Windows XP, can't open Windows Explorer and associated programs.

Solved
By temir
Nov 3, 2010
Topic Status:
Not open for further replies.
  1. Hello,
    My OS is Windows XP Service Pack 2.
    My antivirus was Trend Micro 2010.
    I don't know what happened. Today, when i started Windows i realized that i can't open anymore Windows Explorer, Control Panel, Trend Micro Antivirus didn't respond anymore. Now Mozilla Firefox doesn't respond/freezes at any download attempt. My new McAfee Antivirus, that i installed today, doesn't respond, it is present as the tray icon, but the console window can't be opened.

    Here are the logs, except the DDS log, 'cause when i launch it after a while my computer restarts.

    mbam-log-2010-11-03 (13-22-53).txt

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5030

    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 6.0.2900.2180

    03/11/2010 13.22.53
    mbam-log-2010-11-03 (13-22-53).txt

    Scan type: Quick scan
    Objects scanned: 181746
    Time elapsed: 7 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 143
    Registry Values Infected: 4
    Registry Data Items Infected: 0
    Folders Infected: 18
    Files Infected: 94

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{819ffe20-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{819ffe21-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{819ffe22-35c7-4925-8cda-4e0e2db94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{67fa02c4-ab30-4e77-a640-78ee8ec8673b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{799391d3-eb86-4bac-9bd3-cbfea58a0e15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d858dafc-9573-4811-b323-7011a3aa7e61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.multiplebutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.multiplebutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywebsearch.urlalertbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01AA2B6D.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01AA2E1C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01AA2E99.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01AA2F26.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01CC62F2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01CC6CB6 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01CC7438.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01CC77C2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01CC7ED7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01CC8251.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\01CC86B6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\02093A92.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\02093C09 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0209464A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\02094D9D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\0209558C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.



    gmer.log

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-11-03 13:11:15
    Windows 5.1.2600 Service Pack 2
    Running: hm6zdjr0.exe; Driver: C:\DOCUME~1\TEMIRP~1.000\LOCALS~1\Temp\uwriyaod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6BC13A0, 0x592C35, 0xE8000020]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  2. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Welcome aboard [​IMG]

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. temir

    temir Newcomer, in training Topic Starter Posts: 87

    Sorry for my absence!
    Thank you very much for your quick response!
    Now i'll try to follow your steps. :)
  4. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    OK..............
  5. temir

    temir Newcomer, in training Topic Starter Posts: 87

    Here is the MBRCheck Report:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x0000bfbd

    Kernel Drivers (total 141):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FD000 \WINDOWS\system32\hal.dll
    0xF7C6F000 \WINDOWS\system32\KDCOM.DLL
    0xF7B7F000 \WINDOWS\system32\BOOTVID.dll
    0xF7720000 ACPI.sys
    0xF7C71000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF770F000 pci.sys
    0xF776F000 isapnp.sys
    0xF7D37000 pciide.sys
    0xF79EF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF777F000 MountMgr.sys
    0xF76F0000 ftdisk.sys
    0xF7C73000 dmload.sys
    0xF76CA000 dmio.sys
    0xF79F7000 PartMgr.sys
    0xF778F000 VolSnap.sys
    0xF76B2000 atapi.sys
    0xF779F000 disk.sys
    0xF77AF000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7693000 fltMgr.sys
    0xF7681000 sr.sys
    0xF7624000 mfehidk.sys
    0xF79FF000 PxHelp20.sys
    0xF760D000 KSecDD.sys
    0xF7580000 Ntfs.sys
    0xF7553000 NDIS.sys
    0xF7538000 Mup.sys
    0xF782F000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF6AE4000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xF6AD0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6ABB000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xF7A47000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6A98000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7A4F000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF6A2C000 \SystemRoot\system32\drivers\ctaud2k.sys
    0xF6A08000 \SystemRoot\system32\drivers\portcls.sys
    0xF783F000 \SystemRoot\system32\drivers\drmk.sys
    0xF69E5000 \SystemRoot\system32\drivers\ks.sys
    0xF69B3000 \SystemRoot\system32\drivers\ctoss2k.sys
    0xF698F000 \SystemRoot\system32\drivers\mfeavfk.sys
    0xF691C000 \SystemRoot\system32\drivers\mfefirek.sys
    0xF7A6F000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0xF784F000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF7A87000 \SystemRoot\system32\DRIVERS\irsir.sys
    0xF7C5B000 \SystemRoot\system32\DRIVERS\irenum.sys
    0xF7A97000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF6908000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7C67000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF785F000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF786F000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF787F000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7AB7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF7E78000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF68CC000 \SystemRoot\system32\DRIVERS\mfendisk.sys
    0xF7ACF000 \SystemRoot\system32\DRIVERS\rasirda.sys
    0xF7ADF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF788F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7500000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF68B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF789F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF78AF000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF68A4000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF78BF000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7AFF000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7B0F000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF67ED000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
    0xF67BC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF78CF000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7B17000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF7B1F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF67A2000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
    0xF7C7B000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6746000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7C1F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF78DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF78EF000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7C81000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF02B6000 \SystemRoot\system32\drivers\ha20x2k.sys
    0xF0289000 \SystemRoot\system32\drivers\emupia2k.sys
    0xF0262000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0xF01C6000 \SystemRoot\system32\drivers\ctac32k.sys
    0xF7B3F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF7C87000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7DD2000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7C8B000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7B5F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7B67000 \SystemRoot\System32\drivers\vga.sys
    0xF7C8F000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7C93000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7B77000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7A3F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF68FC000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF016B000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF0113000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF00F2000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF00DF000 \SystemRoot\system32\drivers\mfetdi2k.sys
    0xF794F000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF00B7000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF0095000 \SystemRoot\System32\drivers\afd.sys
    0xF795F000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF796F000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
    0xF0073000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
    0xF0047000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF002C000 \SystemRoot\system32\DRIVERS\psinknc.sys
    0xF7E05000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
    0xEFF1D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF797F000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7A7F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF7AC7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xEFEFA000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF0008000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF79AF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF0004000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xEFFFC000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF79BF000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEFE42000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7CA1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xEFFD8000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7AF7000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7DDC000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xB86C5000 \SystemRoot\system32\DRIVERS\PSINAflt.sys
    0xB86AF000 \SystemRoot\system32\DRIVERS\PSINFile.sys
    0xB8697000 \SystemRoot\system32\DRIVERS\PSINProc.sys
    0xB8569000 \SystemRoot\system32\DRIVERS\irda.sys
    0xB867B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xEFDFA000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xB833F000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xB832A000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB8491000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB8118000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7CBB000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB7FD1000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB6F98000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB7BC7000 \SystemRoot\system32\drivers\cfwids.sys
    0xB6CDA000 \SystemRoot\system32\drivers\mfeapfk.sys
    0xB8038000 \SystemRoot\system32\drivers\mfebopk.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 51):
    0 System Idle Process
    4 System
    1648 C:\WINDOWS\system32\smss.exe
    1728 csrss.exe
    1752 C:\WINDOWS\system32\winlogon.exe
    1796 C:\WINDOWS\system32\services.exe
    1808 C:\WINDOWS\system32\lsass.exe
    1992 C:\WINDOWS\system32\nvsvc32.exe
    272 C:\WINDOWS\system32\svchost.exe
    348 svchost.exe
    1340 C:\WINDOWS\system32\svchost.exe
    1696 svchost.exe
    464 svchost.exe
    820 C:\WINDOWS\system32\spoolsv.exe
    1244 C:\WINDOWS\explorer.exe
    1620 svchost.exe
    1676 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1688 C:\Program Files\Bonjour\mDNSResponder.exe
    1944 C:\WINDOWS\ehome\ehRecvr.exe
    424 C:\WINDOWS\ehome\ehSched.exe
    488 D:\Program Files\Java\jre6\bin\jqs.exe
    652 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    756 C:\WINDOWS\system32\mfevtps.exe
    1064 C:\WINDOWS\ehome\ehtray.exe
    1124 D:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    1180 C:\WINDOWS\ehome\ehmsas.exe
    1400 D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    1772 D:\Program Files\iTunes\iTunesHelper.exe
    1884 C:\WINDOWS\system32\HPZipm12.exe
    2072 C:\WINDOWS\system32\rundll32.exe
    2112 C:\WINDOWS\system32\svchost.exe
    2124 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2140 wdfmgr.exe
    2240 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
    2684 C:\Program Files\McAfee.com\Agent\mcagent.exe
    2872 C:\WINDOWS\system32\ctfmon.exe
    2892 D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    3348 C:\WINDOWS\system32\rundll32.exe
    3312 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
    4016 C:\WINDOWS\system32\dwwin.exe
    1316 C:\WINDOWS\system32\dllhost.exe
    2488 C:\WINDOWS\system32\dwwin.exe
    2496 C:\Program Files\iPod\bin\iPodService.exe
    4024 alg.exe
    484 D:\Program Files\Opera\opera.exe
    2392 C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
    2920 C:\PROGRA~1\COMMON~1\Mcafee\MSC\McUICnt.exe
    396 C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    1228 mcupdmgr.exe
    3552 D:\Program Files\totalcmd\TOTALCMD.EXE
    3228 C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000006`29aca200 (NTFS)
    \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000001`c097a600 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000016`16b79a00 (NTFS)
    \\.\J: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
    \\.\P: --> \\.\PhysicalDrive6 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive1 Model Number: WDCWD2500AAJS-00L7A0, Rev: 01.03E01
    PhysicalDrive0 Model Number: Maxtor6L200M0, Rev: BACE1G10
    PhysicalDrive6 Model Number: Ext HardDisk, Rev:

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    186 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    149 GB \\.\PhysicalDrive6 RE: Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
  6. temir

    temir Newcomer, in training Topic Starter Posts: 87

    There's a problem about Combofix. I can't disable McAfee because it doesn't respond. Can i run Combofix?
  7. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Run it from Safe Mode. You don't have to worry about McAfee there.
    Combofix may still issue some warning, regarding McAfee, but you can disregard it.
  8. temir

    temir Newcomer, in training Topic Starter Posts: 87

    ok, i've just run it from Safe Mode, then it automatically rebooted my computer and now i can't find the Combofix.txt report...
  9. temir

    temir Newcomer, in training Topic Starter Posts: 87

    i have a qoobox folder on C:\ and its content (not all of the files) is updated to this day, this very moment.
  10. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    If there is no C:\combofix.txt file, re-run Combofix.
  11. temir

    temir Newcomer, in training Topic Starter Posts: 87

    ok, i'll do it right now
     
  12. temir

    temir Newcomer, in training Topic Starter Posts: 87

    well, i've re-run Combofix for two times (the first time everything stalled and i was forced to restart the computer, the second time everything was apparently ok, combofix updated also) in Normal Mode (not Safe Mode) and there's no combofix.txt report... At least i don't see it.
  13. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    * Click on Start, then Run.
    * Copy and Paste the bold text below in to the Run Box:


    cmd /c dir /a /s C:\QooBox >log.txt&start log.txt


    * Then click on OK.
    * A Text File will open up, please Copy and Paste the contents in your next reply.
  14. temir

    temir Newcomer, in training Topic Starter Posts: 87

    Here it is, i re-run again Combofix and this time it did work like it should:

    ComboFix 10-11-07.01 - Temir 06/11/2010 21.23.26.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.1023.654 [GMT 1:00]
    Running from: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
    AV: *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
    AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Resident AV is active

    .

    ((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
    .

    2010-11-06 14:34 . 2010-11-06 14:39 2194 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2010-11-06 14:33 . 2010-11-06 14:33 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
    2010-11-06 14:33 . 2010-11-06 14:33 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
    2010-11-06 14:17 . 2010-11-06 14:17 -------- d-----w- c:\documents and settings\admin
    2010-11-03 22:02 . 2004-08-03 23:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2010-11-03 22:02 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2010-11-03 22:02 . 2001-08-17 21:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2010-11-03 22:02 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2010-11-03 22:02 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2010-11-03 22:01 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2010-11-03 22:01 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2010-11-03 22:01 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2010-11-03 22:01 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2010-11-03 22:01 . 2004-08-03 22:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
    2010-11-03 22:01 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
    2010-11-03 22:01 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2010-11-03 21:58 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
    2010-11-03 21:58 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
    2010-11-03 21:58 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
    2010-11-03 21:58 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
    2010-11-03 21:58 . 2004-08-03 21:59 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
    2010-11-03 21:58 . 2004-08-03 22:07 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
    2010-11-03 21:58 . 2004-08-03 23:56 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
    2010-11-03 21:58 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2010-11-03 21:58 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
    2010-11-03 21:58 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
    2010-11-03 21:58 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
    2010-11-03 21:56 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
    2010-11-03 21:55 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
    2010-11-03 21:55 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
    2010-11-03 21:55 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
    2010-11-03 21:55 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
    2010-11-03 21:55 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
    2010-11-03 21:55 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
    2010-11-03 21:52 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
    2010-11-03 21:51 . 2001-08-17 12:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
    2010-11-03 21:51 . 2001-08-17 11:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
    2010-11-03 21:51 . 2001-08-17 13:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
    2010-11-03 21:51 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
    2010-11-03 21:51 . 2001-08-17 11:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
    2010-11-03 21:51 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
    2010-11-03 21:51 . 2001-08-17 12:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
    2010-11-03 21:51 . 2004-08-03 22:07 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
    2010-11-03 21:51 . 2004-08-03 22:07 16128 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
    2010-11-03 21:51 . 2004-08-03 22:07 6016 -c--a-w- c:\windows\system32\dllcache\smbali.sys
    2010-11-03 21:51 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
    2010-11-03 21:51 . 2001-08-17 21:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
    2010-11-03 21:49 . 2001-08-17 11:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
    2010-11-03 21:48 . 2001-08-17 13:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
    2010-11-03 21:47 . 2001-08-17 11:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
    2010-11-03 21:46 . 2001-08-17 21:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
    2010-11-03 21:45 . 2001-08-17 13:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
    2010-11-03 21:44 . 2001-08-17 13:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
    2010-11-03 21:43 . 2001-08-17 11:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2010-11-03 21:42 . 2001-08-17 11:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
    2010-11-03 21:42 . 2004-08-03 23:56 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
    2010-11-03 21:42 . 2004-08-03 21:29 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
    2010-11-03 21:42 . 2004-08-03 21:41 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
    2010-11-03 21:42 . 2004-08-03 21:41 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
    2010-11-03 21:42 . 2004-08-03 22:10 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
    2010-11-03 21:42 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
    2010-11-03 21:42 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2010-11-03 21:42 . 2004-08-03 22:00 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2010-11-03 21:42 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
    2010-11-03 21:42 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
    2010-11-03 21:42 . 2004-08-03 22:10 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
    2010-11-03 21:42 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
    2010-11-03 21:40 . 2001-08-17 12:28 802683 -c--a-w- c:\windows\system32\dllcache\ltsm.sys
    2010-11-03 21:39 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-11-03 21:39 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-11-03 21:39 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
    2010-11-03 21:39 . 2001-08-17 12:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
    2010-11-03 21:39 . 2001-08-17 11:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
    2010-11-03 21:39 . 2001-08-17 21:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
    2010-11-03 21:39 . 2001-08-17 12:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
    2010-11-03 21:39 . 2004-08-03 21:59 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
    2010-11-03 21:39 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
    2010-11-03 21:39 . 2001-08-17 12:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
    2010-11-03 21:38 . 2001-08-17 21:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
    2010-11-03 21:36 . 2004-08-03 21:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
    2010-11-03 21:35 . 2001-08-17 21:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
    2010-11-03 21:34 . 2001-08-17 13:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
    2010-11-03 21:33 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
    2010-11-03 21:32 . 2001-08-17 11:11 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
    2010-11-03 21:31 . 2001-08-17 21:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
    2010-11-03 21:30 . 2001-08-17 11:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
    2010-11-03 21:29 . 2004-08-03 23:56 15423 -c--a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
    2010-11-03 21:28 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2010-11-03 21:27 . 2004-08-03 21:29 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
    2010-11-03 21:26 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
    2010-11-03 16:12 . 2010-11-03 16:12 -------- d-----w- c:\program files\SiteAdvisor
    2010-11-03 16:11 . 2010-10-13 21:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
    2010-11-03 16:11 . 2010-10-13 21:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-11-03 16:11 . 2010-10-13 21:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2010-11-03 16:11 . 2010-10-13 21:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-11-03 16:11 . 2010-10-13 21:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2010-11-03 16:11 . 2010-10-13 21:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-11-03 16:11 . 2010-10-13 21:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-11-03 16:11 . 2010-10-13 21:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-11-03 16:11 . 2010-10-13 21:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-11-03 16:11 . 2010-11-03 16:11 -------- d-----w- c:\program files\Common Files\Mcafee
    2010-11-03 16:10 . 2010-11-03 20:53 -------- d-----w- c:\program files\McAfee
    2010-11-03 15:56 . 2010-11-03 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-11-03 14:57 . 2010-10-13 21:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2010-11-03 12:58 . 2010-11-03 12:58 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Interactive
    2010-11-03 12:58 . 2010-11-03 12:58 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\log
    2010-11-03 12:40 . 2010-11-03 12:40 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-11-03 11:10 . 2010-11-03 12:40 -------- d-s---w- c:\documents and settings\Administrator.PRIVATE-A7D0BBD
    2010-11-02 15:02 . 2010-11-03 12:40 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Biolab Disaster
    2010-10-16 22:39 . 2010-10-16 22:39 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\FreeImageConverter
    2010-10-13 21:28 . 2010-10-13 21:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-10-13 21:28 . 2010-10-13 21:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-10-09 09:22 . 2010-10-09 09:22 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Nokia
    2010-10-09 08:44 . 2010-10-09 08:44 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-06 14:45 . 2004-08-10 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
    2010-09-15 02:50 . 2010-05-07 10:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 00:29 . 2010-05-07 10:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2010-10-13 21:28 . 2010-11-03 16:11 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ------- Sigcheck -------

    [-] 2010-11-06 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Avvio rapido di HP Image Zone.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Avvio rapido di HP Image Zone.lnk
    backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
    2010-09-30 12:10 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-11-11 08:57 1451520 ----a-w- d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MSK80Service"=2 (0x2)
    "mfevtp"=2 (0x2)
    "mfefire"=2 (0x2)
    "McShield"=2 (0x2)
    "McProxy"=2 (0x2)
    "McODS"=3 (0x3)
    "McNASvc"=2 (0x2)
    "McNaiAnn"=2 (0x2)
    "mcmscsvc"=2 (0x2)
    "McMPFSvc"=2 (0x2)
    "McAfee SiteAdvisor Service"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Program Files\\iTunes\\iTunes.exe"=
    "d:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "d:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1031:TCP"= 1031:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [03/11/2010 17.11.15 84072]
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [13/10/2009 14.50.54 114312]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [20/09/2010 23.41.09 143184]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [20/09/2010 23.40.43 41936]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [03/11/2010 15.57.01 141792]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [30/10/2009 15.18.01 146952]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [13/10/2009 14.50.54 95880]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [13/10/2009 14.50.55 101512]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [03/11/2010 17.11.15 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [03/11/2010 17.11.15 88544]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [05/08/2010 13.08.04 100496]
    R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [05/08/2010 13.08.04 111312]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 13.00.00 14336]
    S2 NanoServiceMain;NanoServiceMain;"c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe" --> c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [?]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [03/11/2010 17.11.15 55840]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10.58.52 11336]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [03/11/2010 17.11.15 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [03/11/2010 17.11.15 84264]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/10/2010 17.15.42 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/10/2010 17.15.42 8320]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12.37.14 517096]
    S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [03/11/2010 17.11.09 271480]
    S4 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [03/11/2010 17.11.09 271480]
    S4 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [03/11/2010 17.11.09 271480]
    S4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [03/11/2010 17.11.28 188136]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-PRIVATE-A7D0BBD-Temir.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-20 01:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.it/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: {4B98396A-1F15-4792-B650-A5C74B20C398} = 62.211.69.170,212.48.4.30
    FF - ProfilePath - c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-AdobeBridge - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-06 21:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(1236)
    c:\windows\system32\msi.dll
    .
    Completion time: 2010-11-06 21:37:50
    ComboFix-quarantined-files.txt 2010-11-06 20:37

    Pre-Run: 3.721.461.760 bytes free
    Post-Run: 3.700.051.968 bytes free

    - - End Of File - - 5764B904D8E34E5D352AA85538B61F33
  15. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    How is computer doing at the moment?

    Assuming, McAfee is your current security program, I can see some Panda Cloud Antivirus presence. Is it still listed in Add\Remove?
    You can't run two AV programs, so one of them has to go.

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\windows\system32\winlogon.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
  16. temir

    temir Newcomer, in training Topic Starter Posts: 87

    No, i don't have anymore Panda Cloud since long time, it is maybe the trace. The only antivirus i have now is McAfee, if it works, i have to check, didn't check after combofix.

    Unfortunately i still can't open Windows Explorer... But i use TotalCommander.
    Ok, i'll do it now.

    AND THANK YOU AGAIN FOR ALL THIS ASSISTANCE!!! YOU ARE GREAT!!! :)))
  17. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    ...and that file scan...
  18. temir

    temir Newcomer, in training Topic Starter Posts: 87

    RESULTS OF WINLOGON SCAN FOR VIRUS:

    AhnLab-V3 2010.11.06.01 2010.11.06 -
    AntiVir 7.10.13.145 2010.11.05 -
    Antiy-AVL 2.0.3.7 2010.11.06 -
    Authentium 5.2.0.5 2010.11.05 -
    Avast 4.8.1351.0 2010.11.06 -
    Avast5 5.0.594.0 2010.11.06 -
    AVG 9.0.0.851 2010.11.06 -
    BitDefender 7.2 2010.11.06 -
    CAT-QuickHeal 11.00 2010.11.04 -
    ClamAV 0.96.2.0-git 2010.11.06 -
    Comodo 6634 2010.11.06 -
    DrWeb 5.0.2.03300 2010.11.07 -
    Emsisoft 5.0.0.50 2010.11.06 -
    eSafe 7.0.17.0 2010.11.04 -
    eTrust-Vet 36.1.7958 2010.11.05 -
    F-Prot 4.6.2.117 2010.11.05 -
    F-Secure 9.0.16160.0 2010.11.06 -
    Fortinet 4.2.249.0 2010.11.06 -
    Ikarus T3.1.1.90.0 2010.11.06 -
    Jiangmin 13.0.900 2010.11.06 -
    K7AntiVirus 9.67.2903 2010.11.03 -
    Kaspersky 7.0.0.125 2010.11.06 -
    McAfee 5.400.0.1158 2010.11.07 -
    McAfee-GW-Edition 2010.1C 2010.11.06 -
    Microsoft 1.6301 2010.11.06 -
    NOD32 5597 2010.11.06 -
    Norman 6.06.10 None.. -
    Panda 10.0.2.7 2010.11.06 -
    PCTools 7.0.3.5 2010.11.06 -
    Prevx 3.0 2010.11.07 -
    Rising 22.72.04.00 2010.11.06 -
    Sophos 4.59.0 2010.11.06 -
    Sunbelt 7236 2010.11.07 -
    SUPERAntiSpyware 4.40.0.1006 2010.11.06 -
    Symantec 20101.2.0.161 2010.11.07 -
    TheHacker 6.7.0.1.076 2010.11.05 -
    TrendMicro 9.120.0.1004 2010.11.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.11.07 -
    VBA32 3.12.14.1 2010.11.05 -
    ViRobot 2010.10.4.4074 2010.11.06 -
    VirusBuster 12.71.8.0 2010.11.06 -
  19. temir

    temir Newcomer, in training Topic Starter Posts: 87

    And this:

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name:
    winlogon.exe
    Submission date:
    2010-11-07 00:15:34 (UTC)
    Current status:
    finished
    Result:
    0/ 41 (0.0%)
  20. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    That's good :)

    Is McAfee working?

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :filefind
      explorer.exe
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
  21. temir

    temir Newcomer, in training Topic Starter Posts: 87

    No, McAfee seems not to work. I try to launch it right now but nothing...

    Here is SystemLook report:

    SystemLook 04.09.10 by jpshortstuff
    Log created at 01:25 on 07/11/2010 by Temir
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "explorer.exe"
    C:\WINDOWS\explorer.exe --a---- 1032192 bytes [12:00 10/08/2004] [12:00 10/08/2004] A0732187050030AE399B241436565E64
    C:\WINDOWS\ERDNT\cache\explorer.exe --a---- 1032192 bytes [12:53 02/05/2010] [12:00 10/08/2004] A0732187050030AE399B241436565E64
    C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe --a---- 1033728 bytes [00:12 14/04/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923
    C:\WINDOWS\system32\dllcache\explorer.exe --a--c- 1032192 bytes [12:00 10/08/2004] [12:00 10/08/2004] A0732187050030AE399B241436565E64

    -= EOF =-
  22. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    We have couple of issues to solve here, so we have to go one thing at a time.

    In your initial post, you said something about Trend Micro Antivirus. Do you have it installed as well? I can see some traces of it.

    Upload C:\WINDOWS\explorer.exe to VirusTotal place and see, if it's clean.
    Let me know.
  23. temir

    temir Newcomer, in training Topic Starter Posts: 87

    I had Trend Micro Antivirus and after this event i removed Trend Micro and installed McAfee hoping to solve the problem, but after quick scanning and then deep scanning all the C:\ drive from Safe Mode (in Safe Mode entering the Administrator account the antivirus works) nothing changed and nothing was found, only some cookies and that's all.
  24. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    OK. Now, that scan...
  25. temir

    temir Newcomer, in training Topic Starter Posts: 87

    VirusTotal:

    3 VT Community user(s) with a total of 1767 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name:
    explorer.exe
    Submission date:
    2010-11-07 00:37:02 (UTC)
    Current status:
    finished
    Result:
    0/ 41 (0.0%)



    Antivirus Version Last update Result
    AhnLab-V3 2010.11.06.01 2010.11.06 -
    AntiVir 7.10.13.145 2010.11.05 -
    Antiy-AVL 2.0.3.7 2010.11.06 -
    Authentium 5.2.0.5 2010.11.05 -
    Avast 4.8.1351.0 2010.11.06 -
    Avast5 5.0.594.0 2010.11.06 -
    AVG 9.0.0.851 2010.11.06 -
    BitDefender 7.2 2010.11.06 -
    CAT-QuickHeal 11.00 2010.11.04 -
    ClamAV 0.96.2.0-git 2010.11.06 -
    Comodo 6634 2010.11.06 -
    DrWeb 5.0.2.03300 2010.11.07 -
    eSafe 7.0.17.0 2010.11.04 -
    eTrust-Vet 36.1.7958 2010.11.05 -
    F-Prot 4.6.2.117 2010.11.05 -
    F-Secure 9.0.16160.0 2010.11.06 -
    Fortinet 4.2.249.0 2010.11.06 -
    GData 21 2010.11.07 -
    Ikarus T3.1.1.90.0 2010.11.06 -
    Jiangmin 13.0.900 2010.11.06 -
    K7AntiVirus 9.67.2903 2010.11.03 -
    McAfee 5.400.0.1158 2010.11.07 -
    McAfee-GW-Edition 2010.1C 2010.11.06 -
    Microsoft 1.6301 2010.11.06 -
    NOD32 5597 2010.11.06 -
    Norman 6.06.10 2010.11.06 -
    nProtect 2010-11-06.01 2010.11.06 -
    Panda 10.0.2.7 2010.11.06 -
    PCTools 7.0.3.5 2010.11.07 -
    Prevx 3.0 2010.11.07 -
    Rising 22.72.04.00 2010.11.06 -
    Sophos 4.59.0 2010.11.06 -
    Sunbelt 7236 2010.11.07 -
    SUPERAntiSpyware 4.40.0.1006 2010.11.06 -
    Symantec 20101.2.0.161 2010.11.07 -
    TheHacker 6.7.0.1.076 2010.11.05 -
    TrendMicro 9.120.0.1004 2010.11.06 -
    TrendMicro-HouseCall 9.120.0.1004 2010.11.07 -
    VBA32 3.12.14.1 2010.11.05 -
    ViRobot 2010.10.4.4074 2010.11.06 -
    VirusBuster 12.71.8.0 2010.11.06 -
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.