w- c:\program files\MSXML 4.0
    2011-06-16 22:28:01 359016 ----a-w- c:\windows\vncutil.exe
    2011-06-16 22:27:59 59496 ----a-w- c:\windows\system32\RtkCoInstXP.dll
    2011-06-16 22:27:59 129640 ----a-w- c:\windows\RtkAudioService.exe
    2011-06-16 22:27:58 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
    2011-06-16 22:27:56 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
    2011-06-16 22:15:46 -------- d-----w- c:\documents and settings\all users\application data\UAB
    2011-06-16 22:15:43 -------- d-----w- c:\documents and settings\alan\local settings\application data\PC_Drivers_Headquarters
    2011-06-16 22:15:39 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters
    2011-06-16 22:15:00 -------- d-----w- c:\program files\PC Drivers HeadQuarters
    2011-06-16 22:03:18 -------- d-----w- c:\documents and settings\alan\application data\Trusteer
    2011-06-16 22:03:14 -------- d-----w- c:\program files\Trusteer
    2011-06-16 22:02:44 -------- d-----w- c:\documents and settings\all users\application data\Trusteer
    2011-06-16 21:40:27 -------- d-----w- c:\documents and settings\alan\application data\PFStaticIP
    2011-06-16 21:40:15 -------- d-----w- c:\program files\PFStaticIP
    2011-06-16 21:21:55 -------- d-----w- c:\documents and settings\alan\local settings\application data\Stardock
    2011-06-16 21:19:39 -------- dc-h--w- c:\documents and settings\all users\application data\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
    2011-06-16 21:19:25 -------- d-----w- c:\documents and settings\alan\local settings\application data\PackageAware
    2011-06-16 21:10:42 -------- d-----w- c:\documents and settings\alan\application data\Windows Search
    2011-06-16 10:34:48 233472 --sha-r- c:\windows\system32\iphlpapiu.dll
    2011-06-16 10:07:23 -------- d-----w- c:\documents and settings\alan\local settings\application data\Adobe
    2011-06-16 09:57:26 -------- d-----w- c:\documents and settings\alan\local settings\application data\Scansoft
    2011-06-16 09:40:16 -------- d-----w- c:\documents and settings\all users\application data\Uninstall
    2011-06-16 09:29:38 -------- d-----w- c:\program files\common files\Sonic Shared
    2011-06-16 09:28:08 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
    2011-06-16 09:28:08 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
    2011-06-16 09:28:07 303104 ----a-w- c:\windows\emunist.exe
    2011-06-16 09:28:01 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
    2011-06-16 09:28:01 363520 ----a-w- c:\windows\system32\PsisDecd.dll
    2011-06-16 09:28:01 33280 ----a-w- c:\windows\system32\PsisRndr.ax
    2011-06-16 09:28:00 56832 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-06-16 09:22:03 -------- d-----w- c:\documents and settings\alan\application data\WTablet
    2011-06-16 09:21:29 2684200 ------w- c:\windows\system32\PenTablet.cpl
    2011-06-16 09:21:26 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
    2011-06-16 09:21:26 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2011-06-16 09:21:23 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
    2011-06-16 09:21:14 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2011-06-16 09:21:13 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2011-06-16 09:21:11 -------- d-----w- c:\windows\system32\WTablet
    2011-06-16 09:21:09 181544 ------w- c:\windows\system32\Wintab32.dll
    2011-06-16 09:21:09 1373480 ------w- c:\windows\system32\Pen_Tablet.exe
    2011-06-16 09:21:09 128296 ------w- c:\windows\system32\Pen_Tablet.dll
    2011-06-16 09:21:00 -------- d-----w- c:\program files\Tablet
    2011-06-16 09:15:44 -------- d-----w- c:\documents and settings\all users\application data\CanonIJPLM
    2011-06-16 09:14:53 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-06-16 09:14:53 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-06-16 09:14:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2011-06-16 09:14:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-06-16 09:14:07 -------- d-----w- c:\program files\common files\CANON
    2011-06-16 09:11:37 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP93.DLL
    2011-06-16 09:11:37 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD93.DLL
    2011-06-16 09:11:37 215040 ----a-w- c:\windows\system32\CNMLM93.DLL
    2011-06-16 09:11:19 188416 ----a-w- c:\windows\system32\CNC610O.DLL
    2011-06-16 09:11:18 98304 ----a-w- c:\windows\system32\CNC610I.DLL
    2011-06-16 09:11:18 200704 ----a-w- c:\windows\system32\CNC610L.DLL
    2011-06-16 09:11:17 1400832 ----a-w- c:\windows\system32\CNC610C.DLL
    2011-06-16 09:08:59 -------- d-----w- c:\program files\Canon
    2011-06-16 09:07:57 -------- d-----w- c:\program files\common files\ScanSoft Shared
    2011-06-16 09:07:25 -------- d-----w- c:\program files\ScanSoft
    2011-06-16 08:51:25 -------- d-----w- c:\program files\Siber Systems
    2011-06-15 21:35:04 -------- d-----w- c:\program files\common files\Windows Live
    2011-06-15 21:34:16 -------- d-----w- c:\windows\system32\winrm
    2011-06-15 21:34:12 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
    2011-06-15 21:33:51 -------- d-----w- c:\documents and settings\alan\local settings\application data\Identities
    2011-06-15 21:33:49 -------- d-----w- c:\documents and settings\alan\application data\Windows Desktop Search
    2011-06-15 21:33:31 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-06-15 21:33:31 -------- d-----w- c:\program files\Windows Desktop Search
    2011-06-15 21:33:04 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
    2011-06-15 21:33:03 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
    2011-06-15 21:33:03 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
    2011-06-15 21:32:43 -------- d-----w- c:\program files\Windows Media Connect 2
    2011-06-15 21:31:50 -------- d-----w- c:\windows\system32\LogFiles
    2011-06-15 21:30:58 -------- d-----w- c:\windows\system32\URTTEMP
    2011-06-15 21:30:21 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2011-06-15 20:50:40 -------- d-----w- c:\windows\ie8updates
    2011-06-15 20:32:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-06-15 20:32:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-06-15 20:32:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-06-15 20:32:57 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-06-15 20:32:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-06-15 20:32:55 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-06-15 20:31:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-06-15 20:31:47 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2011-06-15 20:28:41 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-06-15 20:28:25 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-06-15 20:27:03 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-06-15 20:26:35 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-06-15 20:26:34 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-06-15 20:26:21 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-06-15 20:25:31 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-06-15 20:24:50 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-06-15 20:23:54 293376 ------w- c:\windows\system32\browserchoice.exe
    2011-06-15 20:22:35 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-06-15 20:22:35 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-06-15 20:22:28 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-06-15 20:22:00 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-06-15 20:21:11 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-06-15 20:18:40 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-06-15 20:18:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-06-15 20:17:48 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-06-15 20:17:42 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-06-15 20:06:50 -------- d-----w- c:\windows\system32\XPSViewer
    2011-06-15 20:06:29 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-06-15 20:06:23 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-06-15 20:06:23 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-06-15 20:06:23 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-06-15 20:06:23 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-06-15 20:06:23 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-06-15 20:06:23 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-06-15 20:06:23 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-06-15 20:06:23 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-06-15 20:06:23 -------- d-----w- C:\1287bd8a094eb607500a86
    2011-06-15 20:04:40 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2011-06-15 20:04:31 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2011-06-15 20:04:25 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2011-06-15 20:04:24 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2011-06-15 20:04:24 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-06-15 20:04:23 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-06-15 20:04:23 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2011-06-15 20:04:22 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2011-06-15 20:04:22 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-06-15 20:04:22 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-06-15 20:04:21 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2011-06-15 19:53:15 14744 ----a-w- c:\documents and settings\alan\application data\microsoft\identitycrl\production\ppcrlconfig.dll
    2011-06-15 19:52:09 -------- d-----w- c:\program files\MSECache
    2011-06-15 19:39:29 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-06-15 19:39:29 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2011-06-15 18:35:01 -------- d-----w- c:\documents and settings\all users\Microsoft
    2011-06-15 18:34:11 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2011-06-15 18:33:34 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-06-15 18:33:30 -------- d-----w- c:\windows\SHELLNEW
    2011-06-15 18:33:20 -------- d-----w- c:\documents and settings\alan\local settings\application data\Microsoft Help
    2011-06-15 17:43:18 -------- d-----w- c:\windows\system32\scripting
    2011-06-15 17:43:18 -------- d-----w- c:\windows\system32\en
    2011-06-15 17:43:18 -------- d-----w- c:\windows\l2schemas
    2011-06-15 17:43:17 -------- d-----w- c:\windows\system32\bits
    2011-06-15 17:42:11 -------- d-----w- c:\windows\ServicePackFiles
    2011-06-15 17:40:38 -------- d-----w- c:\windows\network diagnostic
    2011-06-15 16:57:54 -------- d-----w- c:\documents and settings\alan\application data\PriceGong
    2011-06-15 16:56:01 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
    2011-06-15 16:53:51 -------- d-----w- c:\program files\Conduit
    2011-06-15 16:53:51 -------- d-----w- c:\documents and settings\alan\local settings\application data\uTorrentBar
    2011-06-15 16:53:51 -------- d-----w- c:\documents and settings\alan\local settings\application data\Conduit
    2011-06-15 16:53:47 -------- d-----w- c:\program files\ConduitEngine
    2011-06-15 16:53:47 -------- d-----w- c:\documents and settings\alan\local settings\application data\ConduitEngine
    2011-06-15 16:53:45 -------- d-----w- c:\program files\uTorrentBar
    2011-06-15 16:53:45 -------- d-----w- c:\documents and settings\alan\local settings\application data\Temp
    2011-06-15 16:53:44 -------- d-----w- C:\extensions
    2011-06-15 16:47:49 -------- d-----w- c:\program files\uTorrent
    2011-06-15 16:46:56 -------- d-----w- c:\documents and settings\alan\application data\uTorrent
    2011-06-15 16:31:36 -------- d-----w- c:\program files\Disktrix
    2011-06-15 16:17:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-15 16:00:59 -------- d-----w- c:\documents and settings\alan\local settings\application data\ATI
    2011-06-15 15:52:06 -------- d-----w- c:\program files\AMD APP
    2011-06-15 15:50:42 -------- d-----w- c:\program files\ATI Technologies
    2011-06-15 15:49:53 -------- d-----w- C:\ATI
    2011-06-15 15:45:06 -------- d-sh--w- c:\documents and settings\alan\IECompatCache
    2011-06-15 15:43:57 -------- d-sh--w- c:\documents and settings\alan\PrivacIE
    2011-06-15 15:42:13 -------- d-sh--w- c:\documents and settings\alan\IETldCache
    2011-06-15 15:39:24 -------- dc-h--w- c:\windows\ie8
    2011-06-15 15:24:54 -------- d-----w- c:\windows\system32\PreInstall
    2011-06-15 15:20:39 -------- d-sh--w- c:\documents and settings\alan\UserData
    2011-06-15 15:10:07 -------- d-----w- c:\program files\Atheros Communications Inc
    2011-06-15 14:55:42 24576 ----a-r- c:\windows\system32\AsIO.dll
    2011-06-15 14:55:42 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys
    2011-06-15 14:55:40 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
    2011-06-15 14:55:40 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
    2011-06-15 14:55:40 -------- d-----w- c:\program files\ASUS
    2011-06-15 14:55:32 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2011-06-15 14:55:32 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2011-06-15 14:55:32 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
    2011-06-15 14:55:32 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2011-06-15 14:55:31 614532 ------w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
    2011-06-15 14:54:48 -------- d-----w- c:\program files\Marvell
    2011-06-15 14:53:02 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-06-15 14:52:13 36864 ----a-r- c:\windows\system32\drivers\l1e51x86.sys
    2011-06-15 14:52:07 -------- d-----w- c:\windows\system32\Atheros_L1e
    2011-06-15 14:51:37 -------- d-----w- c:\windows\AS_SCRIPTS
    2011-06-15 14:47:28 64104 ----a-w- c:\windows\ALCMTR.EXE
    2011-06-15 14:45:53 -------- d-----w- c:\windows\system32\Lang
    2011-06-15 14:41:07 49152 ------r- c:\windows\system32\ChCfg.exe
    2011-06-15 14:41:02 -------- d-----w- c:\windows\system32\RTCOM
    2011-06-15 14:39:58 1284712 ----a-w- c:\windows\RtlExUpd.dll
    2011-06-15 14:39:56 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
    2011-06-15 14:39:56 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
    2011-06-15 14:39:56 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
    2011-06-15 14:39:56 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-06-15 14:39:56 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
    2011-06-15 14:39:56 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
    2011-06-15 14:39:54 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
    2011-06-15 14:39:54 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
    2011-06-15 14:24:36 -------- d-----w- c:\windows\ASUSInstAll
    2011-06-15 14:21:34 -------- d-----w- c:\windows\system32\ReinstallBackups
    2011-06-15 14:21:32 53248 ----a-r- c:\windows\system32\CSVer.dll
    2011-06-15 14:21:16 -------- d-----w- C:\Intel
    2011-06-15 14:20:46 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
    2011-06-15 14:20:32 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
    2011-06-15 14:17:03 516920 ----a-w- c:\temp\tidyup.exe
    2011-06-15 14:14:42 -------- d-----w- C:\temp
    2011-06-15 12:12:29 -------- d-----w- c:\program files\common files\McAfee
    2011-06-15 12:12:28 -------- d-----w- c:\program files\McAfee.com
    2011-06-15 12:12:25 -------- d-----w- c:\program files\McAfee
    .
    ==================== Find3M ====================
    .
    2011-06-15 15:51:42 0 ----a-w- c:\windows\ativpsrm.bin
    2011-05-31 16:21:28 6348392 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
    2011-05-12 13:10:00 20053608 ----a-w- c:\windows\RTHDCPL.EXE
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-20 02:41:56 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2011-04-20 02:38:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2011-04-20 02:29:06 57344 ----a-w- c:\windows\system32\aticalrt.dll
    2011-04-20 02:29:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2011-04-20 02:24:20 5459968 ----a-w- c:\windows\system32\aticaldd.dll
    2011-04-20 02:14:04 17743872 ----a-w- c:\windows\system32\atioglxx.dll
    2011-04-20 02:04:00 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-04-20 02:02:58 302080 ----a-w- c:\windows\system32\ati2dvag.dll
    2011-04-20 02:01:50 4017408 ----a-w- c:\windows\system32\ati3duag.dll
    2011-04-20 01:55:20 1115008 ----a-w- c:\windows\system32\ativvamv.dll
    2011-04-20 01:45:06 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
    2011-04-20 01:44:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-04-20 01:44:22 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-04-20 01:44:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2011-04-20 01:44:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-04-20 01:43:54 188416 ----a-w- c:\windows\system32\ati2evxx.dll
    2011-04-20 01:42:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
    2011-04-20 01:41:22 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2011-04-20 01:40:08 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-04-20 01:36:24 651264 ----a-w- c:\windows\system32\atikvmag.dll
    2011-04-20 01:34:10 200704 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-04-20 01:33:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2011-04-20 01:30:48 503808 ----a-w- c:\windows\system32\atiok3x2.dll
    2011-04-20 01:28:32 851968 ----a-w- c:\windows\system32\ati2cqag.dll
    2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\atimpc32.dll
    2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-04-20 01:26:26 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-04-19 21:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll
    2011-04-19 21:10:18 51712 ----a-w- c:\windows\system32\OpenCL.dll
    2011-04-19 21:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll
    2011-04-19 01:16:26 94536 ----a-w- c:\windows\system32\UDBDef.exe
    .
    ============= FINISH: 17:07:27.73 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 15/06/2011 12:53:57
    System Uptime: 17/06/2011 12:06:01 (5 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5Q
    Processor: Intel Pentium III Xeon processor | LGA 775 | 2333/333mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 146 GiB total, 132.741 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 137.616 GiB free.
    E: is FIXED (NTFS) - 98 GiB total, 97.589 GiB free.
    F: is FIXED (NTFS) - 98 GiB total, 71.961 GiB free.
    G: is FIXED (NTFS) - 124 GiB total, 123.894 GiB free.
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Audio Device on High Definition Audio Bus
    Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&354745F2&0&0001
    Manufacturer:
    Name: Audio Device on High Definition Audio Bus
    PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&354745F2&0&0001
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
    Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_82261043&REV_B0\4&20515DB1&0&00E5
    Manufacturer: Atheros
    Name: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
    PNP Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_82261043&REV_B0\4&20515DB1&0&00E5
    Service: L1e
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\19873D51E8C00
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\19873D51E8C00
    Service: NIC1394
    .
    ==== System Restore Points ===================
    .
    RP1: 17/06/2011 12:02:36 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    AI Direct Link
    AI Suite
    AMD APP SDK Runtime
    ASUSUpdate
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    Atheros Ethernet Utility
    Canon MP Navigator EX 1.0
    Canon MP610 series
    Canon MP610 series User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    ccc-utility
    CCC Help English
    CD-LabelPrint
    Conduit Engine
    Definition update for Microsoft Office 2010 (KB982726)
    DirectX 9 Runtime
    Disktrix UltimateDefrag
    Drive Xpert
    Driver Detective
    EPU-6 Engine
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    IconPackager
    Impulse®
    Malwarebytes' Anti-Malware version 1.51.0.1200
    marvell 61xx
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mozilla Firefox 4.0.1 (x86 en-GB)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    ObjectDock Plus 2
    Pen Tablet
    PIXMA Extended Survey Program
    Portforward Static IP Address 1.0.45
    PowerBackup 2.5
    Rapport
    Realtek High Definition Audio Driver
    RoboForm 7-1-9 (All Users)
    Roxio Activation Module
    Roxio CinePlayer Decoder Pack
    Roxio Easy VHS to DVD
    Roxio Easy VHS to DVD Content
    Roxio Video Capture USB
    Roxio Video Capture USB Driver
    ScanSoft OmniPage SE 4
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Excel 2010 (KB2523021)
    Security Update for Microsoft InfoPath 2010 (KB2510065)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2441641)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    uTorrentBar Toolbar
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinZip 15.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    16/06/2011 11:24:12, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    16/06/2011 11:24:12, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    16/06/2011 11:24:12, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    15/06/2011 19:30:53, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
    15/06/2011 16:55:52, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
    15/06/2011 16:55:52, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\atiadlxx.dll. Reference error message: The operation completed successfully. .
    15/06/2011 16:55:52, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    15/06/2011 16:52:03, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\ATI Technologies\ATI.ACE\Graphics-Previews-Common\Ticker.ax. Reference error message: The operation completed successfully. .
    15/06/2011 16:52:03, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\ATI Technologies\ATI.ACE\Graphics-Previews-Common\Microsoft.VC80.CRT.MANIFEST" on line 4.
    15/06/2011 16:52:03, error: SideBySide [34] - Component identity found in manifest does not match the identity of the component requested
    15/06/2011 16:52:02, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI74.tmp. Reference error message: The operation completed successfully. .
    15/06/2011 16:51:22, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI3B.tmp. Reference error message: The operation completed successfully. .
    15/06/2011 16:51:21, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI37.tmp. Reference error message: The operation completed successfully. .
    15/06/2011 16:51:21, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI36.tmp. Reference error message: The operation completed successfully. .
    15/06/2011 16:51:21, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI34.tmp. Reference error message: The operation completed successfully. .
    .
    ==== End Of File ===========================
  9. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
  10. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Here are the log files....


    aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-18 09:28:14
    -----------------------------
    09:28:14.187 OS Version: Windows 5.1.2600 Service Pack 3
    09:28:14.187 Number of processors: 4 586 0x1707
    09:28:14.187 ComputerName: ALANS UserName: Alan
    09:28:15.296 Initialize success
    09:28:18.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    09:28:18.343 Disk 0 Vendor: WDC_WD5000AADS-00L4B1 05.04C05 Size: 476940MB BusType: 3
    09:28:20.359 Disk 0 MBR read successfully
    09:28:20.359 Disk 0 MBR scan
    09:28:20.359 Disk 0 Windows XP default MBR code
    09:28:22.359 Disk 0 scanning sectors +976752000
    09:28:22.390 Disk 0 scanning C:\WINDOWS\system32\drivers
    09:28:30.765 Service scanning
    09:28:32.000 Disk 0 trace - called modules:
    09:28:32.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    09:28:32.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0e1ab8]
    09:28:32.015 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8b11dd38]
    09:28:32.015 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b071d98]
    09:28:32.015 Scan finished successfully
    09:28:46.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alan\Desktop\MBR.dat"
    09:28:46.890 The log file has been saved successfully to "C:\Documents and Settings\Alan\Desktop\aswMBR.txt"


    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #4
    ==============================================
    >Drivers
    ==============================================
    0xB9610000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 6868992 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
    0xAC80B000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6606848 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0xBF25F000 C:\WINDOWS\System32\ati3duag.dll 4018176 bytes (ATI Technologies Inc. , ati3duag.dll)
    0xBF9C6000 C:\WINDOWS\System32\ativvaxx.dll 3268608 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2154496 bytes
    0x804D7000 RAW 2154496 bytes
    0x804D7000 WMIxWDM 2154496 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 851968 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
    0xBF130000 C:\WINDOWS\System32\atikvmag.dll 716800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
    0xB9D80000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xAC38B000 C:\WINDOWS\system32\DRIVERS\emBDA.sys 569344 bytes (eMPIA Technology, Inc., USB 28xx BDA Driver)
    0xAC416000 C:\WINDOWS\system32\DRIVERS\emOEM.sys 528384 bytes (eMPIA Technology, Inc., USB 28xx BDA Lower filter)
    0xBF1DF000 C:\WINDOWS\System32\atiok3x2.dll 524288 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
    0xAC55F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB8F42000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xB9E24000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
    0xAC6CB000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xA93B5000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
    0xB9015000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
    0xBF634000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xA8DB0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB9ECB000 mv61xx.sys 262144 bytes (Marvell Semiconductor, Inc., Marvell Thor Windows Driver)
    0xB8FBD000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xA945D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB9D53000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xA7717000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xAC5F5000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB95D4000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xAC642000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xAC66A000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xAC5CF000 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 155648 bytes (Trusteer Ltd., RapportPG)
    0xB948D000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
    0xAC7E7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB95B0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB94ED000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xAC620000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806E5000 ACPI_HAL 134400 bytes
    0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB9E93000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xB8FA0000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
    0xB9D39000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xAC373000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB9EB3000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
    0xB9E0D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB94C2000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xA8795000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
    0xA8C5B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB94D9000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
    0xB95FC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xAC724000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xAC690000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB9E81000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB94B1000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB9540000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xBA198000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xBA308000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xBA318000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xB9550000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xBA268000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xBA2B8000 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 61440 bytes (Trusteer Ltd., RapportEI)
    0xBA1A8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xA8E79000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xB9530000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
    0xBA258000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xBA178000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xBA2F8000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 53248 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis miniport driver)
    0xBA2C8000 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys 53248 bytes (Trusteer Ltd., RapportCerberus)
    0xBA1C8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xB9590000 C:\WINDOWS\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
    0xA8A5B000 C:\WINDOWS\system32\drivers\mfebopk.sys 49152 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
    0xBA128000 RapportKELL.sys 49152 bytes (Trusteer Ltd., RapportKE)
    0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xA7E6C000 C:\DOCUME~1\Alan\LOCALS~1\Temp\aswMBR.sys 45056 bytes
    0xBA2D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xBA188000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xBA228000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xBA218000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xA7851000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xBA1B8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xBA2E8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xBA1F8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xBA2A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xB9560000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xBA448000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xBA498000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xBA3C8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xBA410000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
    0xBA3D0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xBA3E0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xBA490000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xBA3D8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xBA400000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xBA438000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xBA428000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
    0xBA440000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xBA3F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xBA3F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xBA3E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xBA4A8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xAC6BB000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
    0xB9CA9000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xB9CB1000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xA9822000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xBA570000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xAC7C7000 C:\WINDOWS\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
    0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xAC7B7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xAC6AB000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xB9CAD000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xBA57C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xB8F2A000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xBA5C6000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
    0xBA5EC000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
    0xBA5E6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xBA656000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xBA5E4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xBA5E8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xBA5EA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xBA5D2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xBA5D6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xBA5C8000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
    0xBA5CA000 C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
    0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xBA6DC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xBA6CA000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xBA7D1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================
  11. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Here is the Combo log

    ComboFix 11-06-17.04 - Alan 18/06/2011 21:54:04.1.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2562 [GMT 1:00]
    Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Alan\Application Data\inst.exe
    c:\documents and settings\Alan\Application Data\pcouffin.sys
    c:\documents and settings\Alan\Application Data\PriceGong
    c:\documents and settings\Alan\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\j.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Alan\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Alan\Local Settings\Temporary Internet Files\Sys5889.Data Repository.sys
    c:\windows\system32\drivers\hosts
    c:\windows\system32\systeminfo3.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-15 20:06 . 2011-06-15 20:06 -------- d-----w- C:\1287bd8a094eb607500a86
    2011-06-15 18:33 . 2011-06-15 18:33 -------- d-----r- C:\MSOCache
    2011-06-15 16:53 . 2011-06-15 16:53 -------- d-----w- C:\extensions
    2011-06-15 15:49 . 2011-06-15 15:49 -------- d-----w- C:\ATI
    2011-06-15 14:21 . 2011-06-15 14:21 -------- d-----w- C:\Intel
    2011-06-15 14:14 . 2011-06-16 09:29 -------- d-----w- C:\temp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2006-02-28 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-19 21:10 . 2011-04-19 21:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
    2011-04-19 21:10 . 2011-04-19 21:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
    2011-04-19 21:10 . 2011-04-19 21:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
    2011-04-19 01:16 . 2011-04-19 01:16 94536 ----a-w- c:\windows\system32\UDBDef.exe
    2011-04-14 16:46 . 2011-06-15 23:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 13:01 . 2011-06-17 08:54 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 12:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin1.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 12:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin1.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-16 107000]
    "AdobeBridge"="f:\adobe\Adobe Bridge CS5\Bridge.exe" [2010-11-09 12001224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
    "Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
    "QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
    "Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
    "Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
    "Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
    "Drive Xpert"="c:\program files\ASUS\Drive Xpert\DriveXpert.exe" [2008-05-30 10235904]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1195408]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Alan\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-6-17 576000]
    Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-6-17 4142448]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [23/06/2008 23:21 150568]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [15/06/2011 21:04 84200]
    R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [17/06/2011 09:31 57144]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15/06/2011 13:14 203280]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [15/06/2011 21:03 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [15/06/2011 21:03 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [15/06/2011 21:04 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [15/06/2011 21:04 141792]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [16/06/2011 10:21 1373480]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [15/06/2011 21:04 56064]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [15/06/2011 21:04 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [15/06/2011 21:04 88736]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
    S2 57xx SteelVine Manager;57xx SteelVine;c:\program files\ASUS\Drive Xpert\SteelVine.exe [29/05/2008 15:55 1286144]
    S2 igytbyfj;Microcode Update Support;c:\windows\System32\svchost.exe -k netsvcs [28/02/2006 13:00 14336]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/06/2011 23:27 1691480]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [15/06/2011 21:04 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [15/06/2011 21:04 84488]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 10:25 30969208]
    S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [20/05/2009 04:35 1128944]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - BLACKBOX
    *NewlyCreated* - JAVAQUICKSTARTERSERVICE
    *Deregistered* - aswMBR
    *Deregistered* - BlackBox
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    igytbyfj
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-18 c:\windows\Tasks\User_Feed_Synchronization-{945CE2F9-7C7F-4646-9F9A-EEE1A13FCCEE}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.mytalktalk.co.uk
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\o4c9q1d1.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - www.talktalk.net
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{B5205BFB-2051-498E-7323-23EA03F4F87A} - c:\windows\system32\wrbhaouj.dll
    HKCU-Run-java system update - c:\docume~1\Alan\LOCALS~1\Temp\eumlm.exe
    HKCU-Run-winupdate system - c:\docume~1\Alan\LOCALS~1\Temp\icvcc.exe
    HKCU-Run-java checksys - c:\docume~1\Alan\LOCALS~1\Temp\rtpmp.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-18 21:59
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1292428093-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1232)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    Completion time: 2011-06-18 22:00:59
    ComboFix-quarantined-files.txt 2011-06-18 21:00
    .
    Pre-Run: 137,580,777,472 bytes free
    Post-Run: 138,132,283,392 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 6BCA0E9459A5192BAB9B88978099DBD0
  13. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    NetSvc::
    igytbyfj
    
    Driver::
    igytbyfj
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  14. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Here is the new log file..

    ComboFix 11-06-17.04 - Alan 18/06/2011 22:37:50.2.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2478 [GMT 1:00]
    Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Alan\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_IGYTBYFJ
    -------\Service_igytbyfj
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-15 20:06 . 2011-06-15 20:06 -------- d-----w- C:\1287bd8a094eb607500a86
    2011-06-15 18:33 . 2011-06-15 18:33 -------- d-----r- C:\MSOCache
    2011-06-15 16:53 . 2011-06-15 16:53 -------- d-----w- C:\extensions
    2011-06-15 15:49 . 2011-06-15 15:49 -------- d-----w- C:\ATI
    2011-06-15 14:21 . 2011-06-15 14:21 -------- d-----w- C:\Intel
    2011-06-15 14:14 . 2011-06-16 09:29 -------- d-----w- C:\temp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2006-02-28 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2011-04-19 21:10 . 2011-04-19 21:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
    2011-04-19 21:10 . 2011-04-19 21:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
    2011-04-19 21:10 . 2011-04-19 21:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
    2011-04-19 01:16 . 2011-04-19 01:16 94536 ----a-w- c:\windows\system32\UDBDef.exe
    2011-04-14 16:46 . 2011-06-15 23:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 13:01 . 2011-06-17 08:54 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-12-09 12:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin1.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2010-12-09 12:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin1.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-16 107000]
    "AdobeBridge"="f:\adobe\Adobe Bridge CS5\Bridge.exe" [2010-11-09 12001224]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
    "Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
    "QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
    "Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
    "Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
    "Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
    "Drive Xpert"="c:\program files\ASUS\Drive Xpert\DriveXpert.exe" [2008-05-30 10235904]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1195408]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\Alan\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-6-17 576000]
    Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-6-17 4142448]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [23/06/2008 23:21 150568]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [15/06/2011 21:04 84200]
    R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [17/06/2011 09:31 57144]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
    R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\ASUS\Drive Xpert\SteelVine.exe [29/05/2008 15:55 1286144]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15/06/2011 13:14 203280]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [15/06/2011 21:03 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [15/06/2011 21:03 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [15/06/2011 21:04 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [15/06/2011 21:04 141792]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [16/06/2011 10:21 1373480]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [15/06/2011 21:04 56064]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [15/06/2011 21:04 314088]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [15/06/2011 21:04 88736]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/06/2011 23:27 1691480]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [15/06/2011 21:04 88736]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [15/06/2011 21:04 84488]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 10:25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
    S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [20/05/2009 04:35 1128944]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-18 c:\windows\Tasks\User_Feed_Synchronization-{945CE2F9-7C7F-4646-9F9A-EEE1A13FCCEE}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.mytalktalk.co.uk
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\o4c9q1d1.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - www.talktalk.net
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-18 22:43
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1292428093-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1232)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(5120)
    c:\windows\system32\WININET.dll
    c:\program files\Stardock\ObjectDockPlus2\DockShellHook.dll
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\astsrv.exe
    c:\program files\Canon\IJPLM\IJPLMSVC.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\WTablet\Pen_TabletUser.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Stardock\ObjectDockPlus2\ObjectDockTray.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-18 22:48:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-18 21:48
    ComboFix2.txt 2011-06-18 21:00
    .
    Pre-Run: 138,152,259,584 bytes free
    Post-Run: 138,040,139,776 bytes free
    .
    - - End Of File - - 577DC659F1DDE53A106824A0AB3FB8C6
  15. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Running the last combofix scan seems to have messed up internet connection. THe only webpage I can open is this one.
  16. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    What browser?
    Did you try different browser?
    Try to restart computer.

    Any other issues?
  17. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    I use Firefox 4, but I tried with IE8 and couldn't get any connection. I restarted and the same thing happened.
  18. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    I forgot....I cannot receive email with Outlook 2010, which was also ok before
  19. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    You're saying, you can access this site, no problem?

    Any errors, when you try to access any other sites?

    Any errors from OE?
  20. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Yep, I can access this site fine. Trying to get other sites I get a "Server not found" error. I cannot receive email in Office Outlook, but it seems to be sending ok.
  21. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  22. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Just tried to send test email in outlook but got a send error also
  23. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    OK, go on with TDSSKiller.
  24. verity25

    verity25 TS Enthusiast Topic Starter Posts: 112

    Clicked the link but got the same error.....so couldn't download the file
  25. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    You'll need to use another working computer and USB flash drive to get the file to your computer.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.