Inactive Fake antivirus program (AV Guard Online) attacking Windows XP

Hey, I can't get past step one. I have an antivirus software, and it has disabled it. Should I try to install one of the free ones?

I tried step two (installing Malware Bytes) and the scan started, then the program crashed. Now a system error message comes up when I try to open the program.

Should I go to step three?

Yes, complete as many steps as you can.

Update: Computer is nearly unresponsive. VERY slow. Even the mouse movement is slow. I tried opening up the ctrl alt delete panel and it only partially opened.

What to do? Should I turn off the computer over night or leave it on?

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

Update:

I rebooted the computer a few times and its running more smoothly, though the antivirus software still gets shut off. it appears that malware bytes was immediately uninstalled after I installed it as well. I was able to run GMER and DDS

View attachment attach.txt

View attachment gmer.log

for whatever reason I cannot attach the dds txt file. I will attempt to do so again later. does this help at all?

Thank you guys so much for your help. It really means a lot. Money is really tight right now so taking it in to get it fixed isn't really an option.

Me and my family thank you so much.

All logs have to be pasted.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Lynn at 19:13:20 on 2011-10-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.911 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\514901506:4248391649.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111007154119.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Simple Sticky Notes] c:\program files\simnet\simple sticky notes\ssn.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [UpdateFlow.ATT-SST] c:\program files\att-sst\mccibrowser.exe -appkey=att-sst -url=file://c:\program files\att-sst\offlineupdate\redirector.htm
uRun: [Google Update] "c:\documents and settings\lynn\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [UMonit] c:\windows\system32\umonit.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [BellSouthWCC_McciTrayApp] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [ATT_WCC] c:\program files\bellsouthwcc\McciTrayApp.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GUVVellOBtx0yS18234A] c:\windows\system32\cKK88gRRZ9YX.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232669641984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234378947968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5BA6CD34-5C2F-4ACD-9115-73A18B338F48} : DhcpNameServer = 12.127.17.77 12.127.16.77 12.127.16.68
TCP: Interfaces\{88335330-166B-4884-BD38-029171CECD9B} : DhcpNameServer = 192.168.1.254
Filter: text/html - {992446a2-35fb-4a9c-a097-5ff5e1cb8548} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lynn\application data\mozilla\firefox\profiles\ujxsiy3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\documents and settings\lynn\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\lynn\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\lynn\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\lynn\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-5 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-6-8 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-5 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-5 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-5 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-5 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-25 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-5 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-5 88736]
S0 cerc6;cerc6; [x]
S2 gupdate1c99383a758ac58;Google Update Service (gupdate1c99383a758ac58);c:\program files\google\update\GoogleUpdate.exe [2009-2-20 133104]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-5 171168]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-8-5 16512]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2009-7-17 6016]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-12-25 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-20 133104]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-2-25 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-5 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-5 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-2-25 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-2-25 40552]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-12-23 517632]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2011-10-05 18:03:48 -------- d-----w- c:\documents and settings\lynn\application data\D9hhTTXwjUVeIB
2011-10-05 18:03:41 -------- d-----w- c:\documents and settings\lynn\application data\kCCCekkIVrOyx0u
2011-10-05 18:03:41 -------- d-----w- c:\documents and settings\lynn\application data\d22oFF3pm5QJdE8
2011-10-05 17:58:47 -------- d-----w- c:\documents and settings\lynn\application data\RIIIVrrzONtA0vS
2011-10-05 17:58:47 -------- d-----w- c:\documents and settings\lynn\application data\KibbFF3pmG
2011-10-05 17:58:21 -------- d-----w- c:\documents and settings\lynn\application data\J22oobF3pmG5QJd
2011-09-30 06:15:12 -------- d-----w- c:\windows\SxsCaPendDel
2011-09-21 18:11:50 -------- d-----w- c:\program files\CA Business Start-Up Forms
.
==================== Find3M ====================
.
2011-10-07 22:35:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-08 06:18:08 140864 --sha-r- c:\windows\temp\~rnsetup\nppl3260.dll
2010-02-08 06:18:04 79400 --sha-w- c:\windows\temp\~rnsetup\rpelevation.dll
2010-02-08 06:18:03 77824 --sh--w- c:\windows\temp\~rnsetup\twebbrowse.dll
2010-02-08 06:18:08 135168 --sha-r- c:\windows\temp\~rnsetup\audp\audplin.dll
2010-02-08 06:18:12 329312 --sh--w- c:\windows\temp\~rnsetup\browserrecordplugin\rpbrowserrecordplugin.dll
2010-02-08 06:18:06 110592 --sha-r- c:\windows\temp\~rnsetup\browserrecordplugin\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
2010-02-08 06:18:07 118784 --sh-tr- c:\windows\temp\~rnsetup\browserrecordplugin\browserrecord\thinshims\rpnpshimswf.dll
2010-02-08 06:18:15 548919 --sh-tw- c:\windows\temp\~rnsetup\ecodecs\colorcvt.dll
2010-02-08 06:18:03 65602 --sh-tw- c:\windows\temp\~rnsetup\ecodecs\cook.dll
2010-02-08 06:18:13 376832 --sha-r- c:\windows\temp\~rnsetup\ecodecs\erv2.dll
2010-02-08 06:18:05 86100 --sh-tw- c:\windows\temp\~rnsetup\eproducertools\audiolimiter.dll
2010-02-08 06:18:09 163914 --sh-tr- c:\windows\temp\~rnsetup\eproducertools\dsreader.dll
2010-02-08 06:18:02 53328 --sh--w- c:\windows\temp\~rnsetup\eproducertools\packetsource.dll
2010-02-08 06:18:09 184320 --sh--r- c:\windows\temp\~rnsetup\fftranscdir\fftr3210.dll
2010-02-08 06:18:02 61440 --sha-w- c:\windows\temp\~rnsetup\flv\flvff.dll
2010-02-08 06:18:05 98304 --sh--r- c:\windows\temp\~rnsetup\gemsetup\rnad3201.dll
2010-02-08 06:18:20 222728 --shatw- c:\windows\temp\~rnsetup\player\realplay.exe
2010-02-08 06:18:17 618496 --shatw- c:\windows\temp\~rnsetup\playerplugins\rjbc3260.dll
2010-02-08 06:18:19 1261568 --sh-tr- c:\windows\temp\~rnsetup\playerplugins\rpap3260.dll
2010-02-08 06:18:10 204800 --sh--r- c:\windows\temp\~rnsetup\plins\httpfsys.dll
2010-02-08 06:18:13 409600 --sha-r- c:\windows\temp\~rnsetup\sonrecordengine\sonr3210.dll
2010-02-08 06:18:17 719360 --shatr- c:\windows\temp\~rnsetup\symbols\dbghelp.dll
2010-02-08 06:18:12 303104 --sh--w- c:\windows\temp\~rnsetup\update\rnqu3270.dll
.
============= FINISH: 19:14:32.85 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-09 19:12:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75FRA0 rev.77.07W77
Running: 6h9ib6i0.exe; Driver: C:\DOCUME~1\Lynn\LOCALS~1\Temp\kwlyapod.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF743E210]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF743E224]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF743E250]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF743E2A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF743E1FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF743E1D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF743E1E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF743E23A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF743E27C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF743E266]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF743E2D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF743E2BC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF743E290]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 01/22/2009 3:08:36 PM
System Uptime: 10/09/2011 6:37:27 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F4491
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Microprocessor | 3059/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 22.1 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP899: 07/17/2011 9:14:18 AM - System Checkpoint
RP900: 07/18/2011 9:37:45 AM - System Checkpoint
RP901: 07/19/2011 10:56:04 AM - System Checkpoint
RP902: 07/20/2011 10:04:12 PM - System Checkpoint
RP903: 07/21/2011 10:58:03 PM - System Checkpoint
RP904: 07/22/2011 11:09:51 PM - System Checkpoint
RP905: 07/23/2011 11:33:00 PM - System Checkpoint
RP906: 07/24/2011 11:37:14 PM - System Checkpoint
RP907: 07/25/2011 11:57:51 PM - System Checkpoint
RP908: 07/27/2011 1:50:11 AM - System Checkpoint
RP909: 07/28/2011 1:57:50 AM - System Checkpoint
RP910: 07/29/2011 2:33:51 AM - System Checkpoint
RP911: 07/30/2011 3:21:50 AM - System Checkpoint
RP912: 07/31/2011 3:57:57 AM - System Checkpoint
RP913: 08/01/2011 4:57:51 AM - System Checkpoint
RP914: 08/02/2011 5:58:50 AM - System Checkpoint
RP915: 08/03/2011 6:57:50 AM - System Checkpoint
RP916: 08/04/2011 7:47:52 AM - System Checkpoint
RP917: 08/05/2011 2:45:11 PM - System Checkpoint
RP918: 08/06/2011 4:03:53 PM - System Checkpoint
RP919: 08/07/2011 4:43:43 PM - System Checkpoint
RP920: 08/08/2011 6:45:33 PM - System Checkpoint
RP921: 08/09/2011 7:21:53 PM - System Checkpoint
RP922: 08/10/2011 7:56:43 PM - System Checkpoint
RP923: 08/11/2011 3:01:16 AM - Software Distribution Service 3.0
RP924: 08/12/2011 4:27:32 AM - System Checkpoint
RP925: 08/13/2011 7:24:42 AM - System Checkpoint
RP926: 08/14/2011 12:15:51 PM - System Checkpoint
RP927: 08/15/2011 12:32:51 PM - System Checkpoint
RP928: 08/16/2011 1:10:22 PM - System Checkpoint
RP929: 08/17/2011 1:44:21 PM - System Checkpoint
RP930: 08/18/2011 2:20:51 PM - System Checkpoint
RP931: 08/19/2011 3:35:01 PM - System Checkpoint
RP932: 08/22/2011 3:41:44 AM - System Checkpoint
RP933: 08/23/2011 4:36:22 AM - System Checkpoint
RP934: 08/24/2011 5:10:22 AM - System Checkpoint
RP935: 08/25/2011 3:00:20 AM - Software Distribution Service 3.0
RP936: 08/26/2011 5:55:16 AM - System Checkpoint
RP937: 08/27/2011 8:16:46 AM - System Checkpoint
RP938: 08/28/2011 9:04:35 AM - System Checkpoint
RP939: 09/01/2011 7:07:45 PM - System Checkpoint
RP940: 09/02/2011 7:27:18 PM - System Checkpoint
RP941: 09/04/2011 12:58:23 AM - System Checkpoint
RP942: 09/05/2011 1:55:20 AM - System Checkpoint
RP943: 09/06/2011 2:15:19 AM - System Checkpoint
RP944: 09/07/2011 3:15:48 AM - System Checkpoint
RP945: 09/08/2011 3:00:20 AM - Software Distribution Service 3.0
RP946: 09/09/2011 4:22:48 AM - System Checkpoint
RP947: 09/10/2011 10:52:03 AM - System Checkpoint
RP948: 09/11/2011 11:22:17 AM - System Checkpoint
RP949: 09/12/2011 11:30:48 AM - System Checkpoint
RP950: 09/13/2011 9:17:19 PM - System Checkpoint
RP951: 09/14/2011 3:01:23 AM - Software Distribution Service 3.0
RP952: 09/15/2011 3:14:14 AM - System Checkpoint
RP953: 09/16/2011 4:31:33 AM - System Checkpoint
RP954: 09/17/2011 8:38:42 AM - System Checkpoint
RP955: 09/18/2011 10:19:46 AM - System Checkpoint
RP956: 09/19/2011 1:14:36 PM - System Checkpoint
RP957: 09/20/2011 1:38:04 PM - System Checkpoint
RP958: 09/21/2011 8:13:56 PM - System Checkpoint
RP959: 09/22/2011 9:29:21 PM - System Checkpoint
RP960: 09/23/2011 9:54:04 PM - System Checkpoint
RP961: 09/24/2011 10:13:41 PM - System Checkpoint
RP962: 09/26/2011 5:16:16 AM - System Checkpoint
RP963: 09/27/2011 6:02:39 AM - System Checkpoint
RP964: 09/28/2011 3:00:20 AM - Software Distribution Service 3.0
RP965: 09/29/2011 3:43:49 AM - System Checkpoint
RP966: 09/29/2011 10:36:39 PM - Removed PC Camera
RP967: 09/29/2011 11:08:37 PM - Removed DD Thought Tickler 5.4
RP968: 09/29/2011 11:13:55 PM - Removed Microsoft Office Click-to-Run 2010
RP969: 09/29/2011 11:25:44 PM - Removed OpenOffice.org 3.2
RP970: 09/29/2011 11:41:40 PM - Software Distribution Service 3.0
RP971: 10/01/2011 6:59:31 PM - System Checkpoint
RP972: 10/02/2011 7:29:13 PM - System Checkpoint
RP973: 10/03/2011 8:48:31 PM - System Checkpoint
RP974: 10/04/2011 9:56:46 PM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
101 Law Forms for Personal Use
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
AiO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Self Support Tool
AT&T Toolbar
AT&T Yahoo! Internet Mail
ATT-HSI
Audacity 1.2.6
Bonjour
Broadcom 440x 10/100 Integrated Controller
Business Contact Manager for Outlook 2003
CA Business Start-Up Forms
Cisco Network Magic
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Debrief v2.3
Dell Digital Jukebox Driver
Dell ResourceCD
Facebook Plug-In
FileZilla Client 3.3.2
GCalc 3
getPlus(R) for Adobe
GOM Player
Google Apps
Google Chrome
Google Desktop
Google Talk Plugin
Google Update Helper
Google Updater
GraphCalc v4.0.1
Guitar Pro 5.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Product Detection
HP PSC & OfficeJet 5.3.B
Intel(R) 537EP V9x DF PCI Modem
Intel(R) PRO Network Connections Drivers
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java Auto Updater
Java DB 10.4.1.3
Java(TM) 6 Update 21
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 11
LAME v3.98.2 for Audacity
Living Trust Forms
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft WinUsb 1.0
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 6.0 Parser (KB925673)
MUSICMATCH® Jukebox
Network Magic
Nolo's Encyclopedia of Everyday Law
Nolo's Will Forms
Nolo’s Guide to California Law
OGA Notifier 2.0.0048.0
Picasa 3
PowerDVD
Pure Networks Platform
QFolder
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SanDisk ImageMate Reader/Writer
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
TI Connect 1.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.1
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Device Updater Component
Windows Presentation Foundation
Windows Search 4.0
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
10/09/2011 6:45:22 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
10/07/2011 3:40:46 PM, error: Service Control Manager [7000] - The McShield service failed to start due to the following error: Access is denied.
10/07/2011 3:34:11 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
10/07/2011 3:33:41 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/07/2011 3:28:52 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/07/2011 3:26:46 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/07/2011 3:26:46 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
10/07/2011 3:26:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
10/05/2011 10:53:39 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

Please download DummyCreator.zip and unzip it.

• Run the tool.
• Copy and paste the following into the edit box:

C:\WINDOWS\514901506

• Press Create button and post the content of the Result.txt.

Important: Restart the computer.

================================================================

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

DummyCreator by Farbar
Ran by Lynn (administrator) on 09-10-2011 at 21:15:44
**************************************************************

C:\WINDOWS\514901506 [09-10-2011 21:15:44]

== End of log ==

21:23:23.0061 3844 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
21:23:25.0061 3844 ============================================================
21:23:25.0061 3844 Current date / time: 2011/10/09 21:23:25.0061
21:23:25.0061 3844 SystemInfo:
21:23:25.0061 3844
21:23:25.0061 3844 OS Version: 5.1.2600 ServicePack: 3.0
21:23:25.0061 3844 Product type: Workstation
21:23:25.0061 3844 ComputerName: DELL4600
21:23:25.0061 3844 UserName: Lynn
21:23:25.0061 3844 Windows directory: C:\WINDOWS
21:23:25.0061 3844 System windows directory: C:\WINDOWS
21:23:25.0061 3844 Processor architecture: Intel x86
21:23:25.0061 3844 Number of processors: 2
21:23:25.0061 3844 Page size: 0x1000
21:23:25.0061 3844 Boot type: Normal boot
21:23:25.0061 3844 ============================================================
21:23:26.0936 3844 Initialize success
21:23:32.0685 0932 ============================================================
21:23:32.0685 0932 Scan started
21:23:32.0685 0932 Mode: Manual;
21:23:32.0685 0932 ============================================================
21:23:33.0966 0932 2c6b01e - ok
21:23:34.0029 0932 Abiosdsk - ok
21:23:34.0060 0932 abp480n5 - ok
21:23:34.0154 0932 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:23:34.0154 0932 ACPI - ok
21:23:34.0232 0932 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:23:34.0232 0932 ACPIEC - ok
21:23:34.0326 0932 adpu160m - ok
21:23:34.0419 0932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:23:34.0419 0932 aec - ok
21:23:34.0497 0932 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
21:23:34.0497 0932 AFD - ok
21:23:34.0654 0932 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:23:34.0654 0932 agp440 - ok
21:23:34.0685 0932 Aha154x - ok
21:23:34.0716 0932 aic78u2 - ok
21:23:34.0747 0932 aic78xx - ok
21:23:34.0794 0932 AliIde - ok
21:23:34.0825 0932 amsint - ok
21:23:34.0919 0932 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:23:34.0919 0932 Arp1394 - ok
21:23:34.0966 0932 asc - ok
21:23:34.0997 0932 asc3350p - ok
21:23:35.0029 0932 asc3550 - ok
21:23:35.0091 0932 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
21:23:35.0091 0932 ASPI - ok
21:23:35.0216 0932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:23:35.0216 0932 AsyncMac - ok
21:23:35.0357 0932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:23:35.0357 0932 atapi - ok
21:23:35.0404 0932 Atdisk - ok
21:23:35.0482 0932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:23:35.0482 0932 Atmarpc - ok
21:23:35.0763 0932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:23:35.0778 0932 audstub - ok
21:23:35.0997 0932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:23:35.0997 0932 Beep - ok
21:23:36.0091 0932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:23:36.0091 0932 cbidf2k - ok
21:23:36.0200 0932 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:23:36.0200 0932 CCDECODE - ok
21:23:36.0278 0932 cd20xrnt - ok
21:23:36.0403 0932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:23:36.0403 0932 Cdaudio - ok
21:23:36.0513 0932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:23:36.0513 0932 Cdfs - ok
21:23:36.0653 0932 Cdrom (940dffedca6a4a9e659fcd8cc6e8e796) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:23:36.0653 0932 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 940dffedca6a4a9e659fcd8cc6e8e796, Fake md5: 4b0a100eaf5c49ef3cca8c641431eacc
21:23:36.0653 0932 Cdrom ( ForgedFile.Multi.Generic ) - warning
21:23:36.0653 0932 Cdrom - detected ForgedFile.Multi.Generic (1)
21:23:36.0700 0932 cerc6 - ok
21:23:36.0778 0932 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
21:23:36.0794 0932 cfwids - ok
21:23:36.0856 0932 Changer - ok
21:23:36.0919 0932 CmdIde - ok
21:23:36.0966 0932 Cpqarray - ok
21:23:37.0028 0932 dac2w2k - ok
21:23:37.0060 0932 dac960nt - ok
21:23:37.0153 0932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:23:37.0169 0932 Disk - ok
21:23:37.0278 0932 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:23:37.0356 0932 dmboot - ok
21:23:37.0700 0932 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:23:37.0716 0932 dmio - ok
21:23:37.0934 0932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:23:37.0934 0932 dmload - ok
21:23:38.0028 0932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:23:38.0044 0932 DMusic - ok
21:23:38.0106 0932 dpti2o - ok
21:23:38.0200 0932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:23:38.0200 0932 drmkaud - ok
21:23:38.0309 0932 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:23:38.0309 0932 E100B - ok
21:23:38.0466 0932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:23:38.0466 0932 Fastfat - ok
21:23:38.0591 0932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:23:38.0606 0932 Fdc - ok
21:23:38.0731 0932 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:23:38.0731 0932 Fips - ok
21:23:38.0825 0932 fixustor (cdb568db5e8985dcc623da808ac61042) C:\WINDOWS\system32\drivers\fixustor.sys
21:23:38.0841 0932 fixustor - ok
21:23:38.0950 0932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:23:38.0950 0932 Flpydisk - ok
21:23:39.0059 0932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:23:39.0059 0932 FltMgr - ok
21:23:39.0216 0932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:23:39.0216 0932 Fs_Rec - ok
21:23:39.0325 0932 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:23:39.0325 0932 Ftdisk - ok
21:23:39.0403 0932 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:23:39.0403 0932 GEARAspiWDM - ok
21:23:39.0591 0932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:23:39.0591 0932 Gpc - ok
21:23:39.0716 0932 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:23:39.0716 0932 hidusb - ok
21:23:39.0778 0932 hpn - ok
21:23:39.0872 0932 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:23:39.0872 0932 HPZid412 - ok
21:23:39.0950 0932 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:23:39.0950 0932 HPZipr12 - ok
21:23:40.0044 0932 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:23:40.0044 0932 HPZius12 - ok
21:23:40.0153 0932 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:23:40.0169 0932 HTTP - ok
21:23:40.0231 0932 i2omgmt - ok
21:23:40.0325 0932 i2omp - ok
21:23:40.0419 0932 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
21:23:40.0419 0932 i8042prt - ok
21:23:40.0528 0932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:23:40.0544 0932 Imapi - ok
21:23:40.0606 0932 ini910u - ok
21:23:40.0762 0932 IntelC51 (fcab28ffd3a8964581e16455efaf81c8) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
21:23:40.0809 0932 IntelC51 - ok
21:23:40.0965 0932 IntelC52 (a288e7e3a6255255b9066686d860fbc5) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
21:23:40.0997 0932 IntelC52 - ok
21:23:41.0137 0932 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
21:23:41.0137 0932 IntelC53 - ok
21:23:41.0231 0932 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:23:41.0231 0932 IntelIde - ok
21:23:41.0372 0932 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:23:41.0372 0932 intelppm - ok
21:23:41.0465 0932 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:23:41.0465 0932 Ip6Fw - ok
21:23:41.0590 0932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:23:41.0590 0932 IpFilterDriver - ok
21:23:41.0700 0932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:23:41.0700 0932 IpInIp - ok
21:23:41.0809 0932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:23:41.0809 0932 IpNat - ok
21:23:41.0903 0932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:23:41.0918 0932 IPSec - ok
21:23:41.0981 0932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:23:41.0996 0932 IRENUM - ok
21:23:42.0090 0932 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:23:42.0106 0932 isapnp - ok
21:23:42.0200 0932 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:23:42.0200 0932 Kbdclass - ok
21:23:42.0293 0932 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:23:42.0293 0932 kbdhid - ok
21:23:42.0387 0932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:23:42.0387 0932 kmixer - ok
21:23:42.0465 0932 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:23:42.0481 0932 KSecDD - ok
21:23:42.0543 0932 lbrtfdc - ok
21:23:42.0746 0932 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys
21:23:42.0746 0932 mfeapfk - ok
21:23:42.0856 0932 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
21:23:42.0856 0932 mfeavfk - ok
21:23:42.0950 0932 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
21:23:42.0950 0932 mfebopk - ok
21:23:43.0090 0932 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
21:23:43.0090 0932 mfefirek - ok
21:23:43.0231 0932 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys
21:23:43.0262 0932 mfehidk - ok
21:23:43.0387 0932 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
21:23:43.0387 0932 mfendisk - ok
21:23:43.0387 0932 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
21:23:43.0387 0932 mfendiskmp - ok
21:23:43.0496 0932 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
21:23:43.0496 0932 mferkdet - ok
21:23:43.0637 0932 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
21:23:43.0637 0932 mferkdk - ok
21:23:43.0762 0932 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
21:23:43.0762 0932 mfesmfk - ok
21:23:43.0824 0932 mfetdi2k - ok
21:23:43.0918 0932 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:23:43.0918 0932 mnmdd - ok
21:23:44.0027 0932 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:23:44.0027 0932 Modem - ok
21:23:44.0121 0932 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:23:44.0137 0932 MODEMCSA - ok
21:23:44.0231 0932 mohfilt (c6a08c4f34b3048a73bbb2951150f98d) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
21:23:44.0231 0932 mohfilt - ok
21:23:44.0324 0932 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:23:44.0340 0932 Mouclass - ok
21:23:44.0434 0932 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:23:44.0434 0932 mouhid - ok
21:23:44.0527 0932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:23:44.0527 0932 MountMgr - ok
21:23:44.0606 0932 mraid35x - ok
21:23:44.0715 0932 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:23:44.0731 0932 MREMP50 - ok
21:23:44.0731 0932 MREMP50a64 - ok
21:23:44.0746 0932 MREMPR5 - ok
21:23:44.0746 0932 MRENDIS5 - ok
21:23:44.0777 0932 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:23:44.0777 0932 MRESP50 - ok
21:23:44.0793 0932 MRESP50a64 - ok
21:23:44.0934 0932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:23:44.0949 0932 MRxDAV - ok
21:23:45.0043 0932 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:23:45.0074 0932 MRxSmb - ok
21:23:45.0215 0932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:23:45.0215 0932 Msfs - ok
21:23:45.0324 0932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:23:45.0324 0932 MSKSSRV - ok
21:23:45.0418 0932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:23:45.0418 0932 MSPCLOCK - ok
21:23:45.0527 0932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:23:45.0527 0932 MSPQM - ok
21:23:45.0746 0932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:23:45.0746 0932 mssmbios - ok
21:23:45.0840 0932 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:23:45.0840 0932 MSTEE - ok
21:23:45.0965 0932 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:23:45.0980 0932 Mup - ok
21:23:46.0105 0932 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
21:23:46.0105 0932 MxlW2k - ok
21:23:46.0215 0932 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:23:46.0215 0932 NABTSFEC - ok
21:23:46.0355 0932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:23:46.0355 0932 NDIS - ok
21:23:46.0480 0932 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:23:46.0480 0932 NdisIP - ok
21:23:46.0637 0932 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:23:46.0637 0932 NdisTapi - ok
21:23:46.0746 0932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:23:46.0746 0932 Ndisuio - ok
21:23:46.0840 0932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:23:46.0840 0932 NdisWan - ok
21:23:46.0918 0932 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:23:46.0918 0932 NDProxy - ok
21:23:47.0027 0932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:23:47.0027 0932 NetBIOS - ok
21:23:47.0121 0932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:23:47.0121 0932 NetBT - ok
21:23:47.0230 0932 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:23:47.0230 0932 NIC1394 - ok
21:23:47.0402 0932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:23:47.0402 0932 Npfs - ok
21:23:47.0511 0932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:23:47.0558 0932 Ntfs - ok
21:23:47.0730 0932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:23:47.0730 0932 Null - ok
21:23:47.0980 0932 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:23:48.0058 0932 nv - ok
21:23:48.0199 0932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:23:48.0199 0932 NwlnkFlt - ok
21:23:48.0308 0932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:23:48.0308 0932 NwlnkFwd - ok
21:23:48.0449 0932 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:23:48.0449 0932 ohci1394 - ok
21:23:48.0574 0932 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
21:23:48.0574 0932 OMCI - ok
21:23:48.0699 0932 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:23:48.0699 0932 Parport - ok
21:23:48.0793 0932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:23:48.0793 0932 PartMgr - ok
21:23:48.0902 0932 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:23:48.0902 0932 ParVdm - ok
21:23:48.0996 0932 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:23:48.0996 0932 PCI - ok
21:23:49.0027 0932 PCIDump - ok
21:23:49.0121 0932 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
21:23:49.0121 0932 PCIIde - ok
21:23:49.0199 0932 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:23:49.0199 0932 Pcmcia - ok
21:23:49.0261 0932 PDCOMP - ok
21:23:49.0324 0932 PDFRAME - ok
21:23:49.0355 0932 PDRELI - ok
21:23:49.0386 0932 PDRFRAME - ok
21:23:49.0417 0932 perc2 - ok
21:23:49.0480 0932 perc2hib - ok
21:23:49.0589 0932 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
21:23:49.0589 0932 pnarp - ok
21:23:49.0699 0932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:23:49.0699 0932 PptpMiniport - ok
21:23:49.0792 0932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:23:49.0792 0932 PSched - ok
21:23:49.0902 0932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:23:49.0902 0932 Ptilink - ok
21:23:49.0964 0932 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
21:23:49.0964 0932 purendis - ok
21:23:50.0058 0932 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:23:50.0058 0932 PxHelp20 - ok
21:23:50.0121 0932 ql1080 - ok
21:23:50.0152 0932 Ql10wnt - ok
21:23:50.0183 0932 ql12160 - ok
21:23:50.0214 0932 ql1240 - ok
21:23:50.0292 0932 ql1280 - ok
21:23:50.0386 0932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:23:50.0386 0932 RasAcd - ok
21:23:50.0480 0932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:23:50.0480 0932 Rasl2tp - ok
21:23:50.0605 0932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:23:50.0605 0932 RasPppoe - ok
21:23:50.0714 0932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:23:50.0714 0932 Raspti - ok
21:23:50.0808 0932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:23:50.0808 0932 Rdbss - ok
21:23:50.0917 0932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:23:50.0917 0932 RDPCDD - ok
21:23:51.0011 0932 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:23:51.0027 0932 rdpdr - ok
21:23:51.0120 0932 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:23:51.0136 0932 RDPWD - ok
21:23:51.0245 0932 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:23:51.0245 0932 redbook - ok
21:23:51.0433 0932 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINDOWS\system32\DRIVERS\rt2870.sys
21:23:51.0464 0932 rt2870 - ok
21:23:51.0636 0932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:23:51.0636 0932 Secdrv - ok
21:23:51.0777 0932 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:23:51.0808 0932 senfilt - ok
21:23:51.0948 0932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:23:51.0948 0932 serenum - ok
21:23:52.0027 0932 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:23:52.0042 0932 Serial - ok
21:23:52.0136 0932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:23:52.0152 0932 Sfloppy - ok
21:23:52.0198 0932 Simbad - ok
21:23:52.0370 0932 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:23:52.0370 0932 SLIP - ok
21:23:52.0480 0932 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
21:23:52.0480 0932 smwdm - ok
21:23:52.0526 0932 Sparrow - ok
21:23:52.0714 0932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:23:52.0714 0932 splitter - ok
21:23:52.0870 0932 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:23:52.0870 0932 sr - ok
21:23:52.0964 0932 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:23:52.0980 0932 Srv - ok
21:23:53.0089 0932 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:23:53.0089 0932 streamip - ok
21:23:53.0183 0932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:23:53.0183 0932 swenum - ok
21:23:53.0292 0932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:23:53.0292 0932 swmidi - ok
21:23:53.0589 0932 symc810 - ok
21:23:53.0745 0932 symc8xx - ok
21:23:53.0776 0932 sym_hi - ok
21:23:53.0870 0932 sym_u3 - ok
21:23:54.0120 0932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:23:54.0151 0932 sysaudio - ok
21:23:54.0417 0932 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:23:54.0886 0932 Tcpip - ok
21:23:55.0401 0932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:23:55.0432 0932 TDPIPE - ok
21:23:55.0682 0932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:23:55.0682 0932 TDTCP - ok
21:23:55.0807 0932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:23:55.0823 0932 TermDD - ok
21:23:56.0057 0932 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys
21:23:56.0057 0932 TIEHDUSB - ok
21:23:56.0354 0932 TosIde - ok
21:23:56.0542 0932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:23:56.0542 0932 Udfs - ok
21:23:56.0667 0932 ultra - ok
21:23:56.0823 0932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:23:56.0870 0932 Update - ok
21:23:57.0104 0932 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:23:57.0135 0932 USBAAPL - ok
21:23:57.0338 0932 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:23:57.0354 0932 usbaudio - ok
21:23:57.0541 0932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:23:57.0541 0932 usbccgp - ok
21:23:57.0682 0932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:23:57.0682 0932 usbehci - ok
21:23:57.0791 0932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:23:57.0854 0932 usbhub - ok
21:23:58.0120 0932 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:23:58.0135 0932 usbprint - ok
21:23:58.0557 0932 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:23:58.0557 0932 usbscan - ok
21:23:58.0729 0932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:23:58.0744 0932 USBSTOR - ok
21:23:59.0026 0932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:23:59.0026 0932 usbuhci - ok
21:23:59.0416 0932 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:23:59.0447 0932 usbvideo - ok
21:23:59.0901 0932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:23:59.0994 0932 VgaSave - ok
21:24:00.0401 0932 ViaIde - ok
21:24:00.0916 0932 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:24:00.0947 0932 VolSnap - ok
21:24:01.0400 0932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:24:01.0416 0932 Wanarp - ok
21:24:02.0010 0932 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:24:02.0010 0932 Wdf01000 - ok
21:24:02.0447 0932 WDICA - ok
21:24:03.0103 0932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:24:03.0166 0932 wdmaud - ok
21:24:04.0009 0932 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:24:04.0041 0932 WinUSB - ok
21:24:04.0587 0932 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:24:04.0650 0932 WpdUsb - ok
21:24:05.0384 0932 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:24:05.0431 0932 WSTCODEC - ok
21:24:06.0119 0932 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:24:06.0197 0932 WudfPf - ok
21:24:07.0134 0932 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:24:07.0243 0932 WudfRd - ok
21:24:07.0915 0932 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
21:24:07.0915 0932 zumbus - ok
21:24:07.0978 0932 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:24:09.0103 0932 \Device\Harddisk0\DR0 - ok
21:24:09.0118 0932 Boot (0x1200) (23c13e77fc033df478d574c4452f0b78) \Device\Harddisk0\DR0\Partition0
21:24:09.0196 0932 \Device\Harddisk0\DR0\Partition0 - ok
21:24:09.0196 0932 ============================================================
21:24:09.0196 0932 Scan finished
21:24:09.0196 0932 ============================================================
21:24:09.0212 1772 Detected object count: 1
21:24:09.0212 1772 Actual detected object count: 1
21:24:50.0551 1772 Cdrom ( ForgedFile.Multi.Generic ) - skipped by user
21:24:50.0551 1772 Cdrom ( ForgedFile.Multi.Generic ) - User select action: Skip

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

So Combofix is running, but hasnt had any progress/changes for about 30 minutes. Is this normal?

What's the situation with Combofix?

I woke up in the morning today after leaving combofix running all night and there wasnt any progress. I will retry tomorrow morning (in 8 hours)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================================

Lets run the following tool. This will help determine which files need permissions restored.

Please download and save Junction.zip

Unzip it and place Junction.exe in the Windows directory (C:\Windows).
Go to Start>Run (Vista and Windows 7 users use "Start search" box).
Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system.
Wait until a log file opens.
Copy and paste the log in your next reply.

So I ran asw.MBR then while scanning it suddenly quit. When I tried to reopen it, it says "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I downloaded it again and ran it again. This time, before it got shutdown, I managed to save a log while it was going, which contains one infected file. Here it is:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-12 20:00:33
-----------------------------
20:00:33.203 OS Version: Windows 5.1.2600 Service Pack 3
20:00:33.203 Number of processors: 2 586 0x209
20:00:33.218 ComputerName: DELL4600 UserName: Lynn
20:00:33.718 Initialize success
20:00:41.859 AVAST engine defs: 11101201
20:00:53.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:00:53.265 Disk 0 Vendor: WDC_WD800BB-75FRA0 77.07W77 Size: 76293MB BusType: 3
20:00:55.265 Disk 0 MBR read successfully
20:00:55.265 Disk 0 MBR scan
20:00:55.296 Disk 0 Windows XP default MBR code
20:00:55.296 Disk 0 scanning sectors +156232125
20:00:55.390 Disk 0 scanning C:\WINDOWS\system32\drivers
20:00:56.937 File: C:\WINDOWS\system32\drivers\cdrom.sys **INFECTED** Win32:Crypt-KMR [Trj]
20:01:04.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lynn\Desktop\MBR.dat"
20:01:04.359 The log file has been saved successfully to "C:\Documents and Settings\Lynn\Desktop\aswMBR.txt"






Junction Log


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Documents and Settings\Lynn\Desktop\aswMBR.exe: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\Documents and Settings\Lynn\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Lynn\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow: Access is denied.


..


Failed to open \\?\c:\\Documents and Settings\Lynn\Local Settings\Temp\McInstallTemp (4)\Install.exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Lynn\Local Settings\Temp\McInstallTemp (4)\Riskscan.exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Lynn\Local Settings\Temp\McTemp (2)\6255\Download_Files\mmips\stinger.exe: Access is denied.


...


Failed to open \\?\c:\\Documents and Settings\Lynn\Local Settings\Temporary Internet Files\Content.IE5\WLXV2RMS\aswMBR[1].exe: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\Common Files\McAfee\SystemCore\mcshield.exe: Access is denied.


.
Failed to open \\?\c:\\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE: Access is denied.


..

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Program Files\McAfee\MPF\MpfAlert.exe: Access is denied.




...

...

...

...

...

...

...

..
Failed to open \\?\c:\\WINDOWS\$NtUninstallKB19751$: Access is denied.


.

...

...

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

..

...

...

...

...

...

...

...

...

...

.

Please download GrantPerms.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe (32-bit system) or GrantPerms64.exe (64-bit system)
Copy and paste the following in the edit box:


Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.

GrantPerms by Farbar
Ran by Lynn at 2011-10-13 14:43:45

===============================================
\\?\c:\\WINDOWS\$NtUninstallKB19751$

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


\\?\c:\\Program Files\McAfee\MPF\MpfAlert.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Lynn\Local Settings\Temporary Internet Files\Content.IE5\WLXV2RMS\aswMBR[1].exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Lynn\Local Settings\Temp\McTemp (2)\6255\Download_Files\mmips\stinger.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Lynn\Local Settings\Temp\McInstallTemp (4)\Riskscan.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Lynn\Local Settings\Temp\McInstallTemp (4)\Install.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Lynn\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Lynn\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Lynn\Desktop\aswMBR.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\System Volume Information

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
BUILTIN\Users ADD FILE ALLOW (CI)(I)

Delete your Combofix file, download fresh one and see if it'll run now.

It ran!!!!! woooo



ComboFix 11-10-13.05 - Lynn 10/13/2011 15:09:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.965 [GMT -7:00]
Running from: c:\documents and settings\Lynn\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lynn\Application Data\d22oFF3pm5QJdE8AV Guard Online.ico
c:\documents and settings\Lynn\Application Data\KibbFF3pmGAV Guard Online.ico
c:\documents and settings\Lynn\EhSvc.dll
c:\documents and settings\Lynn\Launcher.exe
c:\documents and settings\Lynn\My Documents\~WRL1721.tmp
c:\program files\Common
c:\windows\$NtUninstallKB19751$
c:\windows\$NtUninstallKB19751$\1042333577
c:\windows\$NtUninstallKB19751$\46575646\@
c:\windows\$NtUninstallKB19751$\46575646\bckfg.tmp
c:\windows\$NtUninstallKB19751$\46575646\cfg.ini
c:\windows\$NtUninstallKB19751$\46575646\Desktop.ini
c:\windows\$NtUninstallKB19751$\46575646\keywords
c:\windows\$NtUninstallKB19751$\46575646\kwrd.dll
c:\windows\$NtUninstallKB19751$\46575646\L\dofmoesx
c:\windows\$NtUninstallKB19751$\46575646\lsflt7.ver
c:\windows\$NtUninstallKB19751$\46575646\U\00000001.@
c:\windows\$NtUninstallKB19751$\46575646\U\00000002.@
c:\windows\$NtUninstallKB19751$\46575646\U\80000000.@
c:\windows\$NtUninstallKB19751$\46575646\U\80000032.@
c:\windows\514901506
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_2c6b01e
.
.
((((((((((((((((((((((((( Files Created from 2011-09-13 to 2011-10-13 )))))))))))))))))))))))))))))))
.
.
2011-10-13 03:04 . 2010-09-07 22:39 150392 ----a-w- c:\windows\junction.exe
2011-10-10 03:39 . 2011-04-14 21:01 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-10-10 03:39 . 2011-04-14 21:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-10 03:39 . 2011-04-14 21:01 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-10 03:39 . 2011-04-14 21:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-10 03:39 . 2011-04-14 21:01 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-10 03:39 . 2011-04-14 21:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-10 03:39 . 2011-04-14 21:01 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-10 03:39 . 2011-04-14 21:01 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-10 03:39 . 2011-04-14 21:01 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-10 03:39 . 2011-10-10 03:39 -------- d-----w- c:\program files\McAfee.com
2011-10-10 03:14 . 2011-03-13 18:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-05 18:32 . 2011-10-05 18:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-10-05 18:03 . 2011-10-05 18:03 -------- d-----w- c:\documents and settings\Lynn\Application Data\D9hhTTXwjUVeIB
2011-10-05 18:03 . 2011-10-05 18:03 -------- d-----w- c:\documents and settings\Lynn\Application Data\kCCCekkIVrOyx0u
2011-10-05 18:03 . 2011-10-05 18:03 -------- d-----w- c:\documents and settings\Lynn\Application Data\d22oFF3pm5QJdE8
2011-10-05 17:58 . 2011-10-05 17:58 -------- d-----w- c:\documents and settings\Lynn\Application Data\RIIIVrrzONtA0vS
2011-10-05 17:58 . 2011-10-05 17:58 -------- d-----w- c:\documents and settings\Lynn\Application Data\KibbFF3pmG
2011-10-05 17:58 . 2011-10-05 17:58 -------- d-----w- c:\documents and settings\Lynn\Application Data\J22oobF3pmG5QJd
2011-09-30 06:40 . 2011-09-30 06:40 -------- d-----w- c:\program files\Common Files\Adobe
2011-09-30 06:15 . 2011-09-30 06:58 -------- d-----w- c:\windows\SxsCaPendDel
2011-09-26 01:25 . 2011-09-26 01:25 -------- d-----w- c:\program files\Apple Software Update
2011-09-21 18:11 . 2011-09-21 18:11 -------- d-----w- c:\program files\CA Business Start-Up Forms
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-29 06:53 . 2011-10-01 06:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-27 04:04 . 2009-12-25 20:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 21:01 . 2011-10-10 03:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-27 319280]
"UpdateFlow.ATT-SST"="c:\program files\ATT-SST\McciBrowser.exe" [2010-06-30 1057792]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 53248]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-20 131072]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-06-30 1573888]
"UMonit"="c:\windows\system32\umonit.exe" [2004-10-28 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-27 30192]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2010-11-13 472112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"ATT_WCC"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-04 273544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1195408]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Lynn\\My Documents\\Downloads\\SRO_L4_Full_Client_Downloader.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Lynn\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabledure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25928:TCP"= 25928:TCP:BitComet 25928 TCP
"25928:UDP"= 25928:UDP:BitComet 25928 UDP
"67:UDP"= 67:UDPHCP Discovery Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/09/2011 8:39 PM 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/09/2011 8:39 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/09/2011 8:39 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [10/09/2011 8:39 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [10/09/2011 8:39 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/09/2011 8:14 PM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/09/2011 8:39 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/09/2011 8:39 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/09/2011 8:39 PM 88736]
S0 cerc6;cerc6; [x]
S2 gupdate1c99383a758ac58;Google Update Service (gupdate1c99383a758ac58);c:\program files\Google\Update\GoogleUpdate.exe [02/20/2009 10:49 AM 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [08/05/2009 9:44 AM 16512]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [07/17/2009 10:11 AM 6016]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/25/2009 1:42 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/20/2009 10:49 AM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/09/2011 8:39 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/09/2011 8:39 PM 84488]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 2:57 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-25 01:41]
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 17:49]
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 17:49]
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1500820517-1644491937-1003Core.job
- c:\documents and settings\Lynn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 15:59]
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1500820517-1644491937-1003UA.job
- c:\documents and settings\Lynn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 15:59]
.
2011-10-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1500820517-1644491937-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-10-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1500820517-1644491937-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Lynn\Application Data\Mozilla\Firefox\Profiles\ujxsiy3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Simple Sticky Notes - c:\program files\Simnet\Simple Sticky Notes\ssn.exe
HKLM-Run-GUVVellOBtx0yS18234A - c:\windows\system32\cKK88gRRZ9YX.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-13 15:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?WZSE0.TMP\imagemate-6.30\WinXP\fixustor.sys????????????????????????????A~0:??????????tq[?l??? ??|`??|????]??|??D~????????0:??F$?|??B~??B~*?,?0:????????????????????????????????B~????????????tq[?????T?????[?????tq[???????a????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3676)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Zune\ZuneBusEnum.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-10-13 15:51:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-13 22:50
.
Pre-Run: 23,054,061,568 bytes free
Post-Run: 24,268,345,344 bytes free
.
- - End Of File - - C0C2744FF2D754F4800CC5A52C5A9C66

Very good

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box
• Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:



3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

ComboFix 11-10-13.05 - Lynn 10/13/2011 16:48:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.860 [GMT -7:00]
Running from: c:\documents and settings\Lynn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lynn\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lynn\Application Data\d22oFF3pm5QJdE8
c:\documents and settings\Lynn\Application Data\D9hhTTXwjUVeIB
c:\documents and settings\Lynn\Application Data\J22oobF3pmG5QJd
c:\documents and settings\Lynn\Application Data\kCCCekkIVrOyx0u
c:\documents and settings\Lynn\Application Data\KibbFF3pmG
c:\documents and settings\Lynn\Application Data\ldr.ini
c:\documents and settings\Lynn\Application Data\RIIIVrrzONtA0vS
c:\program files\version.txt
c:\windows\dasetup.log
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-13 22:45 . 2011-10-13 22:45 -------- d-----w- c:\windows\LastGood
2011-10-13 03:04 . 2010-09-07 22:39 150392 ----a-w- c:\windows\junction.exe
2011-10-10 03:39 . 2011-04-14 21:01 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-10-10 03:39 . 2011-04-14 21:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-10 03:39 . 2011-04-14 21:01 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-10-10 03:39 . 2011-04-14 21:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-10 03:39 . 2011-04-14 21:01 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-10-10 03:39 . 2011-04-14 21:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-10 03:39 . 2011-04-14 21:01 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-10-10 03:39 . 2011-04-14 21:01 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-10 03:39 . 2011-04-14 21:01 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-10 03:39 . 2011-10-10 03:39 -------- d-----w- c:\program files\McAfee.com
2011-10-10 03:14 . 2011-03-13 18:45 148520 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-05 18:32 . 2011-10-05 18:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-09-30 06:40 . 2011-09-30 06:40 -------- d-----w- c:\program files\Common Files\Adobe
2011-09-30 06:15 . 2011-09-30 06:58 -------- d-----w- c:\windows\SxsCaPendDel
2011-09-26 01:25 . 2011-09-26 01:25 -------- d-----w- c:\program files\Apple Software Update
2011-09-21 18:11 . 2011-09-21 18:11 -------- d-----w- c:\program files\CA Business Start-Up Forms
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-29 06:53 . 2011-10-01 06:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-27 04:04 . 2009-12-25 20:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2011-04-14 21:01 . 2011-10-10 03:39 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-13_22.34.44 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-25 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-27 319280]
"UpdateFlow.ATT-SST"="c:\program files\ATT-SST\McciBrowser.exe" [2010-06-30 1057792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-20 53248]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-20 131072]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-06-30 1573888]
"UMonit"="c:\windows\system32\umonit.exe" [2004-10-28 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-27 30192]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2010-11-13 472112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"ATT_WCC"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2009-11-18 1577984]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-07-04 273544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1195408]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Lynn\\My Documents\\Downloads\\SRO_L4_Full_Client_Downloader.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Lynn\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabledure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25928:TCP"= 25928:TCP:BitComet 25928 TCP
"25928:UDP"= 25928:UDP:BitComet 25928 UDP
"67:UDP"= 67:UDPHCP Discovery Service
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/09/2011 8:39 PM 84200]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/09/2011 8:39 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/09/2011 8:39 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [10/09/2011 8:39 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [10/09/2011 8:39 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/09/2011 8:14 PM 148520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/09/2011 8:39 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/09/2011 8:39 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/09/2011 8:39 PM 88736]
S0 cerc6;cerc6; [x]
S2 gupdate1c99383a758ac58;Google Update Service (gupdate1c99383a758ac58);c:\program files\Google\Update\GoogleUpdate.exe [02/20/2009 10:49 AM 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [08/05/2009 9:44 AM 16512]
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [07/17/2009 10:11 AM 6016]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/25/2009 1:42 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/20/2009 10:49 AM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10/09/2011 8:39 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/09/2011 8:39 PM 84488]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 2:57 PM 268528]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-25 01:41]
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 17:49]
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 17:49]
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1500820517-1644491937-1003Core.job
- c:\documents and settings\Lynn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 15:59]
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1500820517-1644491937-1003UA.job
- c:\documents and settings\Lynn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 15:59]
.
2011-10-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1645522239-1500820517-1644491937-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
2011-10-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1645522239-1500820517-1644491937-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 17:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Lynn\Application Data\Mozilla\Firefox\Profiles\ujxsiy3v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-13 17:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe?WZSE0.TMP\imagemate-6.30\WinXP\fixustor.sys????????????????????????????A~0:??????????tq[?l??? ??|`??|????]??|??D~????????0:??F$?|??B~??B~*?,?0:????????????????????????????????B~????????????tq[?????T?????[?????tq[???????a????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-13 17:12:24
ComboFix-quarantined-files.txt 2011-10-14 00:12
ComboFix2.txt 2011-10-13 22:51
.
Pre-Run: 24,270,839,808 bytes free
Post-Run: 24,262,479,872 bytes free
.
- - End Of File - - 0F19467B3C301401DE92857AD8DCFD7A