Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: FireFox Hijack


(!)

jonesman0's Avatar
jonesman0 jonesman0 is offline
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
30-May-2010, 02:32 PM #1
Question FireFox Hijack
Hy Guys ,

1st post here so any help would be massively appreciated.

I think i had a trojan? not sure , my spyware deleted some stuff but mt Firefox browser is constantly hijacked ( home page is ok , initial search is ok , its only when i click a hyperlink to a site that its redirected making surfing almost impossible and very frustrating.

i have tried everything to get rid of it but it still seems to be happening...

...again any help appreciated
Thanks people
please find below a HT analasys ( although i have a suspision its hidden and this wont help ):

Logfile of HijackThis v1.99.1
Scan saved at 19:31:42, on 30/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\NETGEAR\WN121T\wn121t.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Simon\My Documents\internet downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mirostart.com/?cfg=2-73-0-Ak58

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C45A53CA-6135-4E9E-A878-B8CAE0A8A92D}: NameServer = 93.188.164.135,93.188.166.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{C51C5CC8-22D8-4264-9137-B0E866B7A64A}: NameServer = 93.188.164.135,93.188.166.179
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.135,93.188.166.179
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.135,93.188.166.179
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.135,93.188.166.179
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Update Service (gupdate1ca4718979ec092) (gupdate1ca4718979ec092) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
30-May-2010, 05:00 PM #2
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
jonesman0's Avatar
jonesman0 jonesman0 is offline
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
31-May-2010, 07:27 AM #3
Unhappy Thanks
Hy there
Thanks for the speedy reply , i have done exactly as u advised and there was a infected file in the system 32 dll. When Combo fix ran , it installed the window recovery program as per below and then started to scan.
It got to stage 50ish and advised about the infected file in system 32....dll etc ....it then stated "deleting file" and the system crashed .....blue screen , states that windows has shut down to protect itself??? physical dump of memory etc.... i tried the scan 3 times but my system still shuts itself down when trying to delete the file??? i have no choice but to reboot as the system is non responsive??

Thanks for the help so far!
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
31-May-2010, 07:29 AM #4
don't know the name of the file ?

do this instead

Download TDSSKiller and save it to your Desktop.
  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log
jonesman0's Avatar
jonesman0 jonesman0 is offline
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
31-May-2010, 09:38 AM #5
Log
14:30:06:875 11320 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:30:06:875 11320 =========================================================================== =====
14:30:06:875 11320 SystemInfo:

14:30:06:875 11320 OS Version: 5.1.2600 ServicePack: 3.0
14:30:06:875 11320 Product type: Workstation
14:30:06:875 11320 ComputerName: SIMON-FSC
14:30:06:875 11320 UserName: Simon
14:30:06:875 11320 Windows directory: C:\WINDOWS
14:30:06:875 11320 Processor architecture: Intel x86
14:30:06:875 11320 Number of processors: 2
14:30:06:875 11320 Page size: 0x1000
14:30:06:875 11320 Boot type: Normal boot
14:30:06:875 11320 =========================================================================== =====
14:30:07:328 11320 Initialize success
14:30:07:328 11320
14:30:07:328 11320 Scanning Services ...
14:30:08:156 11320 Raw services enum returned 362 services
14:30:08:171 11320
14:30:08:171 11320 Scanning Drivers ...
14:30:14:093 11320 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:30:15:109 11320 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:30:19:359 11320 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:30:21:796 11320 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
14:30:27:781 11320 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:30:28:843 11320 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
14:30:32:875 11320 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:30:33:828 11320 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:30:35:859 11320 ati2mtag (15b2fe76e2eceb98c49ed52311a6f26f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:30:36:906 11320 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:30:37:812 11320 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:30:38:703 11320 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
14:30:39:625 11320 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:30:40:562 11320 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
14:30:41:625 11320 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:30:42:593 11320 BootScreen (5a6cca16cf233ad6b233f5ab25a39aca) C:\WINDOWS\System32\drivers\vidstub.sys
14:30:43:625 11320 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
14:30:43:640 11320 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
14:30:44:625 11320 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:30:46:343 11320 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:30:47:187 11320 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:30:48:125 11320 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:30:56:093 11320 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
14:30:57:000 11320 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:30:57:937 11320 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:30:58:906 11320 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:30:59:796 11320 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:31:02:140 11320 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:31:03:156 11320 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:31:04:140 11320 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:31:05:125 11320 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:31:06:125 11320 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:31:07:187 11320 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:31:08:156 11320 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
14:31:09:125 11320 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:31:10:156 11320 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:31:11:234 11320 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:31:12:203 11320 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:31:13:187 11320 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:31:14:218 11320 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:31:16:156 11320 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
14:31:17:562 11320 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:31:21:187 11320 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:31:25:234 11320 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
14:31:26:312 11320 imagedrv (25edd75e23c5ef6b33d0fbcce125a601) C:\WINDOWS\system32\Drivers\imagedrv.sys
14:31:27:578 11320 imagesrv (9c4bbacf4e9b9543c3ce23f1fe556941) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
14:31:28:718 11320 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:31:33:156 11320 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:31:37:218 11320 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:31:38:281 11320 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:31:39:375 11320 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:31:40:406 11320 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:31:42:031 11320 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:31:43:078 11320 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:31:44:062 11320 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:31:45:109 11320 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:31:46:093 11320 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:31:47:078 11320 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:31:48:062 11320 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:31:49:156 11320 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
14:31:50:171 11320 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:31:51:218 11320 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
14:31:53:265 11320 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:31:54:250 11320 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:31:55:234 11320 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
14:31:56:218 11320 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:31:57:125 11320 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:31:58:031 11320 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:31:59:109 11320 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:31:59:140 11320 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:32:00:093 11320 MRVW245 (207cf58fe1ca8d430516c6d9ccb6645b) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
14:32:01:625 11320 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:32:02:640 11320 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:32:03:718 11320 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:32:04:671 11320 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:32:05:656 11320 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:32:06:625 11320 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:32:07:937 11320 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:32:11:515 11320 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
14:32:12:515 11320 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:32:13:484 11320 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:32:14:484 11320 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:32:15:500 11320 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:32:16:468 11320 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:32:17:453 11320 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:32:18:515 11320 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:32:19:515 11320 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:32:20:500 11320 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:32:21:625 11320 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
14:32:22:640 11320 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:32:23:968 11320 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:32:24:968 11320 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:32:25:921 11320 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:32:26:921 11320 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:32:27:875 11320 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys
14:32:28:875 11320 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:32:29:906 11320 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:32:31:546 11320 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
14:32:32:531 11320 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:32:34:468 11320 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
14:32:35:406 11320 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
14:32:36:359 11320 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:32:45:578 11320 pnarp (693ac79715a7585d33313466052e73b6) C:\WINDOWS\system32\DRIVERS\pnarp.sys
14:32:46:640 11320 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:32:47:625 11320 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:32:48:609 11320 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:32:49:546 11320 purendis (051485bf55283126e88a74c337e6fe96) C:\WINDOWS\system32\DRIVERS\purendis.sys
14:32:50:546 11320 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:32:56:875 11320 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:32:57:828 11320 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:32:58:703 11320 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:32:59:640 11320 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:33:00:640 11320 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:33:02:125 11320 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:33:03:109 11320 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
14:33:04:078 11320 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:33:05:093 11320 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys
14:33:07:000 11320 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
14:33:08:296 11320 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
14:33:09:281 11320 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:33:09:390 11320 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:33:09:421 11320 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:33:10:421 11320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:33:11:375 11320 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:33:12:390 11320 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:33:13:515 11320 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:33:16:390 11320 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:33:19:453 11320 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:33:21:562 11320 Srv (30efed0c77d59ae0cacb0b5c756767ed) C:\WINDOWS\system32\DRIVERS\srv.sys
14:33:22:593 11320 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
14:33:23:625 11320 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
14:33:24:578 11320 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
14:33:25:546 11320 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:33:26:500 11320 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:33:31:812 11320 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:33:32:796 11320 Tcpip (25a740d70e8007814a48d3fa1b34fa34) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:33:33:796 11320 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:33:34:781 11320 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:33:35:953 11320 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:33:37:921 11320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:33:39:828 11320 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:33:40:812 11320 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:33:41:843 11320 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:33:42:843 11320 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:33:43:812 11320 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:33:44:828 11320 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:33:45:828 11320 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:33:47:781 11320 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:33:48:781 11320 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:33:49:765 11320 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:33:51:718 11320 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:33:52:718 11320 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:33:55:937 11320 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:33:57:625 11320 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:33:58:546 11320 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:33:58:562 11320
14:33:58:562 11320 Completed
14:33:58:562 11320
14:33:58:562 11320 Results:
14:33:58:562 11320 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:33:58:562 11320 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:33:58:562 11320
14:33:58:578 11320 KLMD(ARK) unloaded successfully


** I can retry the anti virus if u want the exact name of the file , i just dont like to keep crashing the pc!!
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
31-May-2010, 10:03 AM #6
can you run combofix in safe mode for me

it work then ?
jonesman0's Avatar
jonesman0 jonesman0 is offline
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
31-May-2010, 12:25 PM #7
Log
Managed to run Como fix in safe mode ok , File name that was deleted was "ws2_32.dll" located in system 32 folder.
Combo went on to delete the file ok this time and a few associated files n folders etc..
It ran again on boot and as u described said that it had produced a log that could be located in the c:/comboFix folder?? this is cant locate?? unless this is it ????:

ComboFix 10-05-30.05 - Simon 31/05/2010 16:08:09.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.732 [GMT 1:00]
Running from: C:\Documents and Settings\Simon\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Simon\Application Data\3e97ce23.exe
C:\Documents and Settings\Simon\Application Data\77BA65EC94F678E78B424E86DDC1BC33
C:\Documents and Settings\Simon\Application Data\77BA65EC94F678E78B424E86DDC1BC33\enemies-names.txt
C:\Documents and Settings\Simon\Application Data\77BA65EC94F678E78B424E86DDC1BC33\hookdll.dll
C:\Documents and Settings\Simon\Application Data\Desktopicon
C:\Documents and Settings\Simon\Application Data\Desktopicon\eBayShortcuts.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Windows Server
C:\Documents and Settings\Simon\Local Settings\Application Data\Windows Server\flags.ini
C:\Documents and Settings\Simon\Local Settings\Application Data\Windows Server\uses32.dat
C:\Documents and Settings\Simon\Start Menu\Programs\Antimalware Doctor
C:\feed.txt
C:\WINDOWS\system32\bzwsrnsq.dll
C:\WINDOWS\system32\ernel32.dll
C:\WINDOWS\system32\hlp.dat
C:\WINDOWS\system32\Temp

-- Previous Run --

Infected copy of C:\WINDOWS\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack
C:\WINDOWS\system32\ws2_32.dll . . . is infected!!

-- Previous Run --

Infected copy of C:\WINDOWS\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack
C:\WINDOWS\system32\ws2_32.dll . . . is infected!!

--------

C:\WINDOWS\system32\ws2_32.dll . . . is infected!!

--------

C:\WINDOWS\system32\ws2_32.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
.

2010-05-31 13:58:21 . 2010-05-31 13:58:21 -------- d-----w- C:\Program Files\Sure Delete
2010-05-31 13:42:51 . 2010-05-31 13:45:45 -------- d-----w- C:\Program Files\DeleteFilesPermanently
2010-05-31 13:34:56 . 2010-05-31 13:34:56 52432 ----a-w- C:\WINDOWS\system32\drivers\klmd.sys
2010-05-30 17:30:50 . 2010-05-30 17:30:50 -------- d-----w- C:\WINDOWS\RestoreSafeDeleted
2010-05-30 12:52:08 . 2010-05-30 12:52:08 24416 ----a-w- C:\WINDOWS\system32\drivers\regguard.sys
2010-05-30 11:52:57 . 2010-05-30 11:52:57 37600 ----a-w- C:\WINDOWS\system32\Partizan.exe
2010-05-30 11:52:57 . 2010-05-30 11:52:57 35816 ----a-w- C:\WINDOWS\system32\drivers\Partizan.sys
2010-05-30 11:52:49 . 2010-05-30 11:52:49 2 --shatr- C:\WINDOWS\winstart.bat
2010-05-30 11:52:18 . 2010-05-21 11:16:58 12808 ----a-w- C:\WINDOWS\system32\drivers\UnHackMeDrv.sys
2010-05-30 11:52:12 . 2010-05-30 11:53:35 -------- d-----w- C:\Program Files\UnHackMe
2010-05-30 08:40:58 . 2010-05-30 08:40:58 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\WinPatrol
2010-05-30 08:00:45 . 2010-05-30 08:00:45 -------- d-----w- C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com
2010-05-30 08:00:45 . 2010-05-30 08:00:45 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-30 08:00:28 . 2010-05-30 08:00:31 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-05-29 17:13:59 . 2010-05-29 17:13:59 -------- d-----w- C:\VundoFix Backups
2010-05-29 17:06:14 . 2010-05-29 17:06:14 -------- d-----w- C:\Documents and Settings\Simon\Application Data\Street-Ads
2010-05-29 17:06:07 . 2010-05-29 17:06:07 -------- d-----w- C:\Documents and Settings\Simon\Application Data\Sky-Banners
2010-05-29 17:05:41 . 2010-05-29 17:05:41 50981 ----a-w- C:\WINDOWS\system32\jfwuaxkrgmrm.exe
2010-05-29 17:05:38 . 2010-05-30 08:59:55 -------- d-----w- C:\Documents and Settings\Simon\Local Settings\Application Data\qskrgekoh
2010-05-29 17:05:30 . 2010-05-29 17:05:30 -------- d-----w- C:\Program Files\$NtUninstallWTF1012$
2010-05-29 17:04:01 . 2010-05-29 17:04:00 67584 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\Q179o1o9.dll
2010-05-27 11:57:10 . 2010-05-27 11:57:10 169472 ----a-w- C:\WINDOWS\system32\ykmjibrcapt.dll
2010-05-25 11:33:21 . 2010-05-25 11:33:21 56 ---ha-w- C:\WINDOWS\system32\ezsidmv.dat
2010-05-25 11:33:20 . 2010-05-29 19:55:16 -------- d-----w- C:\Documents and Settings\Simon\Application Data\skypePM
2010-05-25 11:14:36 . 2010-05-30 13:39:47 -------- d-----w- C:\Documents and Settings\Simon\Application Data\Skype
2010-05-25 11:13:28 . 2010-05-25 11:13:28 -------- d-----w- C:\Program Files\Common Files\Skype
2010-05-25 11:13:25 . 2010-05-25 11:14:03 -------- d-----r- C:\Program Files\Skype
2010-05-25 11:13:15 . 2010-05-25 11:13:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Skype
2010-05-25 05:38:04 . 2010-05-25 05:38:04 309248 ----a-w- C:\WINDOWS\system32\owiufztg.dll
2010-05-24 16:31:20 . 2010-05-24 16:31:20 40633 ----a-w- C:\WINDOWS\system32\yrmfoyeg.exe
2010-05-22 11:51:03 . 2009-08-21 11:15:26 557568 ----a-w- C:\WINDOWS\system32\B4FM.dll
2010-05-22 11:51:00 . 2010-05-22 11:58:51 -------- d-----w- C:\Program Files\Burn4Free
2010-05-03 09:42:15 . 2010-05-03 09:42:15 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Hagel Technologies
2010-05-03 09:42:06 . 2010-05-03 09:42:06 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2010-05-03 09:42:04 . 2010-05-03 09:42:06 -------- d-----w- C:\Program Files\DU Meter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 08:30:41 . 2009-12-08 04:24:29 -------- d-----w- C:\Documents and Settings\Simon\Application Data\Vude
2010-05-30 08:01:02 . 2010-05-30 08:01:02 63488 ----a-w- C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-30 08:01:00 . 2010-05-30 08:01:00 52224 ----a-w- C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-30 08:00:56 . 2010-05-30 08:00:56 117760 ----a-w- C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-29 17:04:50 . 2010-03-02 13:23:40 -------- d-----w- C:\Documents and Settings\Simon\Application Data\Pyiq
2010-05-22 05:26:20 . 2010-03-29 16:01:03 439816 ----a-w- C:\Documents and Settings\Simon\Application Data\Real\Update\setup3.10\setup.exe
2010-05-17 12:00:27 . 2009-04-14 20:46:50 -------- d-----w- C:\Program Files\McAfee
2010-05-01 12:45:35 . 2009-04-14 20:54:26 -------- d-----w- C:\Program Files\PKR
2010-04-21 18:14:15 . 2009-04-14 17:50:25 -------- d-----w- C:\Program Files\CCleaner
2010-04-21 18:14:03 . 2010-04-21 18:14:03 -------- d-----w- C:\Program Files\Ask.com
2010-04-21 18:14:02 . 2010-04-21 18:13:50 -------- d-----w- C:\Program Files\FinalBurner
2010-04-21 18:13:31 . 2010-04-21 18:13:31 -------- d-----w- C:\Program Files\DVDVideoSoft
2010-04-21 18:13:25 . 2010-04-21 18:13:25 -------- d-----w- C:\Program Files\RichFLV
2010-04-21 18:13:23 . 2010-04-21 18:13:23 -------- d-----w- C:\Program Files\Riva
2010-04-21 18:13:12 . 2010-02-08 19:55:19 -------- d-----w- C:\Program Files\Common Files\DVDVideoSoft
2010-04-21 07:21:09 . 2010-04-21 07:20:56 -------- d-----w- C:\Program Files\DVDVideoSoft(2)
2010-04-18 15:19:46 . 2010-04-18 15:19:45 405416 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-18 12:36:07 . 2010-04-18 12:36:07 -------- d-----w- C:\Program Files\Microsoft WSE
2010-03-26 09:33:34 . 2010-04-21 21:01:45 1496064 ----a-w- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 09:33:16 . 2010-04-21 21:01:45 43008 ----a-w- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 09:33:16 . 2010-04-21 21:01:45 339456 ----a-w- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 09:32:54 . 2010-04-21 21:01:45 346112 ----a-w- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-19 16:05:45 . 2010-03-19 16:04:52 1924976 ----a-w- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-19 16:04:59 . 2010-03-19 16:04:53 1025992 ----a-w- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-03-11 12:38:54 . 2009-02-04 12:35:11 832512 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-03-11 12:38:52 . 2008-04-14 04:41:56 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2010-03-11 12:38:51 . 2008-04-14 04:41:52 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2010-03-09 11:06:59 . 2009-02-04 12:35:08 430080 ----a-w- C:\WINDOWS\system32\vbscript.dll
.

------- Sigcheck -------

[-] 2009-02-04 12:35:39 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649 (xpsp_sp3_qfe.080728-1259)] . . C:\WINDOWS\system32\drivers\tcpip.sys

[-] 2008-04-14 04:42:10 . 48FDBBE0E55B15E1886FCF5D8563B19F . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
[-] 2008-04-14 04:42:10 . 48FDBBE0E55B15E1886FCF5D8563B19F . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\user32.dll

[-] 2008-04-14 04:42:12 . 5D567A625ECB5B4728130E4B31CA87EF . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2_32.dll

[-] 2009-02-04 12:40:21 . 5A0ABB27B492E73F7E5C53DD64304AE8 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "C:\Program Files\Softonic-Eng7\tbSof1.dll" [2010-05-17 05:11:17 2515552]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-05-17 05:11:17 2515552 ----a-w- C:\Program Files\Softonic-Eng7\tbSof1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 17:04:52 1144712 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2009-06-04 17:04:52 1144712]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "C:\Program Files\Softonic-Eng7\tbSof1.dll" [2010-05-17 05:11:17 2515552]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2009-06-04 17:04:52 1144712]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "C:\Program Files\Softonic-Eng7\tbSof1.dll" [2010-05-17 05:11:17 2515552]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 17:26:23 2397424]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05:26 204288]
"UnHackMe Monitor"="C:\Program Files\UnHackMe\hackmon.exe" [2010-05-21 11:16:50 594200]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:42:18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-07 19:16:51 337216]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 15:21:00 270336]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 16:18:30 413696]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-10-07 06:40:28 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:42:18 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-03-11 12:38:51 124928]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN121T Smart Wizard.lnk - C:\Program Files\NETGEAR\WN121T\wn121t.exe [2006-5-14 1302528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableCAD"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\expl orer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 17:27:19 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-11-17 17:42:32 16680 ----a-w- C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Documents and Settings\\Simon\\My Documents\\internet downloads\\StubInstaller.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro.exe"=
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"C:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service

R0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [30/05/2010 12:52:57 35816]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [12/04/2009 16:22:36 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [12/04/2009 16:22:40 108552]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25:48 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41:30 67656]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 14:02:26 163840]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [12/04/2009 16:22:27 297752]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [03/05/2010 10:42:04 1391136]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [22/09/2009 14:28:52 233472]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [14/04/2009 21:47:00 93320]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16:05:04 92008]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [22/09/2009 14:28:52 36608]
S0 relajic;relajic; [x]
S2 gupdate1ca4718979ec092;Google Update Service (gupdate1ca4718979ec092);C:\Program Files\Google\Update\GoogleUpdate.exe [07/10/2009 07:37:06 133104]
S3 klmd23;klmd23;C:\WINDOWS\system32\drivers\klmd.sys [31/05/2010 14:34:56 52432]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49:20 227232]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\drivers\regguard.sys [30/05/2010 13:52:08 24416]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [22/09/2009 14:29:10 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [22/09/2009 14:29:10 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [22/09/2009 14:29:10 121856]
S4 0155531274097639mcinstcleanup;McAfee Application Installer Cleanup (0155531274097639);C:\WINDOWS\TEMP\015553~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\WINDOWS\TEMP\015553~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - UnHackMeDrv
.
Contents of the 'Scheduled Tasks' folder

2010-05-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]

2010-05-31 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-07 06:37:06 . 2009-10-07 06:36:57]

2010-05-31 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-07 06:37:06 . 2009-10-07 06:36:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mirostart.com/?cfg=2-73-0-Ak58
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.mirostart.com/s/?src=FF-Address&site=Yahoo!&cfg=2-73-0-Ak58\n&q=
FF - component: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: C:\Program Files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrec ordext.dll
FF - plugin: C:\Program Files\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmd23.sys


Sorry if its not!!
Hey again thanks for all the help , id a bin stuffed without this site !
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
31-May-2010, 12:35 PM #8
Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://forums.techguy.org/virus-othe...ox-hijack.html

Collect::
C:\WINDOWS\system32\jfwuaxkrgmrm.exe
C:\WINDOWS\system32\Spool\prtprocs\w32x86\Q179o1o9.dll
C:\WINDOWS\system32\ykmjibrcapt.dll
C:\WINDOWS\system32\owiufztg.dll
C:\WINDOWS\system32\yrmfoyeg.exe

Folder::
C:\VundoFix Backups
C:\Documents and Settings\Simon\Application Data\Street-Ads
C:\Documents and Settings\Simon\Application Data\Sky-Banners
C:\Documents and Settings\Simon\Local Settings\Application Data\qskrgekoh
C:\Program Files\$NtUninstallWTF1012$
C:\Documents and Settings\Simon\Application Data\Pyiq

SRPeek::
C:\WINDOWS\system32\ws2_32.dll

Driver::
relajic

KillAll::

Suspect::
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
jonesman0's Avatar
jonesman0 jonesman0 is offline
Junior Member with 5 posts.
THREAD STARTER
 
Join Date: May 2010
Experience: Beginner
01-Jun-2010, 12:08 PM #9
Hi there

Problem solved!! i still cant run the report?? but the problem seems to have stopped?
My Mrs has use the internet today and says there was no problems?
A bit unconventional but we seemed to have got there
Thanks alot for all your help!
Rorschach112's Avatar
Senior Member with 2,392 posts.
 
Join Date: Oct 2008
01-Jun-2010, 01:10 PM #10
okie dokie
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
Firefox hijacked, Google search trapped, random pop-up pages THVanderWall Virus & Other Malware Removal 3 29-Jan-2010 11:32 AM
IE 8 / Firefox Hijacked / redirected willspublic Virus & Other Malware Removal 12 20-Jan-2010 01:43 PM
Firefox got hijacked. terryma1215 Virus & Other Malware Removal 5 24-Feb-2009 07:54 PM
Firefox Hijacked - abcjmp.com Redirect handcramp Virus & Other Malware Removal 4 17-Feb-2009 10:16 PM
IE hijacked by FireFox! TennisWitch Web & Email 1 14-Aug-2008 11:46 AM

WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑