Inactive Trouble with Firefox on startup

Status
Not open for further replies.
V

verity25

Posts: 111   +0
Hi,

I am getting a lot of problems with Firefox loading multiple times on startup of the program with blank pages. It seems to be the only way around it is to click on a link in an email to get it to run the selected webpage, but then it will still open more times in the background. Here are the log files after completing the 7 steps. This has been getting steadily worse over time. I formatted my HD some time ago to get rid of this problem but it came back soon after.

Thanks in advance for any help you can give me.....

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/12/2011 15:22:03
mbam-log-2011-06-12 (15-22-03).txt

Scan type: Quick scan
Objects scanned: 185500
Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-12 16:07:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AADS-00L4B1 rev.05.04C05
Running: lht04dsi.exe; Driver: C:\DOCUME~1\Alan\LOCALS~1\Temp\uwwdaaoc.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E69210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E692A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E691FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E691D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E691E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E69276]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E6928A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\mv61xx \Device\Scsi\mv61xx1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Alan at 16:21:25 on 2011-06-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1858 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: McAfee Firewall *Enabled*
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\astsrv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\WINDOWS\system32\nlssrv32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\program files\Mozilla Firefox\firefox.exe
C:\program files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.talktalk.com/
uInternet Settings,ProxyOverride = *.local
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110512184836.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [Six Engine] "c:\program files\asus\six engine\SixEngine.exe" -r
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download with mediAvatar YouTube Video Converter - e:\youtube video converter\upod_link.HTM
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46}
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49}
IE: {724d43aa-0d85-11d4-9908-00400523e39a}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: prime-vip.com\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{E9B04050-F9AB-4B2A-A3D0-3AA1987A3490} : NameServer = 213.109.68.117,213.109.68.211
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\program files\stardock\mycolors\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockplus2\ODMenu.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes3\deskscapes.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alan\application data\mozilla\firefox\profiles\s46jwy6a.alan\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.talktalk.co.uk/index-version-6.html
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=
FF - plugin: c:\documents and settings\alan\application data\mozilla\firefox\profiles\s46jwy6a.alan\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-26 387480]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-23 150568]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-2-27 84200]
R1 RapportCerberus_26169;RapportCerberus_26169;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26169\RapportCerberus_26169.sys [2011-5-2 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-12 366640]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-27 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-27 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-27 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-27 141792]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-1-29 66560]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-1 1822296]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-7-6 1373480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-27 56064]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-12-2 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-11 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-12 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-2-26 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-26 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-27 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-2-27 88736]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110611.006\NAVENG.SYS [2011-6-11 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110611.006\NAVEX15.SYS [2011-6-11 1542392]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-23 136176]
S3 cpuz132;cpuz132;\??\c:\docume~1\alan\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\alan\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2010-7-7 30984]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-12 39984]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-2-27 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-27 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2011-2-26 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2011-2-26 40552]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-5-20 1128944]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-4-12 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-4-12 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-4-12 136680]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2010-4-7 120232]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2010-6-15 19024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
.
=============== Created Last 30 ================
.
2011-06-12 14:12:19 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 14:12:13 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-12 14:12:13 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-28 12:31:22 -------- dc----w- c:\documents and settings\alan\application data\TuneUpMedia
2011-05-27 20:04:30 -------- dc----w- c:\program files\TuneUpMedia
2011-05-27 20:03:00 -------- dc----w- c:\documents and settings\alan\local settings\application data\OpenCandy
2011-05-27 20:02:58 -------- dc----w- c:\documents and settings\alan\application data\OpenCandy
2011-05-23 16:19:35 -------- dc----w- c:\program files\common files\xing shared
2011-05-21 15:01:26 -------- dc----w- c:\documents and settings\alan\local settings\application data\WMTools Downloaded Files
2011-05-21 13:15:40 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-05-21 13:15:40 38912 ----a-w- c:\windows\system32\drivers\avc.sys
2011-05-21 13:15:36 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2011-05-21 13:15:36 48128 ----a-w- c:\windows\system32\drivers\61883.sys
2011-05-21 09:20:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-19 01:16:26 94536 -c--a-w- c:\windows\system32\UDBDef.exe
2011-04-17 15:21:38 159008 -c--a-w- c:\windows\system32\UIAutomationCore.dll
2011-04-14 13:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 13:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 13:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 13:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 13:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 13:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 13:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 13:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 13:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 13:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 13:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-25 16:04:20 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2011-03-19 15:50:24 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
.
============= FINISH: 16:22:32.32 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/25/2010 03:42:25
System Uptime: 6/12/2011 16:13:28 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q
Processor: Intel Pentium III Xeon processor | LGA 775 | 2333/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 156 GiB total, 52.717 GiB free.
D: is FIXED (NTFS) - 146 GiB total, 36.209 GiB free.
E: is FIXED (NTFS) - 104 GiB total, 88.964 GiB free.
F: is FIXED (NTFS) - 60 GiB total, 20.515 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 198.738 GiB free.
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
A-Train8EU
ACARS
ACARS - 2
ACARS - 3
Act of War - Direct Action
Active Sky Advanced
Active Sky Evolution
Adobe AIR
Adobe Community Help
Adobe Flash Media Live Encoder 3.1
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.4.1
Adobe Reader X (10.0.1)
Aerosoft's - MyTraffic 2010
Age of Empires III
AI Roboform Enterprise 7.2.8
AlacrityPC
AM-DeadLink 3.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed
ATCsimulator®2 (Build 3.3.0.17) Professional Edition
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
AudioLabel
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Big Fish Games Client
Blitzkrieg 2
Bonjour
Calendar Printing Assistant for Microsoft Office Outlook 2007
Call of Duty
Call of Duty - United Offensive
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Call of Duty(R) - World at War(TM) 1.5 Patch
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Canon MP Navigator EX 1.0
Canon MP610 series
Canon MP610 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CD-LabelPrint
Civilization III
CloneDVD 4.0
Command & Conquer 3
Company of Heroes
D-Day
DBS Airport GPS
Definition update for Microsoft Office 2010 (KB982726)
Demon Stone
DeskScapes
Deus Ex - Invisible War
DirectX 9 Runtime
Disktrix UltimateDefrag
Divine Divinity
Don't Panic 2
Doom 3
Drive Manager
Driver Detective
Dungeon Siege Legends of Aranna
Dungeon Siege Legends of Aranna Bonus Pack
DVD Architect Pro 5.0
Elecard Codec SDK G4 Eval
EPU-6 Engine
Euro Truck Simulator 1.3
Falcon 4.0: Allied Force
Family Historian 3.0
Family Tree Maker 2009
Far Cry
FEAR
FeelThere ERJ v.2 SP2
FileMaker Pro 10 Advanced
Filters Unlimited 2.0
First to Fight
FLAC 1.2.1b (remove only)
Flight Simulator X
Flight Simulator X Service Pack 1
FolderVisualizer
FollowMe
Football Manager 2010
Fotolia Powerpoint 2007_2010 Add-in
Fotolia Word 2007_2010 Add-in
Free Mp3 Wma Ogg Converter 7.1.3
FreeArc 0.60
Freelancer
FS Recorder 2.01 for FSX
FSX Beechcraft 1900D
FSX Booster 2.9.6.0
GameShadow
Garmin POI Loader
Garmin USB Drivers
GoodSync
Google Chrome
Google Update Helper
GPGNet
Hidden Expedition: Titanic ™
HiTilesAF
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Hoyle Puzzle and Board Games 2011 (remove only)
I am an Air Traffic Controller3
IconPackager
Impulse
Internet Explorer (Enable DEP)
iTunes
Java Auto Updater
Java(TM) 6 Update 24
jv16 PowerTools 2010
jv16 PowerTools 2011
KCLE v1.1.2 for FSX
KDAL v1.1.2 for FSX
KMCO v1.1.2 for FSX
KMEM v1.1.2 for FSX
KRDU v2.1.2 for FSX
Legacy 7.0
Legacy Charting 7.0
Lernout & Hauspie TruVoice American English TTS Engine
LightScribe System Software 1.17.90.1
LiveUpdate 3.3 (Symantec Corporation)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
LUMIX Simple Viewer
Magic ISO Maker v5.5 (build 0276)
MagicDisc 2.7.106
Mahjong Mysteries of the Past 1.00
Malwarebytes' Anti-Malware version 1.51.0.1200
Managed DirectX (0900)
marvell 61xx
McAfee AntiVirus Plus
mediAvatar YouTube Video Converter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X: Acceleration
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft Speech SDK 5.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WorldWide Telescope
Microsoft WSE 3.0
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Monitor Calibration Wizard 1.0
Movavi Theme Pack
Movavi Video Suite 8
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Myst III: Exile
Myst IV - Revelation
Mystery Stories
Nero 7 Essentials
neroxml
ObjectDock Plus
ObjectDock Plus 2
OGA Notifier 2.0.0048.0
OpenAL
PDF Settings CS5
Pen Tablet
PFPortChecker 1.0.36
PhotoTools 2.6 Professional Edition
PIXMA Extended Survey Program
Plug-in Suite 5.0.1
Portforward Static IP Address 1.0.44
Prey
Pro Backup
Process Lasso
ProShow Producer
PxMergeModule
Python 2.7
Quake 4(TM)
QuickTime
Radar Contact Version 4.3
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RedShift 5.1
RoboForm 7-2-8
RootsMagic 3.0
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Easy VHS to DVD
Roxio Easy VHS to DVD Content
Roxio Video Capture USB
Roxio Video Capture USB Driver
SAEZ-SVMI v1.1.2 for FSX
Samsung Kies
Samsung Mobile phone USB driver Software
SAMSUNG USB Driver for Mobile Phones
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Segoe UI
SimCharts 3.0
SimPlates2004
SmartSoft Video Converter
Spybot - Search & Destroy
Star Wars Battlefront II
Stardock MyColors
StumbleUpon IE Toolbar
Supreme Commander
Symantec Endpoint Protection
SyncToy 2.1 (x86)
SysResources Manager
Temple of Elemental Evil
The Bard's Tale
The Serpent of Isis 1.00
Tom Clancy's Rainbow Six: Lockdown
TTS_Technology
Tweak UI
TweakFPS for FSX
Ultimate Terrain X - USA
Ultimate Traffic
UltimateDefrag 2008
Uniblue SpeedUpMyPC 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
UVA FSX Bombardier CRJ-700
Vegas Movie Studio HD Platinum 10.0
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
Warlords Battlecry III
WashAndGo
WebFldrs XP
WindowBlinds
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 15.5
Wondershare DVD Slideshow Builder Standard(Build 6.0.4.25)
WOT for Internet Explorer
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
6/11/2011 15:06:28, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Is Firefox your only computer issue?

You're running two AV programs, Norton and McAfee.
One of them has to go.
If McAfee, use this tool to uninstall it: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
If Norton, use this tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
 
I have removed Norton from my system and keeping McAfee. Firefox is giving me the most problems. If I sometimes have to use IE that can also open more than one window. Firefox also redirects to unwanted webpages.
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I did everything you said but somehow the registry got messed up. Couldn't get it fixed to get online so had to reinstall WinXP after formatting the HD. Reinstalled Firefox and all was going fine, then Google Analytics started re-directing to other sites. any ideas what to do?
 
Here is the MBAM log file, however when I run GMER it crashes halfway through the scan.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/06/2011 11:40:09
mbam-log-2011-06-17 (11-40-09).txt

Scan type: Quick scan
Objects scanned: 162383
Time elapsed: 17 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows updater (Backdoor.IRCBot) -> Value: windows updater -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Alan\local settings\Temp\xkgnnwo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\documents and settings\Alan\local settings\Temp\gaspci.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
 
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Alan at 17:06:52 on 2011-06-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2519 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\ASUS\Drive Xpert\SteelVine.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Direct Link\AsShare.exe
C:\Program Files\ASUS\Drive Xpert\DriveXpert.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Impulse\Now\ImpulseNow.exe
C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mytalktalk.co.uk
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110617095446.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: : {b5205bfb-2051-498e-7323-23ea03f4f87a} - c:\windows\system32\wrbhaouj.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [java system update] %TEMP%\eumlm.exe
uRun: [winupdate system] %TEMP%\icvcc.exe
uRun: [java checksys] %TEMP%\rtpmp.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [Six Engine] "c:\program files\asus\epu-6 engine\SixEngine.exe" -r
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [QFan Help] "c:\program files\asus\ai suite\qfan3\QFanHelp.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [Launch Direct Link] "c:\program files\asus\ai direct link\AsShare.exe"
mRun: [Launch As Cmd Runner] "c:\program files\asus\ai direct link\AsCmd.exe" -reg
mRun: [Drive Xpert] c:\program files\asus\drive xpert\DriveXpert.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\impuls~1.lnk - c:\program files\impulse\now\ImpulseNow.exe
StartupFolder: c:\docume~1\alan\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdockplus2\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1308151277785
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{1937AF6F-F4D7-476E-93A0-A58FE538BEC1} : NameServer = 213.109.68.117,213.109.75.211
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
STS: ObjectDockShlExt Class: {1984d045-52cf-49cd-db77-08f378fea4db} - c:\program files\stardock\objectdockplus2\ODMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alan\application data\mozilla\firefox\profiles\o4c9q1d1.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.talktalk.net
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-6-15 387480]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-23 150568]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-4-28 53816]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-6-15 84200]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-17 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-4-28 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-4-28 158904]
R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\asus\drive xpert\SteelVine.exe [2008-5-29 1286144]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-17 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2011-6-15 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-15 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-15 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-15 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-15 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-15 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-15 141792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-4-28 870200]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2011-6-16 1373480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-15 56064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-17 22712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-15 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-15 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-6-15 88736]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 igytbyfj;Microcode Update Support;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-6-16 1691480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-17 39984]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-15 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-6-15 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-15 84488]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-5-20 1128944]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
.
=============== Created Last 30 ================
.
2011-06-17 14:18:19 -------- dc-h--w- c:\documents and settings\all users\application data\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
2011-06-17 12:35:15 -------- d-----w- c:\documents and settings\alan\local settings\application data\ODUI
2011-06-17 10:20:20 -------- d-----w- c:\documents and settings\alan\application data\Malwarebytes
2011-06-17 10:20:01 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-17 10:20:00 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-17 10:19:57 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 10:19:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-17 09:53:58 -------- d-----w- c:\program files\common files\Stardock
2011-06-17 09:53:55 -------- d-----w- c:\program files\Stardock
2011-06-17 09:42:58 -------- d-----w- c:\documents and settings\alan\application data\Stardock
2011-06-17 09:42:48 -------- d-----w- c:\documents and settings\all users\application data\Gibraltar
2011-06-17 09:42:33 -------- d-----w- c:\program files\Impulse
2011-06-17 09:42:33 -------- d-----w- c:\documents and settings\all users\application data\Stardock
2011-06-17 09:42:17 -------- dc-h--w- c:\documents and settings\all users\application data\{F17D9C21-2BB9-4DE6-A952-721D90A7029A}
2011-06-17 08:54:46 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-06-17 08:32:11 -------- d-----w- c:\documents and settings\alan\local settings\application data\Trusteer
2011-06-16 22:33:28 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-06-16 22:30:59 -------- d-----w- c:\program files\MSXML 4.0
2011-06-16 22:28:01 359016 ----a-w- c:\windows\vncutil.exe
2011-06-16 22:27:59 59496 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-06-16 22:27:59 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-06-16 22:27:58 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-06-16 22:27:56 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-06-16 22:15:46 -------- d-----w- c:\documents and settings\all users\application data\UAB
2011-06-16 22:15:43 -------- d-----w- c:\documents and settings\alan\local settings\application data\PC_Drivers_Headquarters
2011-06-16 22:15:39 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters
2011-06-16 22:15:00 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2011-06-16 22:03:18 -------- d-----w- c:\documents and settings\alan\application data\Trusteer
2011-06-16 22:03:14 -------- d-----w- c:\program files\Trusteer
2011-06-16 22:02:44 -------- d-----w- c:\documents and settings\all users\application data\Trusteer
2011-06-16 21:40:27 -------- d-----w- c:\documents and settings\alan\application data\PFStaticIP
2011-06-16 21:40:15 -------- d-----w- c:\program files\PFStaticIP
2011-06-16 21:21:55 -------- d-----w- c:\documents and settings\alan\local settings\application data\Stardock
2011-06-16 21:19:39 -------- dc-h--w- c:\documents and settings\all users\application data\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2011-06-16 21:19:25 -------- d-----w- c:\documents and settings\alan\local settings\application data\PackageAware
2011-06-16 21:10:42 -------- d-----w- c:\documents and settings\alan\application data\Windows Search
2011-06-16 10:34:48 233472 --sha-r- c:\windows\system32\iphlpapiu.dll
2011-06-16 10:07:23 -------- d-----w- c:\documents and settings\alan\local settings\application data\Adobe
2011-06-16 09:57:26 -------- d-----w- c:\documents and settings\alan\local settings\application data\Scansoft
2011-06-16 09:40:16 -------- d-----w- c:\documents and settings\all users\application data\Uninstall
2011-06-16 09:29:38 -------- d-----w- c:\program files\common files\Sonic Shared
2011-06-16 09:28:08 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-06-16 09:28:08 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2011-06-16 09:28:07 303104 ----a-w- c:\windows\emunist.exe
2011-06-16 09:28:01 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2011-06-16 09:28:01 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2011-06-16 09:28:01 33280 ----a-w- c:\windows\system32\PsisRndr.ax
2011-06-16 09:28:00 56832 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-06-16 09:22:03 -------- d-----w- c:\documents and settings\alan\application data\WTablet
2011-06-16 09:21:29 2684200 ------w- c:\windows\system32\PenTablet.cpl
2011-06-16 09:21:26 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-06-16 09:21:26 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-06-16 09:21:23 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2011-06-16 09:21:14 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-06-16 09:21:13 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-06-16 09:21:11 -------- d-----w- c:\windows\system32\WTablet
2011-06-16 09:21:09 181544 ------w- c:\windows\system32\Wintab32.dll
2011-06-16 09:21:09 1373480 ------w- c:\windows\system32\Pen_Tablet.exe
2011-06-16 09:21:09 128296 ------w- c:\windows\system32\Pen_Tablet.dll
2011-06-16 09:21:00 -------- d-----w- c:\program files\Tablet
2011-06-16 09:15:44 -------- d-----w- c:\documents and settings\all users\application data\CanonIJPLM
2011-06-16 09:14:53 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-06-16 09:14:53 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-06-16 09:14:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-06-16 09:14:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-06-16 09:14:07 -------- d-----w- c:\program files\common files\CANON
2011-06-16 09:11:37 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP93.DLL
2011-06-16 09:11:37 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD93.DLL
2011-06-16 09:11:37 215040 ----a-w- c:\windows\system32\CNMLM93.DLL
2011-06-16 09:11:19 188416 ----a-w- c:\windows\system32\CNC610O.DLL
2011-06-16 09:11:18 98304 ----a-w- c:\windows\system32\CNC610I.DLL
2011-06-16 09:11:18 200704 ----a-w- c:\windows\system32\CNC610L.DLL
2011-06-16 09:11:17 1400832 ----a-w- c:\windows\system32\CNC610C.DLL
2011-06-16 09:08:59 -------- d-----w- c:\program files\Canon
2011-06-16 09:07:57 -------- d-----w- c:\program files\common files\ScanSoft Shared
2011-06-16 09:07:25 -------- d-----w- c:\program files\ScanSoft
2011-06-16 08:51:25 -------- d-----w- c:\program files\Siber Systems
2011-06-15 21:35:04 -------- d-----w- c:\program files\common files\Windows Live
2011-06-15 21:34:16 -------- d-----w- c:\windows\system32\winrm
2011-06-15 21:34:12 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-15 21:33:51 -------- d-----w- c:\documents and settings\alan\local settings\application data\Identities
2011-06-15 21:33:49 -------- d-----w- c:\documents and settings\alan\application data\Windows Desktop Search
2011-06-15 21:33:31 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-15 21:33:31 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-15 21:33:04 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-06-15 21:33:03 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-06-15 21:33:03 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-06-15 21:32:43 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-15 21:31:50 -------- d-----w- c:\windows\system32\LogFiles
2011-06-15 21:30:58 -------- d-----w- c:\windows\system32\URTTEMP
2011-06-15 21:30:21 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-15 20:50:40 -------- d-----w- c:\windows\ie8updates
2011-06-15 20:32:59 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-15 20:32:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-15 20:32:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-15 20:32:57 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-15 20:32:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-15 20:32:55 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-15 20:31:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-15 20:31:47 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-15 20:28:41 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-15 20:28:25 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-15 20:27:03 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-06-15 20:26:35 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-15 20:26:34 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-06-15 20:26:21 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-15 20:25:31 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-06-15 20:24:50 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-15 20:23:54 293376 ------w- c:\windows\system32\browserchoice.exe
2011-06-15 20:22:35 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-06-15 20:22:35 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-06-15 20:22:28 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-06-15 20:22:00 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-06-15 20:21:11 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-06-15 20:18:40 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-06-15 20:18:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-06-15 20:17:48 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-06-15 20:17:42 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-06-15 20:06:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-15 20:06:29 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-15 20:06:23 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-15 20:06:23 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-15 20:06:23 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-15 20:06:23 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-15 20:06:23 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-15 20:06:23 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-15 20:06:23 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-15 20:06:23 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-15 20:06:23 -------- d-----w- C:\1287bd8a094eb607500a86
2011-06-15 20:04:40 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-06-15 20:04:31 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-06-15 20:04:25 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-06-15 20:04:24 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-06-15 20:04:24 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-06-15 20:04:23 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-06-15 20:04:23 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-06-15 20:04:22 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-06-15 20:04:22 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-06-15 20:04:22 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-06-15 20:04:21 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-06-15 19:53:15 14744 ----a-w- c:\documents and settings\alan\application data\microsoft\identitycrl\production\ppcrlconfig.dll
2011-06-15 19:52:09 -------- d-----w- c:\program files\MSECache
2011-06-15 19:39:29 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-15 19:39:29 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-15 18:35:01 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-06-15 18:34:11 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-06-15 18:33:34 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-06-15 18:33:30 -------- d-----w- c:\windows\SHELLNEW
2011-06-15 18:33:20 -------- d-----w- c:\documents and settings\alan\local settings\application data\Microsoft Help
2011-06-15 17:43:18 -------- d-----w- c:\windows\system32\scripting
2011-06-15 17:43:18 -------- d-----w- c:\windows\system32\en
2011-06-15 17:43:18 -------- d-----w- c:\windows\l2schemas
2011-06-15 17:43:17 -------- d-----w- c:\windows\system32\bits
2011-06-15 17:42:11 -------- d-----w- c:\windows\ServicePackFiles
2011-06-15 17:40:38 -------- d-----w- c:\windows\network diagnostic
2011-06-15 16:57:54 -------- d-----w- c:\documents and settings\alan\application data\PriceGong
2011-06-15 16:56:01 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2011-06-15 16:53:51 -------- d-----w- c:\program files\Conduit
2011-06-15 16:53:51 -------- d-----w- c:\documents and settings\alan\local settings\application data\uTorrentBar
2011-06-15 16:53:51 -------- d-----w- c:\documents and settings\alan\local settings\application data\Conduit
2011-06-15 16:53:47 -------- d-----w- c:\program files\ConduitEngine
2011-06-15 16:53:47 -------- d-----w- c:\documents and settings\alan\local settings\application data\ConduitEngine
2011-06-15 16:53:45 -------- d-----w- c:\program files\uTorrentBar
2011-06-15 16:53:45 -------- d-----w- c:\documents and settings\alan\local settings\application data\Temp
2011-06-15 16:53:44 -------- d-----w- C:\extensions
2011-06-15 16:47:49 -------- d-----w- c:\program files\uTorrent
2011-06-15 16:46:56 -------- d-----w- c:\documents and settings\alan\application data\uTorrent
2011-06-15 16:31:36 -------- d-----w- c:\program files\Disktrix
2011-06-15 16:17:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-15 16:00:59 -------- d-----w- c:\documents and settings\alan\local settings\application data\ATI
2011-06-15 15:52:06 -------- d-----w- c:\program files\AMD APP
2011-06-15 15:50:42 -------- d-----w- c:\program files\ATI Technologies
2011-06-15 15:49:53 -------- d-----w- C:\ATI
2011-06-15 15:45:06 -------- d-sh--w- c:\documents and settings\alan\IECompatCache
2011-06-15 15:43:57 -------- d-sh--w- c:\documents and settings\alan\PrivacIE
2011-06-15 15:42:13 -------- d-sh--w- c:\documents and settings\alan\IETldCache
2011-06-15 15:39:24 -------- dc-h--w- c:\windows\ie8
2011-06-15 15:24:54 -------- d-----w- c:\windows\system32\PreInstall
2011-06-15 15:20:39 -------- d-sh--w- c:\documents and settings\alan\UserData
2011-06-15 15:10:07 -------- d-----w- c:\program files\Atheros Communications Inc
2011-06-15 14:55:42 24576 ----a-r- c:\windows\system32\AsIO.dll
2011-06-15 14:55:42 12400 ----a-r- c:\windows\system32\drivers\AsIO.sys
2011-06-15 14:55:40 11832 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2011-06-15 14:55:40 10216 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2011-06-15 14:55:40 -------- d-----w- c:\program files\ASUS
2011-06-15 14:55:32 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-06-15 14:55:32 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-06-15 14:55:32 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-06-15 14:55:32 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-06-15 14:55:31 614532 ------w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-06-15 14:54:48 -------- d-----w- c:\program files\Marvell
2011-06-15 14:53:02 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-06-15 14:52:13 36864 ----a-r- c:\windows\system32\drivers\l1e51x86.sys
2011-06-15 14:52:07 -------- d-----w- c:\windows\system32\Atheros_L1e
2011-06-15 14:51:37 -------- d-----w- c:\windows\AS_SCRIPTS
2011-06-15 14:47:28 64104 ----a-w- c:\windows\ALCMTR.EXE
2011-06-15 14:45:53 -------- d-----w- c:\windows\system32\Lang
2011-06-15 14:41:07 49152 ------r- c:\windows\system32\ChCfg.exe
2011-06-15 14:41:02 -------- d-----w- c:\windows\system32\RTCOM
2011-06-15 14:39:58 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-06-15 14:39:56 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-06-15 14:39:56 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-06-15 14:39:56 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-06-15 14:39:56 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-06-15 14:39:56 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-06-15 14:39:56 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-06-15 14:39:54 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2011-06-15 14:39:54 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2011-06-15 14:24:36 -------- d-----w- c:\windows\ASUSInstAll
2011-06-15 14:21:34 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-06-15 14:21:32 53248 ----a-r- c:\windows\system32\CSVer.dll
2011-06-15 14:21:16 -------- d-----w- C:\Intel
2011-06-15 14:20:46 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys
2011-06-15 14:20:32 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2011-06-15 14:17:03 516920 ----a-w- c:\temp\tidyup.exe
2011-06-15 14:14:42 -------- d-----w- C:\temp
2011-06-15 12:12:29 -------- d-----w- c:\program files\common files\McAfee
2011-06-15 12:12:28 -------- d-----w- c:\program files\McAfee.com
2011-06-15 12:12:25 -------- d-----w- c:\program files\McAfee
.
==================== Find3M ====================
.
2011-06-15 15:51:42 0 ----a-w- c:\windows\ativpsrm.bin
2011-05-31 16:21:28 6348392 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-05-12 13:10:00 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 02:41:56 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-04-20 02:38:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2011-04-20 02:29:06 57344 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 02:29:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 02:24:20 5459968 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 02:14:04 17743872 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:04:00 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:02:58 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2011-04-20 02:01:50 4017408 ----a-w- c:\windows\system32\ati3duag.dll
2011-04-20 01:55:20 1115008 ----a-w- c:\windows\system32\ativvamv.dll
2011-04-20 01:45:06 3265920 ----a-w- c:\windows\system32\ativvaxx.dll
2011-04-20 01:44:34 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 01:44:22 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 01:44:14 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-04-20 01:44:06 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:43:54 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-04-20 01:42:40 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-04-20 01:41:22 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-04-20 01:40:08 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 01:36:24 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-04-20 01:34:10 200704 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:33:52 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-04-20 01:30:48 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-04-20 01:28:32 851968 ----a-w- c:\windows\system32\ati2cqag.dll
2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:27:32 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-20 01:26:26 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-19 21:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 21:10:18 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 21:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-19 01:16:26 94536 ----a-w- c:\windows\system32\UDBDef.exe
.
============= FINISH: 17:07:27.73 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15/06/2011 12:53:57
System Uptime: 17/06/2011 12:06:01 (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q
Processor: Intel Pentium III Xeon processor | LGA 775 | 2333/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 132.741 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 137.616 GiB free.
E: is FIXED (NTFS) - 98 GiB total, 97.589 GiB free.
F: is FIXED (NTFS) - 98 GiB total, 71.961 GiB free.
G: is FIXED (NTFS) - 124 GiB total, 123.894 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&354745F2&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&354745F2&0&0001
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_82261043&REV_B0\4&20515DB1&0&00E5
Manufacturer: Atheros
Name: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_82261043&REV_B0\4&20515DB1&0&00E5
Service: L1e
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\19873D51E8C00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\19873D51E8C00
Service: NIC1394
.
==== System Restore Points ===================
.
RP1: 17/06/2011 12:02:36 - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
AI Direct Link
AI Suite
AMD APP SDK Runtime
ASUSUpdate
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Atheros Ethernet Utility
Canon MP Navigator EX 1.0
Canon MP610 series
Canon MP610 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
CD-LabelPrint
Conduit Engine
Definition update for Microsoft Office 2010 (KB982726)
DirectX 9 Runtime
Disktrix UltimateDefrag
Drive Xpert
Driver Detective
EPU-6 Engine
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
IconPackager
Impulse®
Malwarebytes' Anti-Malware version 1.51.0.1200
marvell 61xx
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 4.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
ObjectDock Plus 2
Pen Tablet
PIXMA Extended Survey Program
Portforward Static IP Address 1.0.45
PowerBackup 2.5
Rapport
Realtek High Definition Audio Driver
RoboForm 7-1-9 (All Users)
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Easy VHS to DVD
Roxio Easy VHS to DVD Content
Roxio Video Capture USB
Roxio Video Capture USB Driver
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uTorrentBar Toolbar
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
16/06/2011 11:24:12, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
16/06/2011 11:24:12, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/06/2011 11:24:12, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
15/06/2011 19:30:53, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
15/06/2011 16:55:52, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
15/06/2011 16:55:52, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\atiadlxx.dll. Reference error message: The operation completed successfully. .
15/06/2011 16:55:52, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
15/06/2011 16:52:03, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\ATI Technologies\ATI.ACE\Graphics-Previews-Common\Ticker.ax. Reference error message: The operation completed successfully. .
15/06/2011 16:52:03, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\ATI Technologies\ATI.ACE\Graphics-Previews-Common\Microsoft.VC80.CRT.MANIFEST" on line 4.
15/06/2011 16:52:03, error: SideBySide [34] - Component identity found in manifest does not match the identity of the component requested
15/06/2011 16:52:02, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI74.tmp. Reference error message: The operation completed successfully. .
15/06/2011 16:51:22, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI3B.tmp. Reference error message: The operation completed successfully. .
15/06/2011 16:51:21, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI37.tmp. Reference error message: The operation completed successfully. .
15/06/2011 16:51:21, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI36.tmp. Reference error message: The operation completed successfully. .
15/06/2011 16:51:21, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\Installer\MSI34.tmp. Reference error message: The operation completed successfully. .
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
Here are the log files....


aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-18 09:28:14
-----------------------------
09:28:14.187 OS Version: Windows 5.1.2600 Service Pack 3
09:28:14.187 Number of processors: 4 586 0x1707
09:28:14.187 ComputerName: ALANS UserName: Alan
09:28:15.296 Initialize success
09:28:18.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:28:18.343 Disk 0 Vendor: WDC_WD5000AADS-00L4B1 05.04C05 Size: 476940MB BusType: 3
09:28:20.359 Disk 0 MBR read successfully
09:28:20.359 Disk 0 MBR scan
09:28:20.359 Disk 0 Windows XP default MBR code
09:28:22.359 Disk 0 scanning sectors +976752000
09:28:22.390 Disk 0 scanning C:\WINDOWS\system32\drivers
09:28:30.765 Service scanning
09:28:32.000 Disk 0 trace - called modules:
09:28:32.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:28:32.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0e1ab8]
09:28:32.015 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8b11dd38]
09:28:32.015 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b071d98]
09:28:32.015 Scan finished successfully
09:28:46.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alan\Desktop\MBR.dat"
09:28:46.890 The log file has been saved successfully to "C:\Documents and Settings\Alan\Desktop\aswMBR.txt"


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #4
==============================================
>Drivers
==============================================
0xB9610000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 6868992 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xAC80B000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6606848 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF25F000 C:\WINDOWS\System32\ati3duag.dll 4018176 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF9C6000 C:\WINDOWS\System32\ativvaxx.dll 3268608 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 851968 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF130000 C:\WINDOWS\System32\atikvmag.dll 716800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB9D80000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAC38B000 C:\WINDOWS\system32\DRIVERS\emBDA.sys 569344 bytes (eMPIA Technology, Inc., USB 28xx BDA Driver)
0xAC416000 C:\WINDOWS\system32\DRIVERS\emOEM.sys 528384 bytes (eMPIA Technology, Inc., USB 28xx BDA Lower filter)
0xBF1DF000 C:\WINDOWS\System32\atiok3x2.dll 524288 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xAC55F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8F42000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB9E24000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xAC6CB000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA93B5000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xB9015000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xBF634000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA8DB0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9ECB000 mv61xx.sys 262144 bytes (Marvell Semiconductor, Inc., Marvell Thor Windows Driver)
0xB8FBD000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA945D000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D53000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA7717000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAC5F5000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB95D4000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAC642000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAC66A000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAC5CF000 C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 155648 bytes (Trusteer Ltd., RapportPG)
0xB948D000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xAC7E7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB95B0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB94ED000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAC620000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E93000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB8FA0000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xB9D39000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAC373000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EB3000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9E0D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB94C2000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8795000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0xA8C5B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB94D9000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
0xB95FC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAC724000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xAC690000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E81000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB94B1000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9540000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA308000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB9550000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA268000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA2B8000 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 61440 bytes (Trusteer Ltd., RapportEI)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA8E79000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB9530000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA178000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 53248 bytes (Atheros Communications, Inc., Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis miniport driver)
0xBA2C8000 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys 53248 bytes (Trusteer Ltd., RapportCerberus)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB9590000 C:\WINDOWS\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xA8A5B000 C:\WINDOWS\system32\drivers\mfebopk.sys 49152 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA128000 RapportKELL.sys 49152 bytes (Trusteer Ltd., RapportKE)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA7E6C000 C:\DOCUME~1\Alan\LOCALS~1\Temp\aswMBR.sys 45056 bytes
0xBA2D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA228000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA218000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA7851000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB9560000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA448000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA498000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA410000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA490000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA438000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA440000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA4A8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAC6BB000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xB9CA9000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9CB1000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9822000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA570000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xAC7C7000 C:\WINDOWS\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAC7B7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAC6AB000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9CAD000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB8F2A000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5C6000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xBA5EC000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
0xBA5E6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA656000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5E4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5E8000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5EA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5D2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5D6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5C8000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0xBA5CA000 C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys 8192 bytes (Wacom Technology, Virtual Hid Device)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6DC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6CA000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7D1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here is the Combo log

ComboFix 11-06-17.04 - Alan 18/06/2011 21:54:04.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2562 [GMT 1:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alan\Application Data\inst.exe
c:\documents and settings\Alan\Application Data\pcouffin.sys
c:\documents and settings\Alan\Application Data\PriceGong
c:\documents and settings\Alan\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\j.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Alan\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Alan\Local Settings\Temporary Internet Files\Sys5889.Data Repository.sys
c:\windows\system32\drivers\hosts
c:\windows\system32\systeminfo3.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-15 20:06 . 2011-06-15 20:06 -------- d-----w- C:\1287bd8a094eb607500a86
2011-06-15 18:33 . 2011-06-15 18:33 -------- d-----r- C:\MSOCache
2011-06-15 16:53 . 2011-06-15 16:53 -------- d-----w- C:\extensions
2011-06-15 15:49 . 2011-06-15 15:49 -------- d-----w- C:\ATI
2011-06-15 14:21 . 2011-06-15 14:21 -------- d-----w- C:\Intel
2011-06-15 14:14 . 2011-06-16 09:29 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-02-28 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 21:10 . 2011-04-19 21:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 21:10 . 2011-04-19 21:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 21:10 . 2011-04-19 21:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-19 01:16 . 2011-04-19 01:16 94536 ----a-w- c:\windows\system32\UDBDef.exe
2011-04-14 16:46 . 2011-06-15 23:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 13:01 . 2011-06-17 08:54 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 12:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin1.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-16 107000]
"AdobeBridge"="f:\adobe\Adobe Bridge CS5\Bridge.exe" [2010-11-09 12001224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
"Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
"Drive Xpert"="c:\program files\ASUS\Drive Xpert\DriveXpert.exe" [2008-05-30 10235904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1195408]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Alan\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-6-17 576000]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-6-17 4142448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [23/06/2008 23:21 150568]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [15/06/2011 21:04 84200]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [17/06/2011 09:31 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15/06/2011 13:14 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [15/06/2011 21:03 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [15/06/2011 21:03 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [15/06/2011 21:04 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [15/06/2011 21:04 141792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [16/06/2011 10:21 1373480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [15/06/2011 21:04 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [15/06/2011 21:04 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [15/06/2011 21:04 88736]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
S2 57xx SteelVine Manager;57xx SteelVine;c:\program files\ASUS\Drive Xpert\SteelVine.exe [29/05/2008 15:55 1286144]
S2 igytbyfj;Microcode Update Support;c:\windows\System32\svchost.exe -k netsvcs [28/02/2006 13:00 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/06/2011 23:27 1691480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [15/06/2011 21:04 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [15/06/2011 21:04 84488]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 10:25 30969208]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [20/05/2009 04:35 1128944]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - BLACKBOX
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - aswMBR
*Deregistered* - BlackBox
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
igytbyfj
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-18 c:\windows\Tasks\User_Feed_Synchronization-{945CE2F9-7C7F-4646-9F9A-EEE1A13FCCEE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\o4c9q1d1.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.talktalk.net
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B5205BFB-2051-498E-7323-23EA03F4F87A} - c:\windows\system32\wrbhaouj.dll
HKCU-Run-java system update - c:\docume~1\Alan\LOCALS~1\Temp\eumlm.exe
HKCU-Run-winupdate system - c:\docume~1\Alan\LOCALS~1\Temp\icvcc.exe
HKCU-Run-java checksys - c:\docume~1\Alan\LOCALS~1\Temp\rtpmp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 21:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2011-06-18 22:00:59
ComboFix-quarantined-files.txt 2011-06-18 21:00
.
Pre-Run: 137,580,777,472 bytes free
Post-Run: 138,132,283,392 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6BCA0E9459A5192BAB9B88978099DBD0
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
NetSvc::
igytbyfj

Driver::
igytbyfj


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Here is the new log file..

ComboFix 11-06-17.04 - Alan 18/06/2011 22:37:50.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2478 [GMT 1:00]
Running from: c:\documents and settings\Alan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alan\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IGYTBYFJ
-------\Service_igytbyfj
.
.
((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-15 20:06 . 2011-06-15 20:06 -------- d-----w- C:\1287bd8a094eb607500a86
2011-06-15 18:33 . 2011-06-15 18:33 -------- d-----r- C:\MSOCache
2011-06-15 16:53 . 2011-06-15 16:53 -------- d-----w- C:\extensions
2011-06-15 15:49 . 2011-06-15 15:49 -------- d-----w- C:\ATI
2011-06-15 14:21 . 2011-06-15 14:21 -------- d-----w- C:\Intel
2011-06-15 14:14 . 2011-06-16 09:29 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-28 13:34 . 2011-04-28 13:34 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-02-28 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-19 21:10 . 2011-04-19 21:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-19 21:10 . 2011-04-19 21:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-19 21:10 . 2011-04-19 21:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-19 01:16 . 2011-04-19 01:16 94536 ----a-w- c:\windows\system32\UDBDef.exe
2011-04-14 16:46 . 2011-06-15 23:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 13:01 . 2011-06-17 08:54 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 12:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin1.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-06-16 107000]
"AdobeBridge"="f:\adobe\Adobe Bridge CS5\Bridge.exe" [2010-11-09 12001224]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-6 Engine\SixEngine.exe" [2008-06-03 5964800]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2007-11-16 1209856]
"Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
"Drive Xpert"="c:\program files\ASUS\Drive Xpert\DriveXpert.exe" [2008-05-30 10235904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1195408]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RTHDCPL"="RTHDCPL.EXE" [2011-05-12 20053608]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Alan\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-6-17 576000]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-6-17 4142448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [23/06/2008 23:21 150568]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [28/04/2011 14:34 53816]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [15/06/2011 21:04 84200]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [17/06/2011 09:31 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [28/04/2011 14:34 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [28/04/2011 14:34 158904]
R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\ASUS\Drive Xpert\SteelVine.exe [29/05/2008 15:55 1286144]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [15/06/2011 13:14 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [15/06/2011 21:03 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [15/06/2011 21:03 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [15/06/2011 21:04 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [15/06/2011 21:04 141792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [28/04/2011 14:34 870200]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [16/06/2011 10:21 1373480]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [15/06/2011 21:04 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [15/06/2011 21:04 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [15/06/2011 21:04 88736]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/06/2011 23:27 1691480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [15/06/2011 21:04 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [15/06/2011 21:04 84488]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 10:25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [20/05/2009 04:35 1128944]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-18 c:\windows\Tasks\User_Feed_Synchronization-{945CE2F9-7C7F-4646-9F9A-EEE1A13FCCEE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\documents and settings\Alan\Application Data\Mozilla\Firefox\Profiles\o4c9q1d1.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.talktalk.net
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 22:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(5120)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDockPlus2\DockShellHook.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\astsrv.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\program files\Stardock\ObjectDockPlus2\ObjectDockTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
.
**************************************************************************
.
Completion time: 2011-06-18 22:48:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-18 21:48
ComboFix2.txt 2011-06-18 21:00
.
Pre-Run: 138,152,259,584 bytes free
Post-Run: 138,040,139,776 bytes free
.
- - End Of File - - 577DC659F1DDE53A106824A0AB3FB8C6
 
Running the last combofix scan seems to have messed up internet connection. THe only webpage I can open is this one.
 
What browser?
Did you try different browser?
Try to restart computer.

Any other issues?
 
I use Firefox 4, but I tried with IE8 and couldn't get any connection. I restarted and the same thing happened.
 
You're saying, you can access this site, no problem?

Any errors, when you try to access any other sites?

Any errors from OE?
 
Yep, I can access this site fine. Trying to get other sites I get a "Server not found" error. I cannot receive email in Office Outlook, but it seems to be sending ok.
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
You'll need to use another working computer and USB flash drive to get the file to your computer.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
780
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back