Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect and other problems

Started by skinnypig , Jul 30 2010 11:43 AM

  • This topic is locked This topic is locked

#1
skinnypig
Posted 30 July 2010 - 11:43 AM

skinnypig

    Member

  • Member
  • PipPip
  • 44 posts
Hi, I’ve been hit by the dreaded Google redirect bug. I’ve run scans with both McAfee and Super Spyware killer, both of them picked stuff up but nothing has improved and now McAfee won’t start up at all(it complains about ‘comcappfactory 0x80004015).

Also, just prior to getting the Google bug the machine was sending out lots of spam, I’m not sure if this has stopped as with McAfee no longer working I have no way of knowing.

Any Help would be gratefully received.

P.S.
About a week before all this happened my other computer was infected with something that made it also send out spam, this is currently being dealt with by someone on this board; but I’ve been using a USB stick to move some files between the two machines. Is there any chance that this has spread the infection between the two computers?
  • 0

Advertisements

#2
Rorschach112
Posted 30 July 2010 - 12:05 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
skinnypig
Posted 31 July 2010 - 03:16 AM

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
thanks, here's the log:
------------------------------------------
2010/07/31 10:11:43.0671 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/07/31 10:11:43.0671 ================================================================================
2010/07/31 10:11:43.0671 SystemInfo:
2010/07/31 10:11:43.0671
2010/07/31 10:11:43.0671 OS Version: 5.1.2600 ServicePack: 3.0
2010/07/31 10:11:43.0671 Product type: Workstation
2010/07/31 10:11:43.0671 ComputerName: STELLASTARH
2010/07/31 10:11:43.0671 UserName: admin
2010/07/31 10:11:43.0671 Windows directory: C:\WINDOWS
2010/07/31 10:11:43.0671 System windows directory: C:\WINDOWS
2010/07/31 10:11:43.0671 Processor architecture: Intel x86
2010/07/31 10:11:43.0671 Number of processors: 2
2010/07/31 10:11:43.0671 Page size: 0x1000
2010/07/31 10:11:43.0671 Boot type: Normal boot
2010/07/31 10:11:43.0671 ================================================================================
2010/07/31 10:11:44.0343 Initialize success
2010/07/31 10:11:59.0296 ================================================================================
2010/07/31 10:11:59.0296 Scan started
2010/07/31 10:11:59.0296 Mode: Manual;
2010/07/31 10:11:59.0296 ================================================================================
2010/07/31 10:12:01.0375 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2010/07/31 10:12:01.0546 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/07/31 10:12:01.0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/07/31 10:12:01.0843 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/07/31 10:12:02.0000 ADILOADER (2b3b8c0a2c979dd77ba6dc9376074854) C:\WINDOWS\system32\Drivers\adildr.sys
2010/07/31 10:12:02.0187 adiusbaw (d478c566318803a7063b120f026dc0b7) C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
2010/07/31 10:12:02.0343 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/07/31 10:12:02.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/07/31 10:12:02.0750 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/07/31 10:12:02.0984 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2010/07/31 10:12:03.0125 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/07/31 10:12:03.0265 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/07/31 10:12:03.0437 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/07/31 10:12:03.0578 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/07/31 10:12:03.0734 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/07/31 10:12:03.0875 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/07/31 10:12:04.0015 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/07/31 10:12:04.0234 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/07/31 10:12:04.0375 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/07/31 10:12:04.0578 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/07/31 10:12:04.0781 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/07/31 10:12:05.0046 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/07/31 10:12:05.0187 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/07/31 10:12:05.0390 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/07/31 10:12:05.0531 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS
2010/07/31 10:12:05.0750 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2010/07/31 10:12:05.0937 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/07/31 10:12:06.0187 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/07/31 10:12:06.0312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/07/31 10:12:06.0562 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/07/31 10:12:06.0781 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2010/07/31 10:12:06.0953 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys
2010/07/31 10:12:07.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/07/31 10:12:07.0375 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/07/31 10:12:07.0593 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/07/31 10:12:07.0796 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/07/31 10:12:08.0125 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/07/31 10:12:08.0734 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/07/31 10:12:09.0296 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/07/31 10:12:09.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/07/31 10:12:09.0703 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/07/31 10:12:09.0953 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/07/31 10:12:10.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/07/31 10:12:10.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/07/31 10:12:10.0812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/07/31 10:12:11.0703 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/07/31 10:12:11.0968 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/07/31 10:12:12.0312 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/07/31 10:12:12.0687 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/07/31 10:12:13.0390 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/07/31 10:12:13.0843 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/07/31 10:12:14.0421 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/07/31 10:12:14.0937 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/07/31 10:12:15.0250 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/07/31 10:12:15.0656 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/07/31 10:12:16.0187 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/07/31 10:12:16.0390 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/07/31 10:12:16.0890 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/07/31 10:12:17.0171 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/07/31 10:12:17.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/07/31 10:12:18.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/07/31 10:12:18.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/07/31 10:12:18.0625 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/07/31 10:12:18.0968 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/07/31 10:12:19.0359 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/07/31 10:12:19.0750 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/07/31 10:12:20.0109 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/07/31 10:12:20.0546 DTV_Capture_2X0 (5ad19fd45820173e094194c1e6f719ef) C:\WINDOWS\system32\Drivers\DTV_Capture_2X0.sys
2010/07/31 10:12:20.0968 DTV_Loader_2X1 (cca7bad75040e7521597a22e3c95af12) C:\WINDOWS\system32\Drivers\DTV_Loader_2X1.sys
2010/07/31 10:12:21.0375 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/07/31 10:12:21.0625 fasttx2k (3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2010/07/31 10:12:21.0859 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/07/31 10:12:22.0109 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS
2010/07/31 10:12:22.0312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/07/31 10:12:22.0562 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/07/31 10:12:22.0953 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/07/31 10:12:23.0250 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/07/31 10:12:24.0015 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/07/31 10:12:25.0406 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/07/31 10:12:25.0875 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2010/07/31 10:12:26.0343 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2010/07/31 10:12:26.0906 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/07/31 10:12:27.0875 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/07/31 10:12:28.0359 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/07/31 10:12:28.0750 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/07/31 10:12:29.0140 hotcore3 (4bab16afc2b0029e09c67daa8ec722a2) C:\WINDOWS\system32\drivers\hotcore3.sys
2010/07/31 10:12:29.0531 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/07/31 10:12:29.0968 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/07/31 10:12:30.0390 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/07/31 10:12:30.0640 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/07/31 10:12:31.0187 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/07/31 10:12:31.0718 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/07/31 10:12:32.0343 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/07/31 10:12:32.0781 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/07/31 10:12:33.0250 iaStor (c9f030a5e43aedfabe0a39df0a0dcbeb) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/07/31 10:12:33.0687 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/07/31 10:12:34.0140 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/07/31 10:12:34.0703 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/07/31 10:12:35.0328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/07/31 10:12:36.0234 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/07/31 10:12:36.0546 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/07/31 10:12:36.0968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/07/31 10:12:37.0296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/07/31 10:12:37.0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/07/31 10:12:38.0234 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/07/31 10:12:39.0125 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/07/31 10:12:39.0484 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/07/31 10:12:40.0031 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/07/31 10:12:40.0265 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/07/31 10:12:40.0734 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/07/31 10:12:41.0203 m5287 (fc969e4e53c602884958a5fdffc53526) C:\WINDOWS\system32\DRIVERS\m5287.sys
2010/07/31 10:12:41.0546 m5289 (2424b13987360840b4bf4e5fb5a66d3f) C:\WINDOWS\system32\DRIVERS\m5289.sys
2010/07/31 10:12:42.0406 MagicTune (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTiCtwl.sys
2010/07/31 10:12:43.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/07/31 10:12:43.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/07/31 10:12:43.0984 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/07/31 10:12:44.0406 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/07/31 10:12:44.0734 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/07/31 10:12:45.0171 MPFIREWL (537b049dbaba4febcdaae711c0f2805b) C:\WINDOWS\system32\Drivers\MpFirewall.sys
2010/07/31 10:12:45.0578 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/07/31 10:12:45.0890 mrtRate (770fc1d07b3c4ea960d52067a0740b09) C:\WINDOWS\system32\drivers\mrtRate.sys
2010/07/31 10:12:46.0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/07/31 10:12:47.0218 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/07/31 10:12:47.0718 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2010/07/31 10:12:48.0296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/07/31 10:12:48.0640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/07/31 10:12:49.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/07/31 10:12:49.0375 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/07/31 10:12:49.0609 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/07/31 10:12:49.0671 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys
2010/07/31 10:12:49.0968 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/07/31 10:12:50.0125 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/07/31 10:12:50.0296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/07/31 10:12:50.0500 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/07/31 10:12:50.0640 NaiAvFilter1 (affd46144d763d9046673dd2d012cff9) C:\WINDOWS\system32\drivers\naiavf5x.sys
2010/07/31 10:12:50.0859 NCPro (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTictwl.sys
2010/07/31 10:12:50.0953 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/07/31 10:12:51.0171 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/07/31 10:12:51.0437 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/07/31 10:12:51.0593 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/07/31 10:12:51.0750 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/07/31 10:12:51.0890 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/07/31 10:12:52.0093 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/07/31 10:12:52.0218 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/07/31 10:12:52.0453 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/07/31 10:12:52.0500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/07/31 10:12:52.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/07/31 10:12:52.0859 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/07/31 10:12:53.0062 nuvvid2 (9428b4aff32994d0fab58395e72b45da) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
2010/07/31 10:12:53.0312 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/07/31 10:12:53.0609 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/07/31 10:12:53.0765 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/07/31 10:12:53.0921 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/07/31 10:12:54.0062 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/07/31 10:12:54.0312 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/07/31 10:12:54.0359 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/07/31 10:12:54.0656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/07/31 10:12:54.0812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/07/31 10:12:55.0062 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/07/31 10:12:55.0296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/07/31 10:12:55.0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/07/31 10:12:55.0828 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/07/31 10:12:56.0109 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/07/31 10:12:56.0312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/07/31 10:12:56.0453 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/07/31 10:12:56.0671 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/07/31 10:12:56.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/07/31 10:12:57.0015 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/07/31 10:12:57.0171 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/07/31 10:12:57.0375 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/07/31 10:12:57.0546 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/07/31 10:12:57.0734 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/07/31 10:12:57.0906 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/07/31 10:12:58.0250 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/07/31 10:12:58.0421 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/07/31 10:12:58.0593 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/07/31 10:12:58.0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/07/31 10:12:59.0015 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/07/31 10:12:59.0312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/07/31 10:12:59.0515 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/07/31 10:12:59.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/07/31 10:13:00.0093 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/07/31 10:13:00.0359 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/07/31 10:13:00.0640 rtl8185 (1ec5340442a5b5f7065c563ac1d8c625) C:\WINDOWS\system32\DRIVERS\rtl8185.sys
2010/07/31 10:13:00.0875 s3017bus (aa786ad3a2684d39630744787b00e6f4) C:\WINDOWS\system32\DRIVERS\s3017bus.sys
2010/07/31 10:13:01.0156 s3017mdfl (cba4ca5bce44084e98ce420fd6692d3a) C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys
2010/07/31 10:13:01.0421 s3017mdm (68036eff647970d6c0399789c8707cad) C:\WINDOWS\system32\DRIVERS\s3017mdm.sys
2010/07/31 10:13:01.0640 s3017mgmt (3672e7f9349bd98fd3f5ac33e7b2b1a6) C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys
2010/07/31 10:13:01.0750 s3017nd5 (b1133b37eb184aef81d56b4302dbae9c) C:\WINDOWS\system32\DRIVERS\s3017nd5.sys
2010/07/31 10:13:01.0968 s3017obex (d81b1d504aa1426622e7ec09f25130a9) C:\WINDOWS\system32\DRIVERS\s3017obex.sys
2010/07/31 10:13:02.0109 s3017unic (7b95c53ea8bb585013767eef2875c0a0) C:\WINDOWS\system32\DRIVERS\s3017unic.sys
2010/07/31 10:13:02.0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/07/31 10:13:02.0593 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/07/31 10:13:02.0750 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/07/31 10:13:02.0890 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/07/31 10:13:03.0171 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/07/31 10:13:03.0296 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/07/31 10:13:03.0484 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/07/31 10:13:03.0671 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/07/31 10:13:03.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/07/31 10:13:04.0031 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/07/31 10:13:04.0281 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/07/31 10:13:04.0421 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
2010/07/31 10:13:04.0593 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
2010/07/31 10:13:04.0796 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
2010/07/31 10:13:04.0953 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2010/07/31 10:13:05.0250 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/07/31 10:13:05.0500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/07/31 10:13:05.0640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/07/31 10:13:05.0890 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/07/31 10:13:06.0078 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/07/31 10:13:06.0250 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/07/31 10:13:06.0406 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/07/31 10:13:06.0640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/07/31 10:13:06.0796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/07/31 10:13:06.0953 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/07/31 10:13:07.0125 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/07/31 10:13:07.0312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/07/31 10:13:07.0562 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/07/31 10:13:07.0812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/07/31 10:13:08.0015 UimBus (31e9211eacb50317bc2333ce4358a23e) C:\WINDOWS\system32\DRIVERS\UimBus.sys
2010/07/31 10:13:08.0140 Uim_IM (5237bb4b8390325936a38b55d72c23b4) C:\WINDOWS\system32\Drivers\Uim_IM.sys
2010/07/31 10:13:08.0421 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/07/31 10:13:08.0656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/07/31 10:13:08.0812 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/07/31 10:13:09.0109 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/07/31 10:13:09.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/07/31 10:13:09.0515 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/07/31 10:13:09.0734 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/07/31 10:13:09.0984 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/07/31 10:13:10.0187 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/07/31 10:13:10.0328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/07/31 10:13:10.0531 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/07/31 10:13:10.0796 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/07/31 10:13:11.0421 VC4CB104 (4372398a6ae42586eb1c6533dd3b575d) C:\WINDOWS\system32\Drivers\VC4CB104.SYS
2010/07/31 10:13:11.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/07/31 10:13:12.0187 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/07/31 10:13:12.0453 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/07/31 10:13:12.0875 viamraid (65864aba65eee06ea586009301834e43) C:\WINDOWS\system32\DRIVERS\viamraid.sys
2010/07/31 10:13:13.0281 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/07/31 10:13:13.0921 W8100PCI (bf3df9fe7a0ea66690a4324655cd0c0a) C:\WINDOWS\system32\DRIVERS\mrv8k51.sys
2010/07/31 10:13:14.0421 W8100XP (f47660ee2cc6161540106b6bfa207f35) C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys
2010/07/31 10:13:14.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/07/31 10:13:15.0468 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/07/31 10:13:16.0234 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/07/31 10:13:16.0890 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/07/31 10:13:17.0421 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/07/31 10:13:17.0906 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/07/31 10:13:18.0343 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/07/31 10:13:18.0765 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/07/31 10:13:19.0156 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/07/31 10:13:19.0609 ================================================================================
2010/07/31 10:13:19.0609 Scan finished
2010/07/31 10:13:19.0609 ================================================================================
  • 0

#4
Rorschach112
Posted 31 July 2010 - 04:24 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
skinnypig
Posted 31 July 2010 - 01:59 PM

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
hi, Combofix will not run, it gives me a bunch of error messages under the heading 32788R22FWJFW\iexplore.exe "windows can not access the specific device, path, or file. You may not have permissions to access the item."

what should I do?
  • 0

#6
Rorschach112
Posted 01 August 2010 - 06:15 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
rename combofix to svchost.com and run it in safe mode
  • 0

#7
skinnypig
Posted 01 August 2010 - 11:24 AM

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I ran Combofix in safe mode,it couldn't install Rescue and Recovery due to the lack of an internet connection.
Also, upon restarting the machine my anti virus software will not start (I'm using Mcafee)so I now have no virus protection at all.

Here's the combofix log:
-------------------------------------
ComboFix 10-07-31.04 - admin 01/08/2010 17:24:46.1.2 - x86 MINIMAL
Running from: c:\documents and settings\admin\Desktop\svchost.com.exe
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CEPx5A7A.tmp
C:\CEPx5A7C.tmp
C:\CEPx5A7F.tmp
C:\CEPx5A82.tmp
C:\CEPx5A86.tmp
C:\CEPx5A89.tmp
C:\CEPx5A8C.tmp
C:\CEPx5A8F.tmp
C:\CEPx5A96.tmp
C:\CEPx5A97.tmp
C:\CEPx5A9A.tmp
C:\CEPx5AA0.tmp
C:\CEPx5AA3.tmp
C:\CEPx5AA6.tmp
C:\CEPx5AAA.tmp
C:\CEPx5AAD.tmp
C:\CEPx5AB0.tmp
C:\CEPx5AB2.tmp
C:\CEPx5AB3.tmp
C:\CEPx5AB5.tmp
C:\CEPx5AB8.tmp
C:\CEPx5ABE.tmp
C:\CEPx5ABF.tmp
C:\CEPx5AC1.tmp
C:\CEPx5AC4.tmp
C:\CEPx5AC9.tmp
C:\CEPx5AD0.tmp
C:\CEPx5AD1.tmp
C:\CEPx5AD3.tmp
C:\CEPx5ADA.tmp
C:\CEPx5ADD.tmp
C:\CEPx5AE0.tmp
C:\CEPx5AE3.tmp
C:\CEPx5AE5.tmp
C:\CEPx5B05.tmp
C:\CEPx5B08.tmp
C:\CEPx5B0E.tmp
C:\CEPx5B0F.tmp
C:\CEPx5B14.tmp
C:\CEPx5B15.tmp
C:\CEPx5B17.tmp
C:\CEPx5B1A.tmp
C:\CEPx5B1F.tmp
C:\CEPx5B20.tmp
C:\CEPx5B22.tmp
C:\CEPx5B29.tmp
C:\CEPx5B2A.tmp
C:\CEPx9F25.tmp
c:\documents and settings\admin\8tw3W.com
c:\documents and settings\admin\Application Data\ogix.exe
c:\documents and settings\admin\ddenwg.exe
c:\documents and settings\admin\Local Settings\Application Data\8tw3W.exe
c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\documents and settings\admin\secupdat.dat
c:\documents and settings\All Users\Application Data\8tw3W.exe
c:\documents and settings\All Users\Application Data\Adobe\sp.Dll
c:\documents and settings\All Users\Application Data\hpe19F.dll
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\NetworkService\Local Settings\Application Data\8tw3W.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee.com\Agent\McUpdate .exe
c:\progra~1\McAfee.com\Agent\McUpdate.exe
c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\CyberLink\PowerStarter\PowerBar.exe
c:\program files\McAfee.com\VSO\oasclnt.exe
c:\program files\MultiScreen\MultiScreen.exe
c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask.exe
c:\windows\AUTOLNCH.REG
c:\windows\Fonts\8tw3W.com
c:\windows\Hook.dll
c:\windows\system32\config\systemprofile\8tw3W.com
c:\windows\system32\images
c:\windows\system32\images\3models.gif
c:\windows\system32\images\but3_off.gif
c:\windows\system32\images\but3_on.gif
c:\windows\system32\images\main_bot.gif
c:\windows\system32\images\main_mid.gif
c:\windows\system32\images\main_top.gif
c:\windows\system32\images\model1.gif
c:\windows\system32\images\panel_bot.gif
c:\windows\system32\images\panel_top.gif
c:\windows\system32\images\pc.gif
c:\windows\system32\images\pcw_award_cover.gif
c:\windows\system32\images\pcwcover.gif
c:\windows\system32\images\Thumbs.db
c:\windows\system32\images\topoff.gif
c:\windows\system32\images\topon.gif
c:\windows\system32\images\webscreen.gif
c:\windows\system32\Thumbs.db
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job

<pre>
c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate .exe ---^> c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe ---^> c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe ---^> c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\Common Files\Java\Java Update\jusched .exe ---^> c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\CyberLink\PowerStarter\PowerBar .exe ---^> c:\program files\CyberLink\PowerStarter\PowerBar.exe
c:\program files\McAfee.com\VSO\oasclnt .exe ---^> c:\program files\McAfee.com\VSO\oasclnt.exe
c:\program files\MultiScreen\MultiScreen .exe ---^> c:\program files\MultiScreen\MultiScreen.exe
c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan .exe ---^> c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
c:\program files\QuickTime\qttask        .exe ---^> c:\program files\QuickTime\qttask.exe
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SPService


((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-08-01 16:17 . 2010-08-01 16:17 -------- d-----w- C:\svchost.com19763s
2010-08-01 16:17 . 2010-08-01 16:17 -------- d-----w- C:\svchost.com
2010-07-30 23:31 . 2010-07-30 23:30 36876 ----a-w- c:\windows\system32\8tw3W.com
2010-07-30 08:30 . 2010-07-30 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-29 09:14 . 2010-07-29 09:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-14 16:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 13:16 . 2010-07-08 16:58 -------- d-----w- c:\program files\Multimedia Fusion 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 16:45 . 2009-07-15 17:54 -------- d-----w- c:\program files\MultiScreen
2010-08-01 16:43 . 2009-06-05 19:54 -------- d-----w- c:\program files\QuickTime
2010-08-01 16:03 . 2009-10-17 23:53 -------- d-----w- c:\documents and settings\admin\Application Data\uTorrent
2010-08-01 09:17 . 2010-02-03 21:06 -------- d-----w- c:\documents and settings\admin\Application Data\vlc
2010-08-01 04:21 . 2007-03-26 18:44 -------- d-----w- c:\program files\Azureus
2010-07-31 09:05 . 2004-08-03 22:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-07-30 23:35 . 2008-07-25 19:43 32352 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-07-30 23:27 . 2005-09-09 22:03 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-07-30 23:14 . 2010-07-30 23:04 112 ----a-w- c:\documents and settings\All Users\Application Data\18dydK371.dat
2010-07-30 23:09 . 2006-02-20 20:54 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-30 22:57 . 2008-07-25 19:43 38448 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-07-30 18:11 . 2004-10-27 15:21 36868 ----a-w- c:\windows\system32\HDAShCut.exe
2010-07-29 09:14 . 2006-10-02 16:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 21:30 . 2006-02-20 21:52 112520 -c--a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 17:03 . 2008-09-15 14:57 -------- d-----w- c:\program files\truespace6
2010-07-13 13:29 . 2008-12-03 19:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-13 13:10 . 2010-07-13 13:09 34144256 ----a-w- C:\CEPx5A75.tmp
2010-07-07 13:18 . 2008-05-15 14:49 -------- d-----w- c:\documents and settings\admin\Application Data\Clickteam
2010-06-14 20:34 . 2010-06-14 20:34 -------- d-----w- c:\documents and settings\admin\Application Data\Facebook
2010-05-04 17:20 . 2005-09-09 22:03 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2005-09-09 22:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2005-09-09 22:03 17408 ----a-w- c:\windows\system32\corpol.dll
2005-07-25 07:41 . 2005-05-26 02:17 110657 -c--a-w- c:\program files\Common Files\UninstallDrv.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2007-12-10 17:40 . 2007-12-10 17:40 6275816 -c--a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
<pre>
c:\windows\system32\HDAShCut .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2010-08-01 36872]
"uTorrent"="c:\program files\uTorrent\uTorrent .exe" [N/A]
"Google Update"="c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-01 36872]
"AdobeBridge"="" [N/A]
"PowerBar"="c:\program files\CyberLink\PowerStarter\PowerBar.exe" [2010-08-01 36872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [N/A]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2010-08-01 36872]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"MPSExe"="c:\progra~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 296488]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\McUpdate.exe" [N/A]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [N/A]
"McafWelcome"="c:\program files\McAfee.com\Agent\mcwelcom.exe" [N/A]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-07 172032]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2010-07-30 36868]
"adiras"="adiras.exe" [N/A]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2010-08-01 36872]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-08-01 36872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-08-01 36872]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2010-08-01 36872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\admin\Start Menu\Programs\Startup\
2stez03.exe [2010-7-26 36352]
3ytz86g.exe [2010-7-30 43008]
3yy3alw.exe [2010-7-31 36352]
5njefk8.exe [2010-7-29 43008]
5q1ghm8.exe [2010-7-27 36352]
60rmns8.exe [2010-7-27 36352]
75s0jk6.exe [2010-7-26 36352]
91qbcxd.exe [2010-7-31 43008]
9tu0k3w.exe [2010-7-29 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 23:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-01 16:45 36872 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 08:38 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 11:30 292136 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2010-08-01 16:45 36872 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-14 18:21 110744 -c--a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2010-08-01 16:45 36872 ----a-w- c:\program files\CyberLink\PowerStarter\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
2001-05-24 16:00 94208 -c--a-w- c:\quickenw\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 14:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
c:\program files\Windows Media Player\WMPNSCFG.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
2004-06-08 18:33 69721 -c--a-w- c:\program files\CyberLink\PowerBackup\PBKScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\iView Media\\IVIEW_M.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Adobe\\After Effects 6.0\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dllcache\\iexplore.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19820:UDP"= 19820:UDP:azureus
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"14786:TCP"= 14786:TCP:spport
"11054:TCP"= 11054:TCP:spport
"16001:TCP"= 16001:TCP:spport
"21750:TCP"= 21750:TCP:spport
"28045:TCP"= 28045:TCP:spport
"29667:TCP"= 29667:TCP:spport
"21941:TCP"= 21941:TCP:spport
"23302:TCP"= 23302:TCP:spport
"13842:TCP"= 13842:TCP:spport
"20543:TCP"= 20543:TCP:spport

R2 gupdate1c9907df6b45076;Google Update Service (gupdate1c9907df6b45076);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 dcvsthrq;dcvsthrq;c:\windows\System32\Drivers\dcvsthrq.sys [x]
R3 dqbmwxvz;dqbmwxvz;c:\windows\System32\Drivers\dqbmwxvz.sys [x]
R3 DTV_Capture_2X0;DVB-T Receiver;c:\windows\system32\Drivers\DTV_Capture_2X0.sys [2004-09-06 18432]
R3 DTV_Loader_2X1;DVB-T Loader;c:\windows\system32\Drivers\DTV_Loader_2X1.sys [2005-06-29 19328]
R3 eovzzcmo;eovzzcmo;c:\windows\System32\Drivers\eovzzcmo.sys [x]
R3 ffseligy;ffseligy;c:\windows\System32\Drivers\ffseligy.sys [x]
R3 fwxmpdup;fwxmpdup;c:\windows\System32\Drivers\fwxmpdup.sys [x]
R3 gbzrhwbo;gbzrhwbo;c:\windows\System32\Drivers\gbzrhwbo.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 gzgagndc;gzgagndc;c:\windows\System32\Drivers\gzgagndc.sys [x]
R3 jcaxwquq;jcaxwquq;c:\windows\System32\Drivers\jcaxwquq.sys [x]
R3 kbhaugwz;kbhaugwz;c:\windows\System32\Drivers\kbhaugwz.sys [x]
R3 mabnfayi;mabnfayi;c:\windows\System32\Drivers\mabnfayi.sys [x]
R3 mnqpuenj;mnqpuenj;c:\windows\System32\Drivers\mnqpuenj.sys [x]
R3 nxcateut;nxcateut;c:\windows\System32\Drivers\nxcateut.sys [x]
R3 qllhkily;qllhkily;c:\windows\System32\Drivers\qllhkily.sys [x]
R3 qqsxzuxu;qqsxzuxu;c:\windows\System32\Drivers\qqsxzuxu.sys [x]
R3 qzysskuj;qzysskuj;c:\windows\System32\Drivers\qzysskuj.sys [x]
R3 rejmzuut;rejmzuut;c:\windows\System32\Drivers\rejmzuut.sys [x]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 saafypwo;saafypwo;c:\windows\System32\Drivers\saafypwo.sys [x]
R3 sdfpoqol;sdfpoqol;c:\windows\System32\Drivers\sdfpoqol.sys [x]
R3 swxvqfgg;swxvqfgg;c:\windows\System32\Drivers\swxvqfgg.sys [x]
R3 syhwjfjd;syhwjfjd;c:\windows\System32\Drivers\syhwjfjd.sys [x]
R3 tgisafbh;tgisafbh;c:\windows\System32\Drivers\tgisafbh.sys [x]
R3 udfpt;udfpt;c:\windows\system32\drivers\udfpt.sys [x]
R3 vclixntg;vclixntg;c:\windows\System32\Drivers\vclixntg.sys [x]
R3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\DRIVERS\mrv8ka51.sys [2004-05-20 258560]
R3 xzhvhxvi;xzhvhxvi;c:\windows\System32\Drivers\xzhvhxvi.sys [x]
R3 zfuuawsp;zfuuawsp;c:\windows\System32\Drivers\zfuuawsp.sys [x]
R4 m5287;m5287;c:\windows\system32\DRIVERS\m5287.sys [2005-02-05 85888]
R4 m5289;m5289;c:\windows\system32\DRIVERS\m5289.sys [2004-12-01 51840]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2010-07-30 38448]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-02-25 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-02-25 162936]
S2 mrtRate;mrtRate; [x]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-08-01 c:\windows\Tasks\At193.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At194.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At195.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At196.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At197.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At198.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At199.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At200.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At201.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At202.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At203.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At204.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At205.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At206.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At207.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At208.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At209.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At210.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At211.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At212.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At213.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At214.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At215.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-08-01 c:\windows\Tasks\At216.job
- c:\documents and settings\All Users\Application Data\8kY6m125.exe [2010-08-01 16:50]

2010-07-30 c:\windows\Tasks\At25.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At26.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At27.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At28.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At29.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-08-01 c:\windows\Tasks\At30.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At31.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At32.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At33.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At34.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-08-01 c:\windows\Tasks\At35.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-08-01 c:\windows\Tasks\At36.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-08-01 c:\windows\Tasks\At37.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-08-01 c:\windows\Tasks\At38.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-08-01 c:\windows\Tasks\At39.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-08-01 c:\windows\Tasks\At40.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-08-01 c:\windows\Tasks\At41.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-31 c:\windows\Tasks\At42.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-31 c:\windows\Tasks\At43.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-31 c:\windows\Tasks\At44.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-31 c:\windows\Tasks\At45.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At46.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At47.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-30 c:\windows\Tasks\At48.job
- c:\windows\system32\8tw3W.com [2010-07-30 23:30]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 21:31]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 21:31]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 16:45]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 16:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mWindow Title = Tiscali Internet Access
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\mclsp.dll
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://authenticate.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\mtzxz5mg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\documents and settings\admin\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\windows\system32\Clickteam\Vitalize\v4\npcnc32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-klmdb.sys
SafeBoot-Wdf01000.sys
AddRemove-Vitalize! 4 - c:\windows\system32\Clickteam\Vitalize\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 17:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\jkrowling.com\jkrowling.sol 140 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\a\i\ligans\kids\common\flash\nav-1.6.swf\navData.sol 40 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\cosmos.bcst.yahoo.com\ver\230b\popup-2007-05-07-1251\swf\POP_tray.swf\TestMovie_Config_Info.sol 341 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\cosmos.bcst.yahoo.com\ver\242\embed-2007-08-28-1213\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\cosmos.bcst.yahoo.com\ver\250.1\embed-2007-11-14-1422\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.1\embed-2007-12-03-1552\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.6\popup-2007-12-18-1554\swf\POP_meta.swf\TestMovie_Config_Info.sol 341 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\cosmos.bcst.yahoo.com\ver\256.0\embed-2008-01-23-1334\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\cosmos.bcst.yahoo.com\ver\262.1\embed-2008-04-22-1515\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\LCOMMENGINEMGR.sol 3649 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\m\ver\270.0\embed-2008-08-14-1438\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\m\ver\271.16\embed-2009-08-27-1348\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\m\ver\271.3\embed-2009-03-26-1329\swf\yup_embed_module.swf\TestMovie_Config_Info.sol 341 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\VolumePrefs.sol 55 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\YEPBWPrefs.sol 71 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l.yimg.com\[[IMPORT]]\d.yimg.com\ks\yfp\AdPlugin.swf\session.sol 76 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\l3.c.ooyala.com\orl.sol 68015 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\lads.myspace.com\videos\myspacetv_vplayer0005.swf\preferences.sol 136 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\lads.myspace.com\videos\vplayer.swf\preferences.sol 153 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\lads.myspacecdn.com\player.sol 98 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\lads.myspacecdn.com\videos\Main.swf\MSMediaPlayerClosedClients.sol
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\lads.myspacecdn.com\videos\Main.swf\MSMediaPlayerCurrentlyPlaying.sol
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\lads.myspacecdn.com\videos\Main.swf\preferences.sol
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\layouts1.lovemyflash.com\com.quantserve.sol 74 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\login.yahoo.com\loginCache.sol 250 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\ebaystatic.com\ft1693-1.sol
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\ebaystatic.com\ft681-1.sol 72 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\ebaystatic.com\ft681-19.sol 73 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\ebaystatic.com\ft681-20.sol 73 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\effectivemeasure.net\EM_APP.sol 100 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\empirecinemas.co.uk\BookingData.sol 64 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\empirecinemas.co.uk\CustomerPaymentData.sol 102 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\en.qoob.tv\swf\adept.swf\qoob_adept.sol 57 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\es.youtube.com\soundData.sol 58 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\es.youtube.com\videostats.sol 85 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\eur.a1.yimg.com\java.europe.yimg.com\eu\any\350x200uk3.swf\yD.sol 64 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\eur.a1.yimg.com\java.europe.yimg.com\eu\sp\eurosport01\350x200uk.swf\yD.sol 64 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\whdn.williamhill.com\cms\images\bingo\site\main_promotion_holder14.swf\whBingoPromo.sol 72 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\whisperaudio.com\flash_navigators\navigator_top_5.swf\visitRecord.sol 67 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\wiad-playlist.appspot.com\analytics.sol 446 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\widget-c9.slide.com\ratings.sol 51 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\widget-d6.slide.com\ratings.sol 51 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\widget.meebo.com\mm.sol 235 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\widget.nbc.com\5c66bb00-6bd7-11dd-ad8b-0800200c9a67.sol 339 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\widgets.clearspring.com\clearspring.sol
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\widgets.nbc.com\clearspring.sol 1331 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\widgets.nbcuni.com\GTSVolume.sol 56 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\wp.vizu.com\vizuUserData.sol
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\www.adjservices.net\scripts\UserId.swf\theAdjustablesUserID.sol 90 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\www.aintitcool.com\com.jeroenwijering.sol 53 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol 94 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\pfa.levexis.com\pffc.sol
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\pl05.load.tubemogul.com\StreamMinerInfo.sol 70 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\images.metacafe.com\MetacafeFlashVideoPlayer.sol 64 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\seeqpod.cachefly.net\cache_prod\seeqpodSlimlineEmbed.swf\osprey.sol 35 bytes
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\us.mg1.mail.yahoo.com\cookies.sol
c:\documents and settings\admin\Application Data\Macromedia\Flash Player\#SharedObjects\TSYC8C8D\video.google.co.uk\googleplayer.swf\mediaPlayerUserSettings.sol

scan completed successfully
hidden files: 57

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\mclsp.dll
c:\windows\system32\SPORDER.dll
c:\windows\system32\mclsphlr\gdlsphlr.dll
c:\windows\system32\McRtl32.dll

- - - - - - - > 'explorer.exe'(2768)
c:\windows\system32\WININET.dll
c:\program files\MultiScreen\ServiceHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ASWLSVC.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\windows\system32\ASWL2K.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\MagicTune Premium\MagicTune.exe
c:\windows\system32\rundll32.exe
c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2010-08-01 18:01:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-01 17:01

Pre-Run: 9,446,088,704 bytes free
Post-Run: 10,345,607,168 bytes free

- - End Of File - - AEF390FFF354C7EE15DB567F2585F2ED
  • 0

#8
skinnypig
Posted 02 August 2010 - 06:50 AM

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
hi, things have gone from bad to worse, this morning it took several atempts to get the machine to start windows; once I had got as far as the windows login screen I was told that I have over 300 unread mesages; which I prasume meens I'm getting bombarded with spam.
All this has coinsided with Mcafee dieing on me; so should I maybe install AVG or something as runing the computer with no virus protection what so ever seems to be asking for trouble.

thanks in advance
  • 0

#9
Rorschach112
Posted 02 August 2010 - 08:15 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
you are pretty badly infected that's why


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\8tw3W.com
c:\documents and settings\All Users\Application Data\18dydK371.dat
c:\documents and settings\All Users\Application Data\18dydK371.dat
c:\windows\System32\Drivers\dcvsthrq.sys
c:\windows\System32\Drivers\dqbmwxvz.sys
c:\windows\System32\Drivers\eovzzcmo.sys
c:\windows\System32\Drivers\ffseligy.sys
c:\windows\System32\Drivers\fwxmpdup.sys
c:\windows\System32\Drivers\gbzrhwbo.sys
c:\windows\System32\Drivers\gzgagndc.sys
c:\windows\System32\Drivers\jcaxwquq.sys
c:\windows\System32\Drivers\kbhaugwz.sys
c:\windows\System32\Drivers\mabnfayi.sys
c:\windows\System32\Drivers\mnqpuenj.sys
c:\windows\System32\Drivers\nxcateut.sys
c:\windows\System32\Drivers\qllhkily.sys
c:\windows\System32\Drivers\qqsxzuxu.sys
c:\windows\System32\Drivers\qzysskuj.sys
c:\windows\System32\Drivers\rejmzuut.sys
c:\windows\System32\Drivers\saafypwo.sys
c:\windows\System32\Drivers\sdfpoqol.sys
c:\windows\System32\Drivers\swxvqfgg.sys
c:\windows\System32\Drivers\syhwjfjd.sys
c:\windows\System32\Drivers\tgisafbh.sys
c:\windows\system32\drivers\udfpt.sys
c:\windows\System32\Drivers\vclixntg.sys
c:\windows\System32\Drivers\xzhvhxvi.sys
c:\windows\System32\Drivers\zfuuawsp.sys

RenV::
c:\windows\system32\HDAShCut .exe

KillAll::

ATJob::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dllcache\\iexplore.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14786:TCP"=-
"11054:TCP"=-
"16001:TCP"=-
"21750:TCP"=-
"28045:TCP"=-
"29667:TCP"=-
"21941:TCP"=-
"23302:TCP"=-
"13842:TCP"=-
"20543:TCP"=-

Driver::
dcvsthrq
dqbmwxvz
eovzzcmo
ffseligy
fwxmpdup
gbzrhwbo
gzgagndc
jcaxwquq
kbhaugwz
mabnfayi
mnqpuenj
nxcateut
qllhkily
qqsxzuxu
qzysskuj
rejmzuut
saafypwo
sdfpoqol
swxvqfgg
syhwjfjd
tgisafbh
udfpt
vclixntg
xzhvhxvi
zfuuawsp



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#10
skinnypig
Posted 03 August 2010 - 02:18 PM

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
as befor I'm doing this step in safe mode
but this time Combofix whon't run and I'm getting an error mesage saying:
"Date Error: 2010-08-03 Check your settings"

what should I do?
  • 0

Advertisements

#11
Rorschach112
Posted 03 August 2010 - 02:38 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do this


Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services
dcvsthrq
dqbmwxvz
eovzzcmo
ffseligy
fwxmpdup
gbzrhwbo
gzgagndc
jcaxwquq
kbhaugwz
mabnfayi
mnqpuenj
nxcateut
qllhkily
qqsxzuxu
qzysskuj
rejmzuut
saafypwo
sdfpoqol
swxvqfgg
syhwjfjd
tgisafbh
udfpt
vclixntg
xzhvhxvi
zfuuawsp

:Reg

:Files
ipconfig /flushdns /c
c:\windows\system32\8tw3W.com
c:\documents and settings\All Users\Application Data\18dydK371.dat
c:\documents and settings\All Users\Application Data\18dydK371.dat
c:\windows\System32\Drivers\dcvsthrq.sys
c:\windows\System32\Drivers\dqbmwxvz.sys
c:\windows\System32\Drivers\eovzzcmo.sys
c:\windows\System32\Drivers\ffseligy.sys
c:\windows\System32\Drivers\fwxmpdup.sys
c:\windows\System32\Drivers\gbzrhwbo.sys
c:\windows\System32\Drivers\gzgagndc.sys
c:\windows\System32\Drivers\jcaxwquq.sys
c:\windows\System32\Drivers\kbhaugwz.sys
c:\windows\System32\Drivers\mabnfayi.sys
c:\windows\System32\Drivers\mnqpuenj.sys
c:\windows\System32\Drivers\nxcateut.sys
c:\windows\System32\Drivers\qllhkily.sys
c:\windows\System32\Drivers\qqsxzuxu.sys
c:\windows\System32\Drivers\qzysskuj.sys
c:\windows\System32\Drivers\rejmzuut.sys
c:\windows\System32\Drivers\saafypwo.sys
c:\windows\System32\Drivers\sdfpoqol.sys
c:\windows\System32\Drivers\swxvqfgg.sys
c:\windows\System32\Drivers\syhwjfjd.sys
c:\windows\System32\Drivers\tgisafbh.sys
c:\windows\system32\drivers\udfpt.sys
c:\windows\System32\Drivers\vclixntg.sys
c:\windows\System32\Drivers\xzhvhxvi.sys
c:\windows\System32\Drivers\zfuuawsp.sys
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  • 0

#12
skinnypig
Posted 04 August 2010 - 04:35 AM

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
cool, that worked much better,
here's the log:
------------------------------------------
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service dcvsthrq stopped successfully!
Service dcvsthrq deleted successfully!
Service dqbmwxvz stopped successfully!
Service dqbmwxvz deleted successfully!
Service eovzzcmo stopped successfully!
Service eovzzcmo deleted successfully!
Service ffseligy stopped successfully!
Service ffseligy deleted successfully!
Service fwxmpdup stopped successfully!
Service fwxmpdup deleted successfully!
Service gbzrhwbo stopped successfully!
Service gbzrhwbo deleted successfully!
Service gzgagndc stopped successfully!
Service gzgagndc deleted successfully!
Service jcaxwquq stopped successfully!
Service jcaxwquq deleted successfully!
Service kbhaugwz stopped successfully!
Service kbhaugwz deleted successfully!
Service mabnfayi stopped successfully!
Service mabnfayi deleted successfully!
Service mnqpuenj stopped successfully!
Service mnqpuenj deleted successfully!
Service nxcateut stopped successfully!
Service nxcateut deleted successfully!
Service qllhkily stopped successfully!
Service qllhkily deleted successfully!
Service qqsxzuxu stopped successfully!
Service qqsxzuxu deleted successfully!
Service qzysskuj stopped successfully!
Service qzysskuj deleted successfully!
Service rejmzuut stopped successfully!
Service rejmzuut deleted successfully!
Service saafypwo stopped successfully!
Service saafypwo deleted successfully!
Service sdfpoqol stopped successfully!
Service sdfpoqol deleted successfully!
Service swxvqfgg stopped successfully!
Service swxvqfgg deleted successfully!
Service syhwjfjd stopped successfully!
Service syhwjfjd deleted successfully!
Service tgisafbh stopped successfully!
Service tgisafbh deleted successfully!
Service udfpt stopped successfully!
Service udfpt deleted successfully!
Service vclixntg stopped successfully!
Service vclixntg deleted successfully!
Service xzhvhxvi stopped successfully!
Service xzhvhxvi deleted successfully!
Service zfuuawsp stopped successfully!
Service zfuuawsp deleted successfully!
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\admin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\admin\Desktop\cmd.txt deleted successfully.
c:\windows\system32\8tw3W.com moved successfully.
c:\documents and settings\All Users\Application Data\18dydK371.dat moved successfully.
File/Folder c:\documents and settings\All Users\Application Data\18dydK371.dat not found.
File/Folder c:\windows\System32\Drivers\dcvsthrq.sys not found.
File/Folder c:\windows\System32\Drivers\dqbmwxvz.sys not found.
File/Folder c:\windows\System32\Drivers\eovzzcmo.sys not found.
File/Folder c:\windows\System32\Drivers\ffseligy.sys not found.
File/Folder c:\windows\System32\Drivers\fwxmpdup.sys not found.
File/Folder c:\windows\System32\Drivers\gbzrhwbo.sys not found.
File/Folder c:\windows\System32\Drivers\gzgagndc.sys not found.
File/Folder c:\windows\System32\Drivers\jcaxwquq.sys not found.
File/Folder c:\windows\System32\Drivers\kbhaugwz.sys not found.
File/Folder c:\windows\System32\Drivers\mabnfayi.sys not found.
File/Folder c:\windows\System32\Drivers\mnqpuenj.sys not found.
File/Folder c:\windows\System32\Drivers\nxcateut.sys not found.
File/Folder c:\windows\System32\Drivers\qllhkily.sys not found.
File/Folder c:\windows\System32\Drivers\qqsxzuxu.sys not found.
File/Folder c:\windows\System32\Drivers\qzysskuj.sys not found.
File/Folder c:\windows\System32\Drivers\rejmzuut.sys not found.
File/Folder c:\windows\System32\Drivers\saafypwo.sys not found.
File/Folder c:\windows\System32\Drivers\sdfpoqol.sys not found.
File/Folder c:\windows\System32\Drivers\swxvqfgg.sys not found.
File/Folder c:\windows\System32\Drivers\syhwjfjd.sys not found.
File/Folder c:\windows\System32\Drivers\tgisafbh.sys not found.
File/Folder c:\windows\system32\drivers\udfpt.sys not found.
File/Folder c:\windows\System32\Drivers\vclixntg.sys not found.
File/Folder c:\windows\System32\Drivers\xzhvhxvi.sys not found.
File/Folder c:\windows\System32\Drivers\zfuuawsp.sys not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: admin
->Temp folder emptied: 144997 bytes
->Temporary Internet Files folder emptied: 385154597 bytes
->Java cache emptied: 78346408 bytes
->FireFox cache emptied: 133986062 bytes
->Flash cache emptied: 727 bytes

User: All Users

User: Andy
->Temp folder emptied: 1163399 bytes
->Temporary Internet Files folder emptied: 5708944 bytes
->Java cache emptied: 43404 bytes
->FireFox cache emptied: 41932457 bytes
->Flash cache emptied: 1362450 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41085 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 30924248 bytes
->Flash cache emptied: 816 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 14 bytes
->Flash cache emptied: 348 bytes

%systemdrive% .tmp files removed: 34144256 bytes
%systemroot% .tmp files removed: 199793 bytes
%systemroot%\System32 .tmp files removed: 3721233 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 277488 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 684.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.15.0 log created on 08032010_151447

Files moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#13
Rorschach112
Posted 04 August 2010 - 04:38 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
download a new copy of combofix, run that, post its log
  • 0

#14
skinnypig
Posted 04 August 2010 - 07:37 AM

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I had to run it from safe mode again, here's the log:
----------------------------

ComboFix 10-08-03.04 - admin 03/08/2010 18:06:33.2.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1757 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\svchost.com.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\documents and settings\All Users\Application Data\8kY6m125.exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\CyberLink\PowerStarter\PowerBar.exe
c:\program files\McAfee.com\VSO\oasclnt.exe
c:\program files\MultiScreen\MultiScreen.exe
c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
c:\windows\Tasks\At193.job
c:\windows\Tasks\At194.job
c:\windows\Tasks\At195.job

<pre>
c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate .exe --->c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe --->c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe --->c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\Common Files\Java\Java Update\jusched .exe --->c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\CyberLink\PowerStarter\PowerBar .exe --->c:\program files\CyberLink\PowerStarter\PowerBar.exe
c:\program files\McAfee.com\VSO\oasclnt .exe --->c:\program files\McAfee.com\VSO\oasclnt.exe
c:\program files\MultiScreen\MultiScreen .exe --->c:\program files\MultiScreen\MultiScreen.exe
c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan .exe --->c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
</pre>
.
.
((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
.

2010-08-03 17:04 . 2010-08-04 14:38 -------- d-----w- C:\32788R22FWJFW
2010-08-03 14:14 . 2010-08-03 14:14 -------- d-----w- C:\_OTM
2010-08-01 16:17 . 2010-08-01 16:17 -------- d-----w- C:\svchost.com19763s
2010-08-01 16:17 . 2010-08-01 16:17 -------- d-----w- C:\svchost.com
2010-07-30 08:30 . 2010-07-30 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-29 09:14 . 2010-07-29 09:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-14 16:33 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 13:16 . 2010-07-08 16:58 -------- d-----w- c:\program files\Multimedia Fusion 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 17:18 . 2009-07-15 17:54 -------- d-----w- c:\program files\MultiScreen
2010-08-03 16:41 . 2010-08-03 16:41 112 ----a-w- c:\documents and settings\All Users\Application Data\18dydK371.dat
2010-08-01 16:43 . 2009-06-05 19:54 -------- d-----w- c:\program files\QuickTime
2010-08-01 16:03 . 2009-10-17 23:53 -------- d-----w- c:\documents and settings\admin\Application Data\uTorrent
2010-08-01 09:17 . 2010-02-03 21:06 -------- d-----w- c:\documents and settings\admin\Application Data\vlc
2010-08-01 04:21 . 2007-03-26 18:44 -------- d-----w- c:\program files\Azureus
2010-07-31 09:05 . 2004-08-03 22:59 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-07-30 23:35 . 2008-07-25 19:43 32352 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-07-30 23:27 . 2005-09-09 22:03 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-07-30 23:09 . 2006-02-20 20:54 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-07-30 22:57 . 2008-07-25 19:43 38448 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-07-30 18:11 . 2004-10-27 15:21 36868 ----a-w- c:\windows\system32\HDAShCut.exe
2010-07-29 09:14 . 2006-10-02 16:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 21:30 . 2006-02-20 21:52 112520 -c--a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 17:03 . 2008-09-15 14:57 -------- d-----w- c:\program files\truespace6
2010-07-13 13:29 . 2008-12-03 19:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-07 13:18 . 2008-05-15 14:49 -------- d-----w- c:\documents and settings\admin\Application Data\Clickteam
2010-06-14 20:34 . 2010-06-14 20:34 50354 ----a-w- c:\documents and settings\admin\Application Data\Facebook\uninstall.exe
2010-06-14 20:34 . 2010-06-14 20:34 -------- d-----w- c:\documents and settings\admin\Application Data\Facebook
2010-06-14 14:31 . 2005-11-25 08:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 15:51 . 2010-06-11 15:51 3055600 ----a-w- c:\documents and settings\admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 15:36 . 2010-06-11 15:36 275952 ----a-w- c:\documents and settings\admin\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\admin\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-03 20:35 . 2010-06-03 20:35 503808 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76ab9d14-n\msvcp71.dll
2010-06-03 20:35 . 2010-06-03 20:35 499712 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76ab9d14-n\jmc.dll
2010-06-03 20:35 . 2010-06-03 20:35 348160 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-76ab9d14-n\msvcr71.dll
2010-06-03 20:35 . 2010-06-03 20:35 61440 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-132b1593-n\decora-sse.dll
2010-06-03 20:35 . 2010-06-03 20:35 12800 ----a-w- c:\documents and settings\admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-132b1593-n\decora-d3d.dll
2010-05-21 18:25 . 2010-07-29 09:15 212144 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2005-07-25 07:41 . 2005-05-26 02:17 110657 -c--a-w- c:\program files\Common Files\UninstallDrv.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2007-12-10 17:40 . 2007-12-10 17:40 6275816 -c--a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
<pre>
c:\program files\McAfee\SpamKiller\MSKAGE~1 .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\McAfee.com\Agent\MCUPDA~1 .exe
c:\program files\McAfee.com\Personal Firewall\MpfTray .exe
c:\program files\McAfee.com\VSO\mcmnhdlr .exe
c:\program files\McAfee.com\VSO\mcvsshld .exe
c:\windows\system32\HDAShCut .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-29 149040]
"uTorrent"="c:\program files\uTorrent\uTorrent .exe" [N/A]
"Google Update"="c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-10 133104]
"AdobeBridge"="" [N/A]
"PowerBar"="c:\program files\CyberLink\PowerStarter\PowerBar.exe" [2005-02-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="realsched.exe -osboot" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [N/A]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 53248]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"MPSExe"="c:\progra~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 296488]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\McUpdate.exe" [N/A]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [N/A]
"McafWelcome"="c:\program files\McAfee.com\Agent\mcwelcom.exe" [N/A]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-07 172032]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2010-07-30 36868]
"adiras"="adiras.exe" [N/A]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-02-22 114688]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-05-24 1226288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\admin\Start Menu\Programs\Startup\
2stez03.exe [2010-7-26 36352]
3ytz86g.exe [2010-7-30 43008]
3yy3alw.exe [2010-7-31 36352]
5njefk8.exe [2010-7-29 43008]
5q1ghm8.exe [2010-7-27 36352]
60rmns8.exe [2010-7-27 36352]
75s0jk6.exe [2010-7-26 36352]
91qbcxd.exe [2010-7-31 43008]
9tu0k3w.exe [2010-7-29 36352]
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2009-11-8 95232]
bxnnjzfaa6.exe [2010-7-31 43008]
bxnnjzzfa3w.exe [2010-7-27 43008]
dd66u81gr.exe [2010-7-26 36352]
dzppll66.exe [2010-7-29 43008]
fgbhcyyo1kl.exe [2010-7-31 43008]
g81sdzuka.exe [2010-7-30 43008]
gbsdytzk.exe [2010-7-31 43008]
hdd2jkf03w.exe [2010-7-29 36352]
hhdttp2lgg6.exe [2010-7-31 43008]
hid081kv.exe [2010-7-29 43008]
inyjkfvw.exe [2010-7-26 43008]
it1f5wc8.exe [2010-7-31 43008]
izppfq81.exe [2010-7-28 43008]
j0fk86mmdot.exe [2010-7-27 36352]
jepql03sty.exe [2010-7-29 43008]
jpzvqrc81i.exe [2010-7-26 36352]
k1abg81sde.exe [2010-7-27 36352]
kq6g87087.exe [2010-7-26 43008]
lq86c3y0zv.exe [2010-7-31 43008]
mxn60pklq8.exe [2010-7-28 36352]
n7ojkfvwrh.exe [2010-7-31 43008]
njj2pfgb.exe [2010-7-27 43008]
oeu15mmc.exe [2010-7-31 43008]
oj081q86.exe [2010-7-30 43008]
rsndezpqlmh.exe [2010-7-29 43008]
s6tupv60.exe [2010-7-31 43008]
sdotk97w5.exe [2010-7-30 36352]
t703a0bxx6.exe [2010-7-31 36352]
tt20kvwmx.exe [2010-7-28 36352]
u5b0w6ntez.exe [2010-7-29 36352]
ua6rhmdo.exe [2010-7-29 36352]
vgq3cs1oo.exe [2010-7-29 43008]
vwrhidtupfg.exe [2010-7-31 43008]
w0nyjup0.exe [2010-7-31 36352]
wcsty81k.exe [2010-7-30 36352]
xs1j70qqlm.exe [2010-7-29 36352]
yze86q81cn.exe [2010-7-26 36352]
zkv60ccni8.exe [2010-7-30 43008]
zz2fgb081.exe [2010-7-31 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 23:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-02-10 17:31 133104 ----atw- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 08:38 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 -c--a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-05-30 11:30 292136 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-05-24 17:38 1226288 ----a-w- c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-01-14 18:21 110744 -c--a-w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2005-02-17 14:18 110592 -c--a-w- c:\program files\CyberLink\PowerStarter\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
2001-05-24 16:00 94208 -c--a-w- c:\quickenw\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 14:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
c:\program files\Windows Media Player\WMPNSCFG.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
2004-06-08 18:33 69721 -c--a-w- c:\program files\CyberLink\PowerBackup\PBKScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\iView Media\\IVIEW_M.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Adobe\\After Effects 6.0\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dllcache\\iexplore.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19820:UDP"= 19820:UDP:azureus
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"14786:TCP"= 14786:TCP:spport
"11054:TCP"= 11054:TCP:spport
"16001:TCP"= 16001:TCP:spport
"21750:TCP"= 21750:TCP:spport
"28045:TCP"= 28045:TCP:spport
"29667:TCP"= 29667:TCP:spport
"21941:TCP"= 21941:TCP:spport
"23302:TCP"= 23302:TCP:spport
"13842:TCP"= 13842:TCP:spport
"20543:TCP"= 20543:TCP:spport

R0 DRVMCDB;DRVMCDB;c:\windows\system32\drivers\DRVMCDB.SYS [24/06/2009 21:11 89264]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [25/07/2008 20:43 38448]
R1 DLACDBHM;DLACDBHM;c:\windows\system32\drivers\DLACDBHM.SYS [24/06/2009 21:11 5660]
R1 DLARTL_N;DLARTL_N;c:\windows\system32\drivers\DLARTL_N.SYS [24/06/2009 21:11 22684]
R1 NCPro;NCPro;c:\windows\system32\drivers\MTictwl.sys [15/07/2009 18:52 13312]
R3 Afc;PPdus ASPI Shell;c:\windows\system32\drivers\afc.sys [18/09/2008 14:08 11776]
R3 MTsensor;ATK0110 ACPI UTILITY;c:\windows\system32\drivers\ASACPI.sys [25/11/2005 17:40 5810]
S1 StarOpen;StarOpen;c:\windows\system32\drivers\StarOpen.sys [23/10/2008 19:59 5632]
S1 Uim_IM;UIM Drive Backup Image Plugin;c:\windows\system32\drivers\Uim_IM.sys [25/07/2008 20:43 131456]
S1 UimBus;Universal Image Mounter Controller;c:\windows\system32\drivers\UimBus.sys [25/07/2008 20:43 32352]
S2 ADILOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [21/02/2006 17:53 50007]
S2 Apple Mobile Device;Apple Mobile Device;c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [29/05/2009 13:41 144712]
S2 ASWLSVC;ASWLSVC;c:\windows\system32\ASWLSVC.exe [17/02/2006 11:59 496640]
S2 BthServ;Bluetooth Support Service;c:\windows\system32\svchost.exe -k bthsvcs [09/09/2005 23:03 14336]
S2 CLCapSvc;CyberLink Background Capture Service (CBCS);c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [25/11/2005 10:17 172153]
S2 CLSched;CyberLink Task Scheduler (CTS);c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [25/11/2005 10:17 110711]
S2 CyberLink Media Library Service;CyberLink Media Library Service;c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [25/11/2005 10:17 24576]
S2 DLABOIOM;DLABOIOM;c:\windows\system32\DLA\DLABOIOM.SYS [24/06/2009 21:11 25724]
S2 DLADResN;DLADResN;c:\windows\system32\DLA\DLADResN.SYS [24/06/2009 21:11 2496]
S2 DLAIFS_M;DLAIFS_M;c:\windows\system32\DLA\DLAIFS_M.SYS [24/06/2009 21:11 86844]
S2 DLAOPIOM;DLAOPIOM;c:\windows\system32\DLA\DLAOPIOM.SYS [24/06/2009 21:11 14716]
S2 DLAPoolM;DLAPoolM;c:\windows\system32\DLA\DLAPoolM.SYS [24/06/2009 21:11 6364]
S2 DLAUDF_M;DLAUDF_M;c:\windows\system32\DLA\DLAUDF_M.SYS [24/06/2009 21:11 88476]
S2 DLAUDFAM;DLAUDFAM;c:\windows\system32\DLA\DLAUDFAM.SYS [24/06/2009 21:11 94460]
S2 DRVNDDM;DRVNDDM;c:\windows\system32\drivers\DRVNDDM.SYS [24/06/2009 21:11 40544]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [25/02/2010 10:43 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [25/02/2010 10:43 162936]
S2 Fax;Fax;c:\windows\system32\fxssvc.exe [25/11/2005 10:03 267776]
S2 gupdate1c9907df6b45076;Google Update Service (gupdate1c9907df6b45076);c:\program files\Google\Update\GoogleUpdate.exe [16/02/2009 22:31 133104]
S2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [26/11/2009 14:29 153376]
S2 MagicTuneEngine;MagicTuneEngine;c:\program files\MagicTune Premium\MagicTuneEngine.exe [15/07/2009 18:52 45056]
S2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [22/02/2006 18:17 34712]
S2 MskService;McAfee SpamKiller Server;c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe [21/02/2006 18:05 963072]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [29/08/2008 15:20 935208]
S2 NVSvc;NVIDIA Display Driver Service;c:\windows\system32\nvsvc32.exe [10/10/2005 22:49 131139]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [27/01/2010 22:05 90112]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service;c:\windows\system32\IoctlSvc.exe [16/09/2005 18:05 53248]
S3 adiusbaw;USB ADSL WAN Adapter;c:\windows\system32\drivers\adiusbaw.sys [21/02/2006 17:53 127065]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [17/02/2006 11:59 16269]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [28/02/2009 13:24 16512]
S3 Avc;AVC Device;c:\windows\system32\drivers\avc.sys [23/02/2006 20:22 38912]
S3 AVCSTRM;AVC Streaming Filter Driver;c:\windows\system32\drivers\avcstrm.sys [08/05/2008 11:24 13696]
S3 BthEnum;Bluetooth Request Block Driver;c:\windows\system32\drivers\bthenum.sys [13/08/2008 17:50 17024]
S3 BthPan;Bluetooth Device (Personal Area Network);c:\windows\system32\drivers\bthpan.sys [13/08/2008 17:51 101120]
S3 BTHPORT;Bluetooth Port Driver;c:\windows\system32\drivers\bthport.sys [11/06/2008 12:54 272128]
S3 BTHUSB;Bluetooth Radio USB Driver;c:\windows\system32\drivers\bthusb.sys [13/08/2008 17:50 18944]
S3 DTV_Capture_2X0;DVB-T Receiver;c:\windows\system32\drivers\DTV_Capture_2X0.sys [21/02/2006 19:01 18432]
S3 DTV_Loader_2X1;DVB-T Loader;c:\windows\system32\drivers\DTV_Loader_2X1.sys [21/02/2006 19:01 19328]
S3 FINEPIX_PCC;FinePix Digital Camera 020717;c:\windows\system32\drivers\V4CB011D.SYS [07/05/2002 10:44 81700]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [17/09/2007 17:59 655624]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18/03/2010 21:41 13224]
S3 ggsemc;SEMC USB Flash Driver;c:\windows\system32\drivers\ggsemc.sys [18/03/2010 21:41 25512]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\Hdaudio.sys [27/10/2004 16:21 145920]
S3 MagicTune;MagicTune;c:\windows\system32\drivers\MTictwl.sys [15/07/2009 18:52 13312]
S3 MSDV;Microsoft DV Camera and VCR;c:\windows\system32\drivers\msdv.sys [23/02/2006 20:23 51200]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device;c:\windows\system32\drivers\mstape.sys [08/05/2008 11:24 49024]
S3 NdisIP;Microsoft TV/Video Connection;c:\windows\system32\drivers\ndisip.sys [21/02/2006 19:02 10880]
S3 NMIndexingService;NMIndexingService;c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe [29/05/2007 20:41 271920]
S3 nuvvid2;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [07/08/2006 19:23 147872]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);c:\windows\system32\drivers\rfcomm.sys [13/08/2008 17:50 59136]
S3 RT73;RT73 USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt73.sys --> c:\windows\system32\DRIVERS\rt73.sys [?]
S3 rtl8185;802.11g Wireless LAN PCI Card Driver;c:\windows\system32\drivers\rtl8185.sys [15/10/2007 17:45 282240]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [25/01/2009 17:11 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [25/01/2009 17:11 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [25/01/2009 17:11 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [25/01/2009 17:11 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [25/01/2009 17:11 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [25/01/2009 17:11 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [25/01/2009 17:11 110120]
S3 SLIP;BDA Slip De-Framer;c:\windows\system32\drivers\slip.sys [21/02/2006 19:02 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\drivers\ss_bus.sys [17/12/2006 21:27 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\drivers\ss_mdfl.sys [05/04/2007 20:49 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\drivers\ss_mdm.sys [05/04/2007 20:49 94000]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [05/06/2009 20:52 39424]
S3 usbvideo;USB Video Device (WDM);c:\windows\system32\drivers\usbvideo.sys [27/08/2008 10:01 121984]
S3 VC4CB104;USB PC Camera;c:\windows\system32\drivers\VC4CB104.SYS [19/07/2009 18:23 81924]
S3 W8100PCI;Marvell Libertas 802.11b/g Driver for Windows XP;c:\windows\system32\drivers\mrv8k51.sys [08/06/2005 18:51 311936]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [17/02/2006 11:59 258560]
S3 Wdf01000;Kernel Mode Driver Frameworks service;c:\windows\system32\drivers\wdf01000.sys [27/03/2008 16:27 503008]
S3 WinUSB;WinUSB PTPIO Driver;c:\windows\system32\drivers\winusb.sys [02/11/2006 07:00 39368]
S3 WpdUsb;WpdUsb;c:\windows\system32\drivers\wpdusb.sys [28/01/2005 14:44 38528]
S4 agpCPQ;Compaq AGP Bus Filter;c:\windows\system32\drivers\agpcpq.sys [25/11/2005 10:48 44928]
S4 fasttx2k;fasttx2k;c:\windows\system32\drivers\Fasttx2k.sys [09/09/2005 23:04 159744]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [25/11/2005 17:44 85888]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [25/11/2005 17:44 51840]
S4 viamraid;viamraid;c:\windows\system32\drivers\viamraid.sys [09/09/2005 23:04 73600]
.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 21:31]

2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 21:31]

2010-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006Core.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 17:31]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-844380032-2981759145-68477085-1006UA.job
- c:\documents and settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mWindow Title = Tiscali Internet Access
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\mclsp.dll
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://authenticate.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\mtzxz5mg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\documents and settings\admin\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\admin\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\windows\system32\Clickteam\Vitalize\v4\npcnc32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"crypt32.dll"
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=expand:"cryptnet.dll"
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
@DACL=(02 0000)
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
@DACL=(02 0000)
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=expand:"sclgntfy.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
@DACL=(02 0000)
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
@DACL=(02 0000)
"Asynchronous"=dword:00000000
"DllName"=expand:"wlnotify.dll"
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
@DACL=(02 0000)
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
Completion time: 2010-08-03 18:21:20
ComboFix-quarantined-files.txt 2010-08-03 17:21
ComboFix2.txt 2010-08-01 17:01

Pre-Run: 10,919,186,432 bytes free
Post-Run: 10,898,259,968 bytes free

- - End Of File - - 26226AFCFCEED9E2E204954B8CA93917
  • 0

#15
Rorschach112
Posted 04 August 2010 - 03:13 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.



* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP