Help!! Micosoft.Windows.RedirectedHosts & Fraud.WindowsProtectionSuite

Status
Not open for further replies.
No further symptoms and Google now appears to be running fine. Did encounter the same 2 eror messages when running RSIT and a new one as follows:

An unexpected error has occurred at procedure: modMain_FixUNIXHostsFile()error#75-path/file access error

Windows version: Windows NT 5.01.2600
MSIE version: 8.0.6001.18702
HijackThis version: 2.0.4

logs to follow.
 
2010/08/25 21:41:11.0109 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/25 21:41:11.0109 ================================================================================
2010/08/25 21:41:11.0109 SystemInfo:
2010/08/25 21:41:11.0109
2010/08/25 21:41:11.0109 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/25 21:41:11.0109 Product type: Workstation
2010/08/25 21:41:11.0109 ComputerName: OWNER
2010/08/25 21:41:11.0109 UserName: Deedee
2010/08/25 21:41:11.0109 Windows directory: C:\WINDOWS
2010/08/25 21:41:11.0109 System windows directory: C:\WINDOWS
2010/08/25 21:41:11.0109 Processor architecture: Intel x86
2010/08/25 21:41:11.0109 Number of processors: 2
2010/08/25 21:41:11.0109 Page size: 0x1000
2010/08/25 21:41:11.0109 Boot type: Normal boot
2010/08/25 21:41:11.0109 ================================================================================
2010/08/25 21:41:11.0875 Initialize success
2010/08/25 21:41:26.0453 ================================================================================
2010/08/25 21:41:26.0453 Scan started
2010/08/25 21:41:26.0453 Mode: Manual;
2010/08/25 21:41:26.0453 ================================================================================
2010/08/25 21:41:29.0140 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/25 21:41:29.0312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/25 21:41:29.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/25 21:41:30.0046 AF15BDA (25e12313338e476293178bcae4d6f4e2) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
2010/08/25 21:41:30.0906 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/25 21:41:32.0109 AR5416 (7d53e5646ba23fd51296f7ef8979a000) C:\WINDOWS\system32\DRIVERS\athw.sys
2010/08/25 21:41:32.0875 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
2010/08/25 21:41:33.0406 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/25 21:41:33.0609 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/25 21:41:33.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/25 21:41:33.0953 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/25 21:41:34.0140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/25 21:41:34.0531 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
2010/08/25 21:41:34.0968 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/08/25 21:41:35.0453 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/08/25 21:41:35.0984 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/08/25 21:41:36.0406 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/08/25 21:41:37.0093 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/08/25 21:41:38.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/25 21:41:38.0343 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/25 21:41:38.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/25 21:41:38.0796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/25 21:41:38.0906 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/25 21:41:39.0046 cfwids (44e4a7dded054dd55ae995c3aed719ae) C:\WINDOWS\system32\drivers\cfwids.sys
2010/08/25 21:41:39.0546 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/25 21:41:40.0046 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/25 21:41:40.0859 Disk (6e335dc15b855129b679c2bce59e52dc) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/25 21:41:40.0859 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: 6e335dc15b855129b679c2bce59e52dc, Fake md5: 044452051f3e02e7963599fc8f4f3e25
2010/08/25 21:41:40.0921 Disk - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/25 21:41:41.0125 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/25 21:41:41.0406 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/25 21:41:41.0531 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/25 21:41:41.0687 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/25 21:41:41.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/25 21:41:42.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/25 21:41:42.0218 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/25 21:41:42.0328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/25 21:41:42.0437 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/25 21:41:42.0578 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/25 21:41:42.0656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/25 21:41:42.0812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/25 21:41:42.0921 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/25 21:41:43.0296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/25 21:41:43.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/25 21:41:43.0593 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/25 21:41:43.0906 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/25 21:41:44.0234 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/25 21:41:44.0750 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/08/25 21:41:45.0656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/25 21:41:46.0203 IntcAzAudAddService (12a9dafe2266b6fa6ddbce1847347751) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/25 21:41:46.0843 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/25 21:41:46.0921 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/25 21:41:47.0000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/25 21:41:47.0125 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/25 21:41:47.0203 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/25 21:41:47.0359 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/25 21:41:47.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/25 21:41:47.0609 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/25 21:41:47.0718 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/25 21:41:47.0921 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/25 21:41:48.0015 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/25 21:41:48.0171 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/25 21:41:48.0296 Ktp (d1669c3eb818b4264be85fb7705acfc8) C:\WINDOWS\system32\DRIVERS\ETD.sys
2010/08/25 21:41:48.0859 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2010/08/25 21:41:49.0250 mfeapfk (b77e959e1c50d3e3a9d9ef423be62e09) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/08/25 21:41:49.0578 mfeavfk (e84596fcb591117f5597498a5f82ad97) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/08/25 21:41:50.0015 mfebopk (d40ce01e2d3fe0c079cd2d6b3e4b823b) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/08/25 21:41:50.0390 mfefirek (3962c6a9e35c4319dcdab0497614fd69) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/08/25 21:41:50.0890 mfehidk (e7ecf7872bf8f2897ae5a696d908c2f7) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/08/25 21:41:51.0343 mfendisk (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/08/25 21:41:51.0703 mfendiskmp (554dbbdc8c3b4f380b21269239bd29bb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/08/25 21:41:51.0828 mferkdet (e411594ac94baef7f8ea991cc8f47fd1) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/08/25 21:41:52.0312 mfetdi2k (1bfe4c4ccf8cd2d7deaffb424e691196) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/08/25 21:41:52.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/25 21:41:53.0078 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys
2010/08/25 21:41:53.0937 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/25 21:41:54.0093 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/25 21:41:54.0265 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/25 21:41:54.0500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/25 21:41:54.0671 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/08/25 21:41:54.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/25 21:41:55.0171 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/25 21:41:55.0390 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/25 21:41:55.0625 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/25 21:41:55.0812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/25 21:41:56.0015 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/25 21:41:56.0359 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/25 21:41:56.0437 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/25 21:41:56.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/25 21:41:56.0750 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/25 21:41:56.0875 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/25 21:41:57.0000 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/25 21:41:57.0125 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/25 21:41:57.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/25 21:41:57.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/25 21:41:57.0640 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/25 21:41:57.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/25 21:41:58.0031 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/25 21:41:58.0218 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/25 21:41:58.0375 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/25 21:41:58.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/25 21:41:58.0937 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/25 21:41:59.0015 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/25 21:41:59.0234 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/25 21:41:59.0375 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/25 21:41:59.0531 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/25 21:41:59.0671 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/25 21:41:59.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/25 21:41:59.0953 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/25 21:42:00.0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/25 21:42:00.0640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/25 21:42:00.0765 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/25 21:42:00.0859 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/25 21:42:01.0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/25 21:42:01.0468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/25 21:42:01.0593 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/25 21:42:01.0750 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/25 21:42:01.0843 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/25 21:42:01.0984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/25 21:42:02.0218 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/25 21:42:02.0468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/25 21:42:02.0718 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/08/25 21:42:03.0562 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/08/25 21:42:04.0093 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/08/25 21:42:04.0500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/25 21:42:04.0750 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/25 21:42:05.0109 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/25 21:42:05.0375 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/25 21:42:05.0656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/25 21:42:05.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/25 21:42:06.0000 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/25 21:42:06.0250 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/25 21:42:06.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/25 21:42:06.0593 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/25 21:42:07.0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/25 21:42:07.0328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/25 21:42:07.0484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/25 21:42:07.0578 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/25 21:42:07.0703 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/25 21:42:07.0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/25 21:42:08.0437 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/25 21:42:08.0640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/25 21:42:08.0828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/25 21:42:08.0921 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/25 21:42:09.0031 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/25 21:42:09.0140 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/25 21:42:09.0312 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/25 21:42:09.0468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/25 21:42:09.0671 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/25 21:42:09.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/25 21:42:10.0296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/25 21:42:10.0812 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/25 21:42:11.0000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/25 21:42:11.0125 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/25 21:42:11.0390 ================================================================================
2010/08/25 21:42:11.0390 Scan finished
2010/08/25 21:42:11.0390 ================================================================================
2010/08/25 21:42:11.0453 Detected object count: 1
2010/08/25 21:51:54.0609 Disk (6e335dc15b855129b679c2bce59e52dc) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/25 21:51:54.0609 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: 6e335dc15b855129b679c2bce59e52dc, Fake md5: 044452051f3e02e7963599fc8f4f3e25
2010/08/25 21:51:58.0078 Backup copy found, using it..
2010/08/25 21:51:58.0093 C:\WINDOWS\system32\DRIVERS\disk.sys - will be cured after reboot
2010/08/25 21:51:58.0093 Rootkit.Win32.TDSS.tdl3(Disk) - User select action: Cure
2010/08/25 21:52:14.0593 Deinitialize success
 
RSIT log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Deedee at 2010-08-25 22:05:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 67 GB (79%) free of 85 GB
Total RAM: 1015 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:06:23, on 25/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Deedee\Desktop\RSIT.exe
C:\Program Files\trend micro\Deedee.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100731192535.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Bug Manager V4] C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe
O4 - HKLM\..\Run: [Lbusasufoli] rundll32.exe "C:\WINDOWS\efoqajete.dll",Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Bug Manager V4.lnk = C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 13913 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{30E0F160-5D42-4292-9210-FE4B90C69281}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100731192535.dll [2010-05-31 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\progra~1\mcafee\sitead~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\progra~1\mcafee\sitead~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-12-04 114688]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-12-18 622592]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-11-24 329728]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-18 16855040]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-26 236016]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1193848]
"Bug Manager V4"=C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe [2010-06-01 88064]
"Lbusasufoli"=C:\WINDOWS\efoqajete.dll [2008-04-14 187904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Bug Manager V4.lnk - C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Deedee\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-12 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2010-08-25 21:58:18 ----D---- C:\WINDOWS\LastGood
2010-08-25 21:41:11 ----A---- C:\TDSSKiller.2.4.1.2_25.08.2010_21.41.11_log.txt
2010-08-25 11:41:41 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-24 21:57:10 ----D---- C:\Program Files\trend micro
2010-08-24 21:57:08 ----D---- C:\rsit
2010-08-24 21:03:50 ----D---- C:\Documents and Settings\Deedee\Application Data\Malwarebytes
2010-08-24 21:03:28 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-24 21:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-24 21:03:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-24 21:03:24 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-15 18:57:16 ----D---- C:\WINDOWS\ERDNT
2010-08-15 18:56:34 ----D---- C:\Program Files\ERUNT
2010-08-08 02:50:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-08 02:50:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-03 23:06:04 ----D---- C:\Documents and Settings\Deedee\Application Data\Fitbug
2010-08-03 23:02:41 ----A---- C:\WINDOWS\Bug Manager V4 Uninstaller.exe
2010-07-31 14:45:23 ----D---- C:\Program Files\McAfeeMOBK
2010-07-31 14:45:09 ----A---- C:\WINDOWS\system32\drivers\MOBK.sys
2010-07-31 14:45:02 ----D---- C:\Program Files\McAfee Online Backup
2010-07-31 14:42:37 ----A---- C:\WINDOWS\system32\drivers\mfeclnk.sys
2010-07-29 23:18:49 ----D---- C:\Program Files\iTunes
2010-07-29 23:18:49 ----D---- C:\Program Files\iPod
2010-07-29 23:18:32 ----D---- C:\Program Files\Apple Software Update
2010-07-29 23:17:27 ----D---- C:\Program Files\Bonjour
2010-07-29 23:15:42 ----D---- C:\Program Files\QuickTime
2010-07-29 23:11:15 ----D---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-08-25 22:05:24 ----D---- C:\WINDOWS\Temp
2010-08-25 22:05:00 ----HD---- C:\WINDOWS\inf
2010-08-25 21:58:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-25 21:58:18 ----D---- C:\WINDOWS
2010-08-25 21:54:18 ----D---- C:\Documents and Settings\Deedee\Application Data\Skype
2010-08-25 21:53:05 ----D---- C:\WINDOWS\system32\drivers
2010-08-25 21:52:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-25 20:03:44 ----D---- C:\WINDOWS\system32
2010-08-25 18:49:22 ----D---- C:\Documents and Settings\Deedee\Application Data\skypePM
2010-08-25 00:30:32 ----SHD---- C:\WINDOWS\Installer
2010-08-25 00:30:22 ----D---- C:\Program Files\Java
2010-08-25 00:30:21 ----D---- C:\Program Files\Common Files
2010-08-25 00:27:29 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2010-08-25 00:26:02 ----RD---- C:\Program Files
2010-08-25 00:23:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-25 00:23:47 ----D---- C:\Program Files\Common Files\Adobe
2010-08-24 21:47:09 ----D---- C:\WINDOWS\Prefetch
2010-08-24 21:44:24 ----D---- C:\WINDOWS\Cursors
2010-08-15 10:37:58 ----D---- C:\WINDOWS\system32\drivers\etc
2010-07-31 19:25:10 ----D---- C:\Program Files\Common Files\McAfee
2010-07-31 16:56:29 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-07-31 14:45:32 ----D---- C:\Program Files\McAfee
2010-07-31 14:45:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-31 14:17:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-31 14:17:12 ----SD---- C:\WINDOWS\Tasks
2010-07-29 23:32:24 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-29 23:21:22 ----D---- C:\WINDOWS\system32\config
2010-07-29 23:21:06 ----D---- C:\WINDOWS\system32\wbem
2010-07-29 23:21:05 ----D---- C:\WINDOWS\Registration
2010-07-29 23:20:45 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-07-29 23:20:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-29 23:20:30 ----DC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-29 23:20:28 ----DC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-29 23:20:24 ----DC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-29 23:20:18 ----D---- C:\Program Files\Internet Explorer
2010-07-29 23:20:13 ----DC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-29 23:19:51 ----DC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-29 23:18:49 ----D---- C:\Program Files\Common Files\Apple
2010-07-29 23:17:26 ----D---- C:\Program Files\Bonjour(2)
2010-07-29 23:17:17 ----D---- C:\Program Files\Apple Software Update(2)
2010-07-29 23:17:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-07-29 23:12:50 ----DC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-29 23:10:46 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-05-31 385880]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-01 43528]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-05-31 82952]
R1 MOBKFilter;MOBKFilter; C:\WINDOWS\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-19 1326528]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-19 991656]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-19 47272]
R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-05-31 55456]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-18 4816896]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-11-27 25216]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-05-31 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-05-31 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-05-31 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-05-31 312616]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-05-31 88480]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-08-27 300544]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-05-31 88480]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-05-31 83496]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-09-02 346720]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-05-31 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
R2 MOBKbackup;McAfee Online Backup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-26 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-26 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-26 1108464]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
 
Hi. :)

One of the infections we have been dealing with is what is known as a Root-Kit. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please do not be overtly alarmed by the above statement but merely view it as myself ensuring your online safety. However please be prepared if I deem continuing the malware removal process a waste of both my time and yours if I am unable to both identify and eradicate all malware, I will strongly advise a reformat and reinstallation of the Windows operating system as the most prudent course of action.

Lets proceed as follows shall we:-

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.
Click to expand...
Please include the C:\ComboFix.txt in your next reply for further review.
Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
  • A new HijackThis Log.
 
Still appears to be running fine. RSIT ran without any problems (at last!) No other symptoms at present. Logs follow:

ComboFix 10-08-24.0C - Deedee 26/08/2010 1:12.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.476 [GMT 1:00]
Running from: c:\documents and settings\Deedee\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Deedee\Local Settings\Application Data\{A32F36EE-5661-4BDE-9492-A4BEBE6F4EE8}
c:\documents and settings\Deedee\Local Settings\Application Data\{A32F36EE-5661-4BDE-9492-A4BEBE6F4EE8}\chrome.manifest
c:\documents and settings\Deedee\Local Settings\Application Data\{A32F36EE-5661-4BDE-9492-A4BEBE6F4EE8}\chrome\content\_cfg.js
c:\documents and settings\Deedee\Local Settings\Application Data\{A32F36EE-5661-4BDE-9492-A4BEBE6F4EE8}\chrome\content\overlay.xul
c:\documents and settings\Deedee\Local Settings\Application Data\{A32F36EE-5661-4BDE-9492-A4BEBE6F4EE8}\install.rdf
c:\documents and settings\Deedee\Recent\gid.tmp
c:\documents and settings\Deedee\Recent\ppal.tmp
c:\documents and settings\NetworkService\Application Data\alot
c:\windows\efoqajete.dll
c:\windows\system32\config\systemprofile\Application Data\alot
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-25 20:58 . 2010-08-25 20:58 -------- d-----w- c:\windows\LastGood
2010-08-24 20:57 . 2010-08-25 21:05 -------- d-----w- c:\program files\trend micro
2010-08-24 20:57 . 2010-08-25 21:06 -------- d-----w- C:\rsit
2010-08-24 20:04 . 2010-08-25 23:58 0 ----a-w- c:\windows\Pqejo.bin
2010-08-24 20:04 . 2010-08-25 23:58 120 ----a-w- c:\windows\Opirohugewu.dat
2010-08-24 20:03 . 2010-08-24 20:03 -------- d-----w- c:\documents and settings\Deedee\Application Data\Malwarebytes
2010-08-24 20:03 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 20:03 . 2010-08-24 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-24 20:03 . 2010-08-24 20:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 20:03 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-22 13:43 . 2010-08-22 13:43 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-22 13:43 . 2010-08-22 13:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Live Writer
2010-08-15 17:56 . 2010-08-15 17:56 -------- d-----w- c:\program files\ERUNT
2010-08-08 01:50 . 2010-08-15 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-08 01:50 . 2010-08-08 01:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-03 22:06 . 2010-08-03 22:06 -------- d-----w- c:\documents and settings\Deedee\Application Data\Fitbug
2010-08-03 22:02 . 2010-08-03 22:02 123139 ----a-w- c:\windows\Bug Manager V4 Uninstaller.exe
2010-07-31 13:45 . 2010-07-31 13:45 -------- d-----w- c:\program files\McAfeeMOBK
2010-07-31 13:45 . 2010-04-13 19:10 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-07-31 13:45 . 2010-07-31 13:45 -------- d-----w- c:\program files\McAfee Online Backup
2010-07-31 13:42 . 2010-05-31 19:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-07-29 22:21 . 2010-07-29 22:21 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-29 22:18 . 2010-07-29 22:19 -------- d-----w- c:\program files\iTunes
2010-07-29 22:18 . 2010-07-29 22:18 -------- d-----w- c:\program files\iPod
2010-07-29 22:18 . 2010-07-29 22:18 -------- d-----w- c:\program files\Apple Software Update
2010-07-29 22:17 . 2010-07-29 22:17 -------- d-----w- c:\program files\Bonjour
2010-07-29 22:15 . 2010-07-29 22:17 -------- d-----w- c:\program files\QuickTime
2010-07-29 21:18 . 2010-08-25 19:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-29 21:05 . 2010-07-29 21:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 23:04 . 2009-12-09 21:44 -------- d-----w- c:\documents and settings\Deedee\Application Data\skypePM
2010-08-25 20:54 . 2009-12-09 21:54 -------- d-----w- c:\documents and settings\Deedee\Application Data\Skype
2010-08-25 20:53 . 2008-04-14 00:10 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2010-08-24 23:30 . 2009-01-08 08:53 -------- d-----w- c:\program files\Java
2010-08-24 23:27 . 2010-03-14 14:24 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-08-24 23:23 . 2009-01-08 08:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-31 18:25 . 2009-07-28 19:41 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-31 15:56 . 2009-07-28 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-31 13:45 . 2009-07-28 19:41 -------- d-----w- c:\program files\McAfee
2010-07-29 22:20 . 2009-07-31 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-29 22:18 . 2009-10-03 21:36 -------- d-----w- c:\program files\Common Files\Apple
2010-07-29 22:17 . 2010-07-04 23:31 -------- d-----w- c:\program files\Bonjour(2)
2010-07-29 22:17 . 2010-07-04 23:33 -------- d-----w- c:\program files\Apple Software Update(2)
2010-07-29 22:17 . 2009-10-03 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-07-04 23:41 . 2010-07-04 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-12 10:08 . 2009-07-28 06:21 109976 ----a-w- c:\documents and settings\Deedee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-31 19:32 . 2010-05-31 19:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-05-31 19:32 . 2010-05-31 19:32 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-05-31 19:32 . 2010-04-25 08:05 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-31 19:32 . 2010-04-25 08:05 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-31 19:32 . 2010-04-25 08:05 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-31 19:32 . 2010-04-25 08:05 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-31 19:32 . 2010-04-25 08:05 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-05-31 19:32 . 2010-04-25 08:05 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-05-31 19:32 . 2010-04-25 08:05 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2008-05-07 08:34 . 2009-01-08 08:47 15523560 ----a-w- c:\program files\U1 Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-18 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-11-24 329728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-18 16855040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-26 236016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-24 1193848]
"Bug Manager V4"="c:\program files\Fitbug Limited\Bug Manager V4\bugmanager.exe" [2010-06-01 88064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Deedee\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
Bug Manager V4.lnk - c:\program files\Fitbug Limited\Bug Manager V4\bugmanager.exe [2010-6-13 88064]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-1-8 376832]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 16:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [25/04/2010 09:05 82952]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [31/07/2010 14:45 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [31/07/2010 14:45 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [31/07/2010 14:42 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [31/07/2010 14:42 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [31/07/2010 14:42 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [31/07/2010 14:42 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [13/04/2010 20:11 229688]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [25/04/2010 09:05 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [25/04/2010 09:05 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [25/04/2010 09:05 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [25/04/2010 09:05 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [25/04/2010 09:05 83496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2010-08-26 c:\windows\Tasks\User_Feed_Synchronization-{30E0F160-5D42-4292-9210-FE4B90C69281}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Lbusasufoli - c:\windows\efoqajete.dll
SafeBoot-klmdb.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 01:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-08-26 01:40:34
ComboFix-quarantined-files.txt 2010-08-26 00:40

Pre-Run: 70,049,873,920 bytes free
Post-Run: 71,135,846,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F1838E74FC53BF3E98E96531B14CF013
 
RSIT log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Deedee at 2010-08-26 02:05:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 68 GB (80%) free of 85 GB
Total RAM: 1015 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:06:15, on 26/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Deedee\Desktop\RSIT.exe
C:\Program Files\trend micro\Deedee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100731192535.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Bug Manager V4] C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Bug Manager V4.lnk = C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 12748 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{30E0F160-5D42-4292-9210-FE4B90C69281}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100731192535.dll [2010-05-31 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\progra~1\mcafee\sitead~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\progra~1\mcafee\sitead~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-12-04 114688]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-12-18 622592]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-11-24 329728]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-18 16855040]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-26 236016]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1193848]
"Bug Manager V4"=C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe [2010-06-01 88064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Bug Manager V4.lnk - C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Deedee\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-12 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2010-08-26 01:40:36 ----A---- C:\ComboFix.txt
2010-08-26 01:11:24 ----A---- C:\Boot.bak
2010-08-26 01:11:18 ----RASHD---- C:\cmdcons
2010-08-26 01:07:17 ----A---- C:\WINDOWS\zip.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\SWSC.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\SWREG.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\sed.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\PEV.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\MBR.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\grep.exe
2010-08-26 01:06:32 ----D---- C:\Qoobox
2010-08-25 21:58:18 ----D---- C:\WINDOWS\LastGood
2010-08-25 21:41:11 ----A---- C:\TDSSKiller.2.4.1.2_25.08.2010_21.41.11_log.txt
2010-08-25 11:41:41 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-24 21:57:10 ----D---- C:\Program Files\trend micro
2010-08-24 21:57:08 ----D---- C:\rsit
2010-08-24 21:03:50 ----D---- C:\Documents and Settings\Deedee\Application Data\Malwarebytes
2010-08-24 21:03:28 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-24 21:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-24 21:03:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-24 21:03:24 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-15 18:57:16 ----D---- C:\WINDOWS\ERDNT
2010-08-15 18:56:34 ----D---- C:\Program Files\ERUNT
2010-08-08 02:50:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-08 02:50:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-03 23:06:04 ----D---- C:\Documents and Settings\Deedee\Application Data\Fitbug
2010-08-03 23:02:41 ----A---- C:\WINDOWS\Bug Manager V4 Uninstaller.exe
2010-07-31 14:45:23 ----D---- C:\Program Files\McAfeeMOBK
2010-07-31 14:45:09 ----A---- C:\WINDOWS\system32\drivers\MOBK.sys
2010-07-31 14:45:02 ----D---- C:\Program Files\McAfee Online Backup
2010-07-31 14:42:37 ----A---- C:\WINDOWS\system32\drivers\mfeclnk.sys
2010-07-29 23:18:49 ----D---- C:\Program Files\iTunes
2010-07-29 23:18:49 ----D---- C:\Program Files\iPod
2010-07-29 23:18:32 ----D---- C:\Program Files\Apple Software Update
2010-07-29 23:17:27 ----D---- C:\Program Files\Bonjour
2010-07-29 23:15:42 ----D---- C:\Program Files\QuickTime
2010-07-29 23:11:15 ----D---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-08-26 02:05:49 ----D---- C:\WINDOWS\Temp
2010-08-26 01:36:58 ----D---- C:\WINDOWS
2010-08-26 01:36:58 ----A---- C:\WINDOWS\system.ini
2010-08-26 01:36:39 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-26 01:20:08 ----D---- C:\WINDOWS\system32
2010-08-26 01:16:26 ----D---- C:\WINDOWS\system32\drivers
2010-08-26 01:16:26 ----D---- C:\WINDOWS\AppPatch
2010-08-26 01:16:19 ----D---- C:\Program Files\Common Files
2010-08-26 01:12:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-26 01:11:24 ----RASH---- C:\boot.ini
2010-08-26 01:08:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-26 00:09:13 ----HD---- C:\WINDOWS\inf
2010-08-26 00:08:38 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-26 00:04:49 ----D---- C:\Documents and Settings\Deedee\Application Data\skypePM
2010-08-25 21:54:18 ----D---- C:\Documents and Settings\Deedee\Application Data\Skype
2010-08-25 00:30:32 ----SHD---- C:\WINDOWS\Installer
2010-08-25 00:30:22 ----D---- C:\Program Files\Java
2010-08-25 00:27:29 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2010-08-25 00:26:02 ----RD---- C:\Program Files
2010-08-25 00:23:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-25 00:23:47 ----D---- C:\Program Files\Common Files\Adobe
2010-08-24 21:47:09 ----D---- C:\WINDOWS\Prefetch
2010-08-24 21:44:24 ----D---- C:\WINDOWS\Cursors
2010-07-31 19:25:10 ----D---- C:\Program Files\Common Files\McAfee
2010-07-31 16:56:29 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-07-31 14:45:32 ----D---- C:\Program Files\McAfee
2010-07-31 14:45:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-31 14:17:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-31 14:17:12 ----SD---- C:\WINDOWS\Tasks
2010-07-29 23:32:24 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-29 23:21:22 ----D---- C:\WINDOWS\system32\config
2010-07-29 23:21:06 ----D---- C:\WINDOWS\system32\wbem
2010-07-29 23:21:05 ----D---- C:\WINDOWS\Registration
2010-07-29 23:20:45 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-07-29 23:20:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-29 23:20:30 ----DC---- C:\WINDOWS\$NtUninstallKB975562$
2010-07-29 23:20:28 ----DC---- C:\WINDOWS\$NtUninstallKB979482$
2010-07-29 23:20:24 ----DC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-07-29 23:20:18 ----D---- C:\Program Files\Internet Explorer
2010-07-29 23:20:13 ----DC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-29 23:19:51 ----DC---- C:\WINDOWS\$NtUninstallKB980218$
2010-07-29 23:18:49 ----D---- C:\Program Files\Common Files\Apple
2010-07-29 23:17:26 ----D---- C:\Program Files\Bonjour(2)
2010-07-29 23:17:17 ----D---- C:\Program Files\Apple Software Update(2)
2010-07-29 23:17:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-07-29 23:12:50 ----DC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-29 23:10:46 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-05-31 385880]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-01 43528]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-05-31 82952]
R1 MOBKFilter;MOBKFilter; C:\WINDOWS\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-19 1326528]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-19 991656]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-19 47272]
R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-05-31 55456]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-18 4816896]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-11-27 25216]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-05-31 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-05-31 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-05-31 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-05-31 312616]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-05-31 88480]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-08-27 300544]
S3 catchme;catchme; \??\C:\DOCUME~1\Deedee\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\Deedee\LOCALS~1\Temp\mbr.sys []
S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-05-31 88480]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-05-31 83496]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-09-02 346720]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-05-31 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
R2 MOBKbackup;McAfee Online Backup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-26 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-26 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-26 1108464]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
 
Hi. :)

A question if I may, have you set the below proxy?

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK
Code: 
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select Off(not recommended) >> OK.

Note: No need for it to be active after the reset because you have the McAfee Internet Security Firewall active.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\otm-backup
Click to expand...
and click on OK.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Next:

Please download OTM to your Desktop.

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: 
:Processes

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
@=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\WINDOWS\system32\blank.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\WINDOWS\system32\blank.htm"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-

:Files
c:\windows\Pqejo.bin
c:\windows\Opirohugewu.dat
c:\program files\Eusing Free Registry Cleaner

:Commands
[Purity]
[EmptyTemp]
[EmptyFlash] 
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Answer to my proxy query.
  • OTM Log.
  • Malwarebytes Anti-Malware Log.
  • A new RSIT Log.
 
Daronfitz said:
Don't know what a proxy is so it's unlikely that we have set it.
Click to expand...
OK not a problem we can deal with that next time round or if you have not yet run the OTM script. Use this revised one instead:-
Code: 
:Processes

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
@=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\WINDOWS\system32\blank.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\WINDOWS\system32\blank.htm"
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-

:Files
c:\windows\Pqejo.bin
c:\windows\Opirohugewu.dat
c:\program files\Eusing Free Registry Cleaner

:Commands
[Purity]
[EmptyTemp]
[EmptyFlash] 
[Start Explorer]
[Reboot]
 
Seems to still be performing ok. No further symptoms or problems (just one program on startup constantly asking for Java - but it's a program we know is safe (fitbug) so not a problem once Java is updated.

Had already run OTM script so haven't c;eared the proxy you mentioned.

Malwarebytes came back clean - log will follow.
 
OTM log:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\@|"" /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Local Page"|"C:\WINDOWS\system32\blank.htm" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Local Page"|"C:\WINDOWS\system32\blank.htm" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
c:\windows\Pqejo.bin moved successfully.
c:\windows\Opirohugewu.dat moved successfully.
c:\program files\Eusing Free Registry Cleaner\Backup folder moved successfully.
c:\program files\Eusing Free Registry Cleaner folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Deedee
->Temp folder emptied: 736570 bytes
->Temporary Internet Files folder emptied: 18066643 bytes
->Java cache emptied: 81271957 bytes
->Flash cache emptied: 79401 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 618 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 5242 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2724692 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 98.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08262010_120604

Files moved on Reboot...
C:\Documents and Settings\Deedee\Local Settings\Temp\~DF9B91.tmp moved successfully.
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFB1A1.tmp not found!
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFB39D.tmp not found!
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFB616.tmp not found!
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFB857.tmp not found!
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFBCFE.tmp not found!
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFBFBA.tmp not found!
C:\Documents and Settings\Deedee\Local Settings\Temporary Internet Files\Content.IE5\I6KEACMD\showthread[1].htm moved successfully.
C:\Documents and Settings\Deedee\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
 
Malwarebytes log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4483

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/08/2010 12:28:10
mbam-log-2010-08-26 (12-28-10).txt

Scan type: Quick scan
Objects scanned: 134404
Time elapsed: 13 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
RSIT log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Deedee at 2010-08-26 12:41:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 67 GB (79%) free of 85 GB
Total RAM: 1015 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:31, on 26/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Deedee\Desktop\RSIT.exe
C:\Program Files\trend micro\Deedee.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100731192535.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Bug Manager V4] C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Bug Manager V4.lnk = C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 12787 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{30E0F160-5D42-4292-9210-FE4B90C69281}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\progra~1\mcafee\msk\mskapbho.dll [2010-05-03 245272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100731192535.dll [2010-05-31 73288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\progra~1\mcafee\sitead~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\progra~1\mcafee\sitead~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-12-04 114688]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-12-18 622592]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-11-24 329728]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-09-18 16855040]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-26 236016]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1193848]
"Bug Manager V4"=C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe [2010-06-01 88064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-04-06 26102056]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Bug Manager V4.lnk - C:\Program Files\Fitbug Limited\Bug Manager V4\bugmanager.exe
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Deedee\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-12 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-26 12:07:04 ----SHD---- C:\RECYCLER
2010-08-26 12:06:04 ----D---- C:\_OTM
2010-08-26 02:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-26 02:30:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-26 02:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-26 02:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-26 02:26:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-26 02:24:49 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-26 02:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-26 02:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-26 02:18:43 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-26 01:40:36 ----A---- C:\ComboFix.txt
2010-08-26 01:11:24 ----A---- C:\Boot.bak
2010-08-26 01:11:18 ----RASHD---- C:\cmdcons
2010-08-26 01:07:17 ----A---- C:\WINDOWS\zip.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\SWSC.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\SWREG.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\sed.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\PEV.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\MBR.exe
2010-08-26 01:07:17 ----A---- C:\WINDOWS\grep.exe
2010-08-26 01:06:32 ----D---- C:\Qoobox
2010-08-25 21:41:11 ----A---- C:\TDSSKiller.2.4.1.2_25.08.2010_21.41.11_log.txt
2010-08-25 11:41:41 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-24 21:57:10 ----D---- C:\Program Files\trend micro
2010-08-24 21:57:08 ----D---- C:\rsit
2010-08-24 21:03:50 ----D---- C:\Documents and Settings\Deedee\Application Data\Malwarebytes
2010-08-24 21:03:28 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-24 21:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-24 21:03:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-24 21:03:24 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-15 18:57:16 ----D---- C:\WINDOWS\ERDNT
2010-08-15 18:56:34 ----D---- C:\Program Files\ERUNT
2010-08-08 02:50:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-08 02:50:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-03 23:06:04 ----D---- C:\Documents and Settings\Deedee\Application Data\Fitbug
2010-08-03 23:02:41 ----A---- C:\WINDOWS\Bug Manager V4 Uninstaller.exe
2010-07-31 14:45:23 ----D---- C:\Program Files\McAfeeMOBK
2010-07-31 14:45:09 ----A---- C:\WINDOWS\system32\drivers\MOBK.sys
2010-07-31 14:45:02 ----D---- C:\Program Files\McAfee Online Backup
2010-07-31 14:42:37 ----A---- C:\WINDOWS\system32\drivers\mfeclnk.sys
2010-07-29 23:18:49 ----D---- C:\Program Files\iTunes
2010-07-29 23:18:49 ----D---- C:\Program Files\iPod
2010-07-29 23:18:32 ----D---- C:\Program Files\Apple Software Update
2010-07-29 23:17:27 ----D---- C:\Program Files\Bonjour
2010-07-29 23:15:42 ----D---- C:\Program Files\QuickTime
2010-07-29 23:11:15 ----D---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-08-26 12:41:16 ----D---- C:\WINDOWS\Temp
2010-08-26 12:10:17 ----D---- C:\Documents and Settings\Deedee\Application Data\Skype
2010-08-26 12:07:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-26 12:07:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-26 12:07:04 ----D---- C:\WINDOWS\system32
2010-08-26 12:06:12 ----RD---- C:\Program Files
2010-08-26 12:06:11 ----D---- C:\WINDOWS
2010-08-26 11:56:15 ----D---- C:\Documents and Settings\Deedee\Application Data\skypePM
2010-08-26 02:31:52 ----HD---- C:\WINDOWS\inf
2010-08-26 02:31:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-26 02:31:49 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-08-26 02:31:40 ----A---- C:\WINDOWS\imsins.BAK
2010-08-26 02:31:39 ----D---- C:\WINDOWS\system32\drivers
2010-08-26 02:31:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-26 02:31:27 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-08-26 02:31:16 ----SHD---- C:\WINDOWS\Installer
2010-08-26 02:30:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-08-26 02:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-26 02:26:51 ----D---- C:\Program Files\Internet Explorer
2010-08-26 02:26:39 ----D---- C:\WINDOWS\ie8updates
2010-08-26 02:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-08-26 02:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-08-26 02:20:24 ----D---- C:\Program Files\Movie Maker
2010-08-26 02:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-08-26 01:36:58 ----A---- C:\WINDOWS\system.ini
2010-08-26 01:36:39 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-26 01:16:26 ----D---- C:\WINDOWS\AppPatch
2010-08-26 01:16:19 ----D---- C:\Program Files\Common Files
2010-08-26 01:11:24 ----RASH---- C:\boot.ini
2010-08-25 00:30:22 ----D---- C:\Program Files\Java
2010-08-25 00:23:55 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-25 00:23:47 ----D---- C:\Program Files\Common Files\Adobe
2010-08-24 21:47:09 ----D---- C:\WINDOWS\Prefetch
2010-08-24 21:44:24 ----D---- C:\WINDOWS\Cursors
2010-08-03 11:09:32 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-31 19:25:10 ----D---- C:\Program Files\Common Files\McAfee
2010-07-31 16:56:29 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-07-31 14:45:32 ----D---- C:\Program Files\McAfee
2010-07-31 14:45:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-31 14:17:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-31 14:17:12 ----SD---- C:\WINDOWS\Tasks
2010-07-29 23:32:24 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-29 23:21:22 ----D---- C:\WINDOWS\system32\config
2010-07-29 23:21:06 ----D---- C:\WINDOWS\system32\wbem
2010-07-29 23:21:05 ----D---- C:\WINDOWS\Registration
2010-07-29 23:20:13 ----DC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-29 23:18:49 ----D---- C:\Program Files\Common Files\Apple
2010-07-29 23:17:26 ----D---- C:\Program Files\Bonjour(2)
2010-07-29 23:17:17 ----D---- C:\Program Files\Apple Software Update(2)
2010-07-29 23:17:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-07-29 23:10:46 ----D---- C:\WINDOWS\system32\Restore
2010-07-27 07:30:35 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2010-05-31 385880]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-01 43528]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2010-05-31 82952]
R1 MOBKFilter;MOBKFilter; C:\WINDOWS\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-19 1326528]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-19 991656]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-19 47272]
R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2010-05-31 55456]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-18 4816896]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-11-27 25216]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2010-05-31 95568]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2010-05-31 152320]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2010-05-31 51688]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2010-05-31 312616]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-05-31 88480]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AF15BDA;AF9015 BDA Filter; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2007-08-27 300544]
S3 catchme;catchme; \??\C:\DOCUME~1\Deedee\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2010-05-31 88480]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2010-05-31 83496]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-09-02 346720]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2010-03-26 93320]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-05-31 170144]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
R2 MOBKbackup;McAfee Online Backup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-26 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-26 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 364216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-26 1108464]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
 
Hi. :)

New Adobe Reader Installation:

  • Go here and click on AdbeRdr930_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to JDK 6 Update 21 (JDK or JRE). Click on Download JRE.
  • Select Windows from the drop-down list for Platform.
  • Check (tick) Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement box and click on Continue.
  • Click on jre-6u21-windows-i586.exe link to download it and save this to a convenient location.
  • Double click on jre-6u21-windows-i586.exe to install Java.
Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R togethor) to bring up the Run box and and copy and paste in:
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\otm-backup2
Click to expand...
and click on OK.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Custom OTM Script:

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: 
:Processes

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Run Kaspersky Online AV Scanner:

Go to this Kaspersky website and perform an online antivirus scan.

Note: Use Internet Explorer for this scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
This online tuturial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • How is your computer performing now? Any problems encountered and or any further symptoms?
  • OTM Log.
  • Kaspersky report.
 
no new symptoms or problems showing. all seems ok.

OTM log:

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Deedee
->Temp folder emptied: 770078 bytes
->Temporary Internet Files folder emptied: 6247865 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 607 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08262010_142541

Files moved on Reboot...
C:\Documents and Settings\Deedee\Local Settings\Temp\~DFACE0.tmp moved successfully.
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFE142.tmp not found!
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFE21D.tmp not found!
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFE326.tmp not found!
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFE388.tmp not found!
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFE5C2.tmp not found!
File C:\Documents and Settings\Deedee\Local Settings\Temp\~DFE612.tmp not found!
C:\Documents and Settings\Deedee\Local Settings\Temporary Internet Files\Content.IE5\7KRKCRHJ\showthread[2].htm moved successfully.
C:\Documents and Settings\Deedee\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
 
Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, August 26, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 26, 2010 11:44:19
Records in database: 4156785
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 54247
Threats found: 1
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 04:38:29


File name / Threat / Threats count
C:\System Volume Information\_restore{6B6D80B3-42EE-48CB-8C94-A88B9D93DB27}\RP74\A0018043.exe Infected: Backdoor.Win32.Bredolab.goa 1
C:\System Volume Information\_restore{6B6D80B3-42EE-48CB-8C94-A88B9D93DB27}\RP75\A0018164.exe Infected: Backdoor.Win32.Bredolab.goa 1
C:\System Volume Information\_restore{6B6D80B3-42EE-48CB-8C94-A88B9D93DB27}\RP75\A0018178.exe Infected: Backdoor.Win32.Bredolab.goa 1

Selected area has been scanned.
 
Hi. :)

no new symptoms or problems showing. all seems ok.
Click to expand...
Good to know!

What has been flagged by the online scan is infected system restore points and part of ComoFix's uninstall procedure below will flush the infected restore points and create a new clean one.

Next:

Congratulations your computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png
Clean up with OTM:

  • Double-click OTM to start the program.
  • Close all other programs apart from OTM as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed combination security application, McAfee Internet Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:
Only use one of the above.

Install WinPatrol:

Download it from here

You can find information about how WinPatrol works here

Next:

Any questions? Feel free to ask, if not stay safe!
 
No questions - you've made everything so simple for me. Many, many thanks for all your help - you've been brilliant and patient! :thanks:
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
Status
Not open for further replies.
Back
Top