Solved Google search redirects me - do I have a virus?

Status
Not open for further replies.
S

skippysays

Posts: 17   +0
Hello- I just joined up today in the hopes of learning how to fix this problem. I get annoying redirects to advertisement and hollywood celebrity sites. I followed the 8-step virus removal instructions posted here and have attached the logs below. Thanks for your time and help.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/13/2010 9:06:03 PM
mbam-log-2010-11-13 (21-06-03).txt

Scan type: Quick scan
Objects scanned: 126943
Time elapsed: 13 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-13 21:25:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0
Running: lie2u1lo.exe; Driver: C:\DOCUME~1\jan\LOCALS~1\Temp\fwdirpow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x9D7D978A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0x9D7D9821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x9D7D9738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x9D7D974C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0x9D7D9835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0x9D7D9861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0x9D7D98CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0x9D7D98B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x9D7D97CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x9D7D98FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0x9D7D980D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x9D7D9710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x9D7D9724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x9D7D979E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0x9D7D9937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0x9D7D98A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0x9D7D988D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0x9D7D984B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x9D7D9923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x9D7D990F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x9D7D9776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x9D7D9762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0x9D7D9877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x9D7D97F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0x9D7D98E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x9D7D97E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x9D7D97B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-11-10.01) - NTFSx86
Run by jan at 21:30:57.18 on Sat 11/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1261 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://msnbc.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxps://www.fts.newyorklife.com/ftWebUpdate/java/jre-6u6-windows-i586-p.exe
DPF: {BD08B340-7A26-4EAA-A78B-2998AAE61ACB} - hxxps://www.pcs.newyorklife.com/pcsweb/components/LetterTemplateManager.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {DF989DC2-7A72-4589-8C1A-9DDDF37AE5D8} - hxxps://www.pcs.newyorklife.com/pcsweb/components/LTMHelper.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jan\applic~1\mozilla\firefox\profiles\ooag4kor.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {955E0CE4-4A34-4FDA-9AB9-71204D52B264} - c:\documents and settings\acer\local settings\application data\{955E0CE4-4A34-4FDA-9AB9-71204D52B264}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-4-12 88176]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-4-12 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-4-12 144704]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-3-11 237568]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-4-12 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-12 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-12 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-4-12 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-4-12 40552]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-11 1684736]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-3 38912]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-11-04 04:04:33 -------- d-----w- c:\docume~1\jan\locals~1\applic~1\Mozilla
2010-11-02 04:41:07 -------- d-----w- c:\docume~1\jan\applic~1\Malwarebytes
2010-11-02 04:30:51 -------- d-----w- c:\docume~1\jan\applic~1\MSNInstaller
2010-11-02 04:23:20 -------- d-sh--w- c:\documents and settings\jan\PrivacIE
2010-11-02 03:54:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-11-02 03:54:01 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-02 03:49:59 98304 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
2010-10-21 04:42:45 221184 ----a-w- c:\windows\system32\wmpns.dll

==================== Find3M ====================

2010-10-16 20:31:36 0 ----a-w- c:\windows\Njila.bin
2010-10-04 18:20:18 808 ----a-w- c:\windows\agazelagarobif.dll
2010-10-04 16:17:57 788 ----a-w- c:\windows\ohewedigojeru.dll
2010-09-18 18:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 21:32:48.12 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/1/2001 11:02:11 PM
System Uptime: 11/13/2010 8:46:47 PM (1 hours ago)

Motherboard: Acer | | AOD250
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 142 GiB total, 120.865 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR8132 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_022F1025&REV_C0\4&2803E7C1&0&00E2
Manufacturer: Atheros
Name: Atheros AR8132 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1062&SUBSYS_022F1025&REV_C0\4&2803E7C1&0&00E2
Service: L1c

==== System Restore Points ===================

RP52: 8/8/2010 7:19:37 AM - Software Distribution Service 3.0
RP53: 8/17/2010 7:16:19 AM - Software Distribution Service 3.0
RP54: 8/18/2010 7:09:24 AM - Software Distribution Service 3.0
RP55: 8/19/2010 8:13:50 AM - System Checkpoint
RP56: 8/23/2010 7:17:31 PM - Software Distribution Service 3.0
RP57: 8/24/2010 8:06:20 PM - System Checkpoint
RP58: 8/25/2010 8:11:57 PM - System Checkpoint
RP59: 8/26/2010 8:14:20 PM - System Checkpoint
RP60: 8/28/2010 12:58:07 PM - System Checkpoint
RP61: 9/5/2010 8:27:19 AM - Software Distribution Service 3.0
RP62: 9/7/2010 10:55:42 AM - System Checkpoint
RP63: 9/8/2010 11:17:11 AM - System Checkpoint
RP64: 9/9/2010 1:12:38 PM - System Checkpoint
RP65: 9/15/2010 8:28:33 AM - System Checkpoint
RP66: 9/16/2010 3:00:40 AM - Software Distribution Service 3.0
RP67: 9/17/2010 9:52:46 AM - System Checkpoint
RP68: 9/20/2010 8:19:41 PM - System Checkpoint
RP69: 9/21/2010 8:48:44 PM - System Checkpoint
RP70: 9/23/2010 7:55:12 AM - System Checkpoint
RP71: 9/26/2010 10:35:58 AM - System Checkpoint
RP72: 9/29/2010 10:03:18 AM - System Checkpoint
RP73: 9/30/2010 4:47:49 PM - System Checkpoint
RP74: 10/1/2010 5:01:41 PM - System Checkpoint
RP75: 10/2/2010 8:16:43 AM - Software Distribution Service 3.0
RP76: 10/4/2010 11:17:22 AM - System Checkpoint
RP77: 10/7/2010 10:07:59 AM - System Checkpoint
RP78: 10/11/2010 10:39:42 PM - System Checkpoint
RP79: 10/12/2010 11:33:29 PM - System Checkpoint
RP80: 10/20/2010 10:17:58 PM - Software Distribution Service 3.0
RP81: 11/1/2010 9:56:35 PM - Removed Adobe Reader 9.3.4.
RP82: 11/1/2010 9:57:33 PM - Installed Adobe Reader 9.4.0.
RP83: 11/1/2010 10:27:30 PM - Removed eSobi v2
RP84: 11/2/2010 3:00:19 AM - Software Distribution Service 3.0
RP85: 11/9/2010 10:34:30 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Acer Crystal Eye webcam
Acer eRecovery Management
Acer ScreenSaver
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
Alice Greenfingers
ArcSoft PhotoStudio 5.5
BitTorrent
Bookworm Adventures
Canon MP Navigator 3.0
Canon My Printer
Canon Utilities Easy-PhotoPrint
Chicken Invaders 2
Choice Guard
Compatibility Pack for the 2007 Office system
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
Easy-WebPrint
Fizzball
Galapago
Garmin City Navigator North America 2008
Garmin Communicator Plugin
Garmin TOPO U.S. 2008
Garmin USB Drivers
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 6
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PlayItAll media player 1.0.5
Realtek High Definition Audio Driver
Rhapsody
ScanSoft OmniPage SE 4.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Synaptics Pointing Device Driver
U.B. Funkeys
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
WebCam
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

11/13/2010 8:38:28 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 8:38:28 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2010 8:38:27 PM, error: Service Control Manager [7034] - The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 8:38:27 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2010 8:38:27 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
11/13/2010 8:38:27 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2010 8:38:26 PM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2010 8:38:26 PM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/13/2010 8:38:25 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 8:38:25 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
11/13/2010 8:38:25 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================
 
Please update MalwareBytesAnti-Malware and run it again. Remove what is found and post the log please.

==

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

===========

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
I tried updating Malwarebytes Anti-malware but get the following error:
MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest). Tried uninstalling then reinstalling but still get error. I'm afraid to purchase the full version using my credit card because of the possible virus, however if you think it's safe i will do that.

Attached are the other logs requested.
2010/11/14 11:07:33.0281 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/14 11:07:33.0281 ================================================================================
2010/11/14 11:07:33.0281 SystemInfo:
2010/11/14 11:07:33.0281
2010/11/14 11:07:33.0281 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/14 11:07:33.0281 Product type: Workstation
2010/11/14 11:07:33.0281 ComputerName: ACER-330BB84976
2010/11/14 11:07:33.0281 UserName: jan
2010/11/14 11:07:33.0281 Windows directory: C:\WINDOWS
2010/11/14 11:07:33.0281 System windows directory: C:\WINDOWS
2010/11/14 11:07:33.0281 Processor architecture: Intel x86
2010/11/14 11:07:33.0281 Number of processors: 2
2010/11/14 11:07:33.0281 Page size: 0x1000
2010/11/14 11:07:33.0281 Boot type: Normal boot
2010/11/14 11:07:33.0281 ================================================================================
2010/11/14 11:07:34.0281 Initialize success
2010/11/14 11:07:36.0781 ================================================================================
2010/11/14 11:07:36.0781 Scan started
2010/11/14 11:07:36.0781 Mode: Manual;
2010/11/14 11:07:36.0781 ================================================================================
2010/11/14 11:07:37.0406 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\drivers\abp480n5.sys
2010/11/14 11:07:37.0640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/14 11:07:37.0671 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/14 11:07:37.0765 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\drivers\adpu160m.sys
2010/11/14 11:07:38.0000 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/14 11:07:38.0109 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/14 11:07:38.0156 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\drivers\Aha154x.sys
2010/11/14 11:07:38.0328 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\drivers\aic78u2.sys
2010/11/14 11:07:38.0515 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\drivers\aic78xx.sys
2010/11/14 11:07:38.0734 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\drivers\AliIde.sys
2010/11/14 11:07:38.0968 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/11/14 11:07:39.0203 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\drivers\amsint.sys
2010/11/14 11:07:39.0468 AR5416 (41074707ba49d02e240c7b960217aabe) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/11/14 11:07:39.0578 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\drivers\asc.sys
2010/11/14 11:07:39.0796 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\drivers\asc3350p.sys
2010/11/14 11:07:40.0000 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\drivers\asc3550.sys
2010/11/14 11:07:40.0218 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/14 11:07:40.0328 atapi (ce73348180216ecf132112f7307b7046) C:\WINDOWS\system32\DRIVERS\atapi.sy@
2010/11/14 11:07:40.0562 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/14 11:07:40.0656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/14 11:07:40.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/14 11:07:40.0843 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
2010/11/14 11:07:41.0093 BTKRNL (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/11/14 11:07:41.0312 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/11/14 11:07:41.0687 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/11/14 11:07:42.0031 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2010/11/14 11:07:42.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/14 11:07:42.0296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/14 11:07:42.0359 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\drivers\cd20xrnt.sys
2010/11/14 11:07:42.0609 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/14 11:07:42.0671 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/14 11:07:42.0750 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/14 11:07:43.0140 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/14 11:07:43.0171 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\drivers\CmdIde.sys
2010/11/14 11:07:43.0234 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/14 11:07:43.0343 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\drivers\Cpqarray.sys
2010/11/14 11:07:43.0421 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\drivers\dac2w2k.sys
2010/11/14 11:07:43.0468 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\drivers\dac960nt.sys
2010/11/14 11:07:43.0687 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/14 11:07:43.0750 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2010/11/14 11:07:43.0984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/14 11:07:44.0109 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/14 11:07:44.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/14 11:07:44.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/14 11:07:44.0343 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\drivers\dpti2o.sys
2010/11/14 11:07:44.0500 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2010/11/14 11:07:44.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/14 11:07:44.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/14 11:07:44.0906 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/14 11:07:44.0953 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/14 11:07:45.0000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/14 11:07:45.0062 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/14 11:07:45.0125 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/14 11:07:45.0171 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/14 11:07:45.0250 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/14 11:07:45.0328 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
2010/11/14 11:07:45.0515 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/14 11:07:45.0593 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\drivers\hpn.sys
2010/11/14 11:07:45.0812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/14 11:07:45.0890 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/14 11:07:45.0953 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\drivers\i2omp.sys
2010/11/14 11:07:46.0031 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/14 11:07:46.0312 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/14 11:07:46.0703 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2010/11/14 11:07:46.0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/14 11:07:46.0906 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\drivers\ini910u.sys
2010/11/14 11:07:47.0437 IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/14 11:07:47.0750 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\drivers\IntelIde.sys
2010/11/14 11:07:47.0796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/14 11:07:47.0859 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/14 11:07:47.0921 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/14 11:07:47.0984 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/14 11:07:48.0046 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/14 11:07:48.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/14 11:07:48.0140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/14 11:07:48.0218 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/14 11:07:48.0265 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/14 11:07:48.0312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/14 11:07:48.0390 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/14 11:07:48.0453 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2010/11/14 11:07:48.0875 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/11/14 11:07:49.0062 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/11/14 11:07:49.0296 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/11/14 11:07:49.0531 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/11/14 11:07:49.0796 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/11/14 11:07:50.0031 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/14 11:07:50.0109 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/14 11:07:50.0218 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/11/14 11:07:50.0484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/14 11:07:50.0546 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/14 11:07:50.0671 MPFP (bc2a92cff784555ed622f861cb34f2e6) C:\WINDOWS\system32\Drivers\Mpfp.sys
2010/11/14 11:07:51.0125 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\drivers\mraid35x.sys
2010/11/14 11:07:51.0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/14 11:07:51.0468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/14 11:07:51.0531 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/14 11:07:51.0609 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/14 11:07:51.0656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/14 11:07:51.0718 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/14 11:07:51.0781 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/14 11:07:51.0859 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/14 11:07:51.0906 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/14 11:07:51.0984 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/14 11:07:52.0031 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/14 11:07:52.0093 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/14 11:07:52.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/14 11:07:52.0250 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/14 11:07:52.0296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/14 11:07:52.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/14 11:07:52.0390 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/14 11:07:52.0453 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/14 11:07:52.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/14 11:07:52.0687 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/14 11:07:52.0781 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/14 11:07:52.0859 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/14 11:07:52.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/14 11:07:53.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/14 11:07:53.0062 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/14 11:07:53.0140 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/14 11:07:53.0187 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/14 11:07:53.0265 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/14 11:07:53.0328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/14 11:07:53.0562 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\drivers\perc2.sys
2010/11/14 11:07:53.0750 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\drivers\perc2hib.sys
2010/11/14 11:07:53.0906 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/14 11:07:53.0968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/14 11:07:54.0015 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/14 11:07:54.0078 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\drivers\ql1080.sys
2010/11/14 11:07:54.0156 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\drivers\Ql10wnt.sys
2010/11/14 11:07:54.0218 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\drivers\ql12160.sys
2010/11/14 11:07:54.0296 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\drivers\ql1240.sys
2010/11/14 11:07:54.0343 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\drivers\ql1280.sys
2010/11/14 11:07:54.0437 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/14 11:07:54.0500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/14 11:07:54.0562 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/14 11:07:54.0625 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/14 11:07:54.0687 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/14 11:07:54.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/14 11:07:54.0843 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/14 11:07:54.0921 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/14 11:07:55.0187 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/14 11:07:55.0265 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/14 11:07:55.0359 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/14 11:07:55.0500 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/14 11:07:55.0656 SNP2UVC (c792610f7d2009352721c1ae38da0619) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/11/14 11:07:55.0953 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\drivers\Sparrow.sys
2010/11/14 11:07:56.0031 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/14 11:07:56.0093 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/14 11:07:56.0203 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/14 11:07:56.0296 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/14 11:07:56.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/14 11:07:56.0421 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/14 11:07:56.0500 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\drivers\symc810.sys
2010/11/14 11:07:56.0687 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\drivers\symc8xx.sys
2010/11/14 11:07:56.0875 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\drivers\sym_hi.sys
2010/11/14 11:07:56.0937 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\drivers\sym_u3.sys
2010/11/14 11:07:57.0156 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/14 11:07:57.0359 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/14 11:07:57.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/14 11:07:57.0546 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/14 11:07:57.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/14 11:07:57.0640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/14 11:07:57.0734 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\drivers\TosIde.sys
2010/11/14 11:07:57.0812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/14 11:07:57.0875 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\drivers\ultra.sys
2010/11/14 11:07:58.0109 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/14 11:07:58.0234 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/14 11:07:58.0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/14 11:07:58.0390 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/14 11:07:58.0468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/14 11:07:58.0531 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/14 11:07:58.0593 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/14 11:07:58.0656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/14 11:07:58.0734 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/14 11:07:58.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/14 11:07:58.0875 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\drivers\ViaIde.sys
2010/11/14 11:07:58.0937 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/14 11:07:59.0046 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/14 11:07:59.0140 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/11/14 11:07:59.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/14 11:07:59.0734 WinDriver6 (94e4312d546048bf31604a8b2ad13fc0) C:\WINDOWS\system32\drivers\windrvr6.sys
2010/11/14 11:08:00.0031 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sy@
2010/11/14 11:08:00.0140 WpdUsb (05d10cf85b78d81530e7d8b0ef443349) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/11/14 11:08:00.0390 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/14 11:08:00.0625 ================================================================================
2010/11/14 11:08:00.0625 Scan finished
2010/11/14 11:08:00.0625 ================================================================================

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000004

Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7617000 VolSnap.sys
0xF74C0000 atapi.sy@
0xF7B11000 iaStor.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74A0000 fltMgr.sys
0xF748E000 sr.sys
0xF7477000 KSecDD.sys
0xBA773000 Ntfs.sys
0xBA746000 NDIS.sys
0xBA72C000 Mup.sys
0xF7697000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB867B000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB8667000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB863F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB84BE000 \SystemRoot\system32\DRIVERS\athw.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB849A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77DF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA67A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8469000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79B7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76B7000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB83ED000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA676000 \SystemRoot\system32\DRIVERS\wmiacpi.sy@
0xB82FC000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB82CE000 \SystemRoot\system32\drivers\windrvr6.sys
0xBA524000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA672000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB82B7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB82A6000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7587000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7807000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF780F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA4C3000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79B9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8283000 \SystemRoot\system32\DRIVERS\ks.sys
0xB7ECA000 \SystemRoot\system32\DRIVERS\update.sys
0xB9BE8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA443000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7577000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA61EA000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA5C2D000 \SystemRoot\system32\drivers\portcls.sys
0xF7537000 \SystemRoot\system32\drivers\drmk.sys
0x9F2DC000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF799F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9F04B000 \SystemRoot\System32\Drivers\Null.SYS
0xF79AB000 \SystemRoot\System32\Drivers\Beep.SYS
0x9F264000 \SystemRoot\System32\drivers\vga.sys
0xF79AD000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9F25C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9F254000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9F2D8000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9E572000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9E519000 \SystemRoot\system32\DRIVERS\tcpip.sys
0x9E4F2000 \SystemRoot\System32\Drivers\Mpfp.sys
0x9E4CC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x9F166000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x9F156000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9E4A4000 \SystemRoot\system32\DRIVERS\netbt.sys
0x9E482000 \SystemRoot\System32\drivers\afd.sys
0x9F146000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9E457000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9E3E7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E3B4000 \SystemRoot\system32\drivers\mfehidk.sys
0x9F0B2000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
0x9F116000 \SystemRoot\System32\Drivers\Fips.SYS
0x9E206000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x9F106000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x9F24C000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x9E138000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x9E8C8000 \SystemRoot\System32\drivers\Dxapi.sys
0x9F224000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x9F04A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA0774000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E10B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9E033000 \SystemRoot\system32\DRIVERS\srv.sys
0x9DF06000 \SystemRoot\system32\drivers\wdmaud.sys
0xA4F50000 \SystemRoot\system32\drivers\sysaudio.sys
0x9D569000 \SystemRoot\System32\Drivers\HTTP.sys
0xF77AF000 \SystemRoot\system32\drivers\mfebopk.sys
0x9D4AC000 \SystemRoot\system32\drivers\mfeavfk.sys
0x9CF63000 \SystemRoot\system32\drivers\mfesmfk.sys
0x9CBED000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
500 C:\WINDOWS\system32\smss.exe
548 csrss.exe
572 C:\WINDOWS\system32\winlogon.exe
616 C:\WINDOWS\system32\services.exe
628 C:\WINDOWS\system32\lsass.exe
780 C:\WINDOWS\system32\svchost.exe
844 svchost.exe
884 C:\WINDOWS\system32\svchost.exe
956 svchost.exe
984 svchost.exe
1216 C:\WINDOWS\system32\spoolsv.exe
1292 svchost.exe
1352 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1384 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1404 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
1476 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
1492 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
1600 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1656 C:\Program Files\McAfee\MPF\MpfSrv.exe
1776 C:\Program Files\Acer\Acer VCM\RS_Service.exe
1952 C:\WINDOWS\system32\svchost.exe
380 C:\WINDOWS\explorer.exe
912 wdfmgr.exe
2020 C:\Program Files\McAfee.com\Agent\mcagent.exe
2436 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2444 C:\WINDOWS\system32\igfxtray.exe
2452 C:\WINDOWS\system32\hkcmd.exe
2460 C:\WINDOWS\system32\igfxpers.exe
2468 C:\WINDOWS\RTHDCPL.EXE
2512 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2532 C:\PROGRA~1\LAUNCH~1\LManager.exe
2592 C:\WINDOWS\system32\igfxsrvc.exe
2624 C:\WINDOWS\PLFSetL.exe
2652 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2660 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
2708 C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
2744 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2768 C:\WINDOWS\system32\ctfmon.exe
2888 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
3000 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
3060 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3168 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3280 alg.exe
3468 C:\WINDOWS\system32\igfxext.exe
3936 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
3160 C:\Program Files\Internet Explorer\iexplore.exe
168 C:\Program Files\Internet Explorer\iexplore.exe
552 C:\Program Files\Internet Explorer\iexplore.exe
2108 C:\Documents and Settings\jan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`c0200000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
No need to purchase it. Download and run the manual update from http://malwarebytes.gt500.org/ then run MBA-M again.

==

Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
 
OK got MBAM to update and reran. Below are the logs from ComboFix and below that the MBAM log.
jan

ComboFix 10-11-14.01 - jan 11/14/2010 20:20:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1434 [GMT -7:00]
Running from: c:\documents and settings\jan\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ACER\Local Settings\Application Data\{955E0CE4-4A34-4FDA-9AB9-71204D52B264}
c:\documents and settings\ACER\Local Settings\Application Data\{955E0CE4-4A34-4FDA-9AB9-71204D52B264}\chrome.manifest
c:\documents and settings\ACER\Local Settings\Application Data\{955E0CE4-4A34-4FDA-9AB9-71204D52B264}\chrome\content\_cfg.js
c:\documents and settings\ACER\Local Settings\Application Data\{955E0CE4-4A34-4FDA-9AB9-71204D52B264}\chrome\content\overlay.xul
c:\documents and settings\ACER\Local Settings\Application Data\{955E0CE4-4A34-4FDA-9AB9-71204D52B264}\install.rdf
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\logs

.
((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-14 17:16 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-14 17:16 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 04:02 . 2010-11-04 04:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-11-02 04:08 . 2010-11-02 04:23 -------- d-----w- c:\documents and settings\jan
2010-11-02 03:57 . 2010-11-02 03:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-02 03:54 . 2010-11-02 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-11-02 03:54 . 2010-11-04 04:01 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-02 03:50 . 2010-11-02 03:50 -------- d-----w- c:\documents and settings\ACER\Local Settings\Application Data\Mozilla
2010-10-21 18:56 . 2010-10-21 18:56 -------- d-----w- c:\documents and settings\ACER\Bluetooth Software
2010-10-21 04:42 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 15:53 . 2010-09-26 15:53 199 ----a-w- c:\documents and settings\ACER\Application Data\hgksfg.bat
2010-09-18 18:23 . 2009-03-11 12:53 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-03-11 12:53 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-03-11 12:53 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-03-11 12:53 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2009-03-11 12:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2009-03-11 12:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2009-03-11 12:53 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2009-03-11 12:52 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-03-11 12:53 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-03-11 12:53 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-03-11 12:53 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 00:26 . 2010-08-27 00:27 186592 ----a-w- c:\windows\system32\drivers\windrvr6.sys
2010-08-26 13:39 . 2009-03-11 12:53 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-04-14 07:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-03-11 12:52 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2009-03-11 12:53 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\jan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-11 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/12/2010 2:57 AM 88176]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [3/11/2009 11:32 PM 237568]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 8:03 PM 38912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/14/2010 10:16 AM 38224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/11/2009 10:56 PM 1684736]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder

2010-04-12 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-12 18:22]

2010-04-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-12 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msnbc.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: mbamupdates.com\data-cdn
DPF: {BD08B340-7A26-4EAA-A78B-2998AAE61ACB} - hxxps://www.pcs.newyorklife.com/pcsweb/components/LetterTemplateManager.cab
DPF: {DF989DC2-7A72-4589-8C1A-9DDDF37AE5D8} - hxxps://www.pcs.newyorklife.com/pcsweb/components/LTMHelper.cab
FF - ProfilePath - c:\documents and settings\jan\Application Data\Mozilla\Firefox\Profiles\ooag4kor.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 20:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sy@"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sy@"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-14 20:27:56
ComboFix-quarantined-files.txt 2010-11-15 03:27

Pre-Run: 129,816,154,112 bytes free
Post-Run: 129,804,136,448 bytes free

- - End Of File - - 742CC6263906FA26C9DE387757ED5D35

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5117

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/14/2010 4:16:33 PM
mbam-log-2010-11-14 (16-16-33).txt

Scan type: Quick scan
Objects scanned: 154243
Time elapsed: 13 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
So far so good. Went through several Google searches and no redirects! Hopefully this did the trick. I really appreciate your help - this forum is amazing.
 
No worries. Just do an on-line scan before you go.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

 
Here is the ESET Online scan log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=21efb304f52adf4ba3aae7158b63441b
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-16 01:14:47
# local_time=2010-11-15 06:14:47 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776869 100 96 8877941 42704180 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=61574
# found=0
# cleaned=0
# scan_time=2634
 
Looks good :).

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

====

Stay safe :)
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back