1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

FireFox Hijack

Discussion in 'Virus & Other Malware Removal' started by jonesman0, May 30, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. jonesman0

    jonesman0 Thread Starter

    Joined:
    May 30, 2010
    Messages:
    5
    Hy Guys ,

    1st post here so any help would be massively appreciated.

    I think i had a trojan? not sure , my spyware deleted some stuff but mt Firefox browser is constantly hijacked ( home page is ok , initial search is ok , its only when i click a hyperlink to a site that its redirected making surfing almost impossible :( and very frustrating.

    i have tried everything to get rid of it but it still seems to be happening...

    ...again any help appreciated
    Thanks people
    please find below a HT analasys ( although i have a suspision its hidden and this wont help ):

    Logfile of HijackThis v1.99.1
    Scan saved at 19:31:42, on 30/05/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17023)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DU Meter\DUMeterSvc.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\UnHackMe\hackmon.exe
    C:\Program Files\NETGEAR\WN121T\wn121t.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Simon\My Documents\internet downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mirostart.com/?cfg=2-73-0-Ak58

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
    O4 - Global Startup: NETGEAR WN121T Smart Wizard.lnk = C:\Program Files\NETGEAR\WN121T\wn121t.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C45A53CA-6135-4E9E-A878-B8CAE0A8A92D}: NameServer = 93.188.164.135,93.188.166.179
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C51C5CC8-22D8-4264-9137-B0E866B7A64A}: NameServer = 93.188.164.135,93.188.166.179
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.135,93.188.166.179
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.135,93.188.166.179
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.135,93.188.166.179
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
    O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe" Start=service (file missing)
    O23 - Service: Google Update Service (gupdate1ca4718979ec092) (gupdate1ca4718979ec092) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
     
  2. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Download ComboFix here :

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

      Click me

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
     
  3. jonesman0

    jonesman0 Thread Starter

    Joined:
    May 30, 2010
    Messages:
    5
    Hy there
    Thanks for the speedy reply , i have done exactly as u advised and there was a infected file in the system 32 dll. When Combo fix ran , it installed the window recovery program as per below and then started to scan.
    It got to stage 50ish and advised about the infected file in system 32....dll etc ....it then stated "deleting file" and the system crashed .....blue screen , states that windows has shut down to protect itself??? physical dump of memory etc.... i tried the scan 3 times but my system still shuts itself down when trying to delete the file??? i have no choice but to reboot as the system is non responsive??

    Thanks for the help so far!
     
  4. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    don't know the name of the file ?

    do this instead

    Download TDSSKiller and save it to your Desktop.

    • Extract the file and run it.
    • Once completed it will create a log in your C:\ drive
    • Please post the contents of that log
     
  5. jonesman0

    jonesman0 Thread Starter

    Joined:
    May 30, 2010
    Messages:
    5
    14:30:06:875 11320 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
    14:30:06:875 11320 ================================================================================
    14:30:06:875 11320 SystemInfo:

    14:30:06:875 11320 OS Version: 5.1.2600 ServicePack: 3.0
    14:30:06:875 11320 Product type: Workstation
    14:30:06:875 11320 ComputerName: SIMON-FSC
    14:30:06:875 11320 UserName: Simon
    14:30:06:875 11320 Windows directory: C:\WINDOWS
    14:30:06:875 11320 Processor architecture: Intel x86
    14:30:06:875 11320 Number of processors: 2
    14:30:06:875 11320 Page size: 0x1000
    14:30:06:875 11320 Boot type: Normal boot
    14:30:06:875 11320 ================================================================================
    14:30:07:328 11320 Initialize success
    14:30:07:328 11320
    14:30:07:328 11320 Scanning Services ...
    14:30:08:156 11320 Raw services enum returned 362 services
    14:30:08:171 11320
    14:30:08:171 11320 Scanning Drivers ...
    14:30:14:093 11320 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:30:15:109 11320 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    14:30:19:359 11320 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    14:30:21:796 11320 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
    14:30:27:781 11320 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    14:30:28:843 11320 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
    14:30:32:875 11320 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:30:33:828 11320 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:30:35:859 11320 ati2mtag (15b2fe76e2eceb98c49ed52311a6f26f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    14:30:36:906 11320 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:30:37:812 11320 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:30:38:703 11320 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
    14:30:39:625 11320 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    14:30:40:562 11320 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
    14:30:41:625 11320 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    14:30:42:593 11320 BootScreen (5a6cca16cf233ad6b233f5ab25a39aca) C:\WINDOWS\System32\drivers\vidstub.sys
    14:30:43:625 11320 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    14:30:43:640 11320 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    14:30:44:625 11320 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:30:46:343 11320 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:30:47:187 11320 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    14:30:48:125 11320 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:30:56:093 11320 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
    14:30:57:000 11320 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    14:30:57:937 11320 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    14:30:58:906 11320 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    14:30:59:796 11320 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    14:31:02:140 11320 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    14:31:03:156 11320 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    14:31:04:140 11320 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    14:31:05:125 11320 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    14:31:06:125 11320 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    14:31:07:187 11320 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    14:31:08:156 11320 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
    14:31:09:125 11320 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:31:10:156 11320 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:31:11:234 11320 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    14:31:12:203 11320 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:31:13:187 11320 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    14:31:14:218 11320 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    14:31:16:156 11320 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    14:31:17:562 11320 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    14:31:21:187 11320 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    14:31:25:234 11320 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
    14:31:26:312 11320 imagedrv (25edd75e23c5ef6b33d0fbcce125a601) C:\WINDOWS\system32\Drivers\imagedrv.sys
    14:31:27:578 11320 imagesrv (9c4bbacf4e9b9543c3ce23f1fe556941) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
    14:31:28:718 11320 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:31:33:156 11320 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    14:31:37:218 11320 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    14:31:38:281 11320 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    14:31:39:375 11320 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    14:31:40:406 11320 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:31:42:031 11320 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:31:43:078 11320 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:31:44:062 11320 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:31:45:109 11320 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:31:46:093 11320 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:31:47:078 11320 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:31:48:062 11320 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    14:31:49:156 11320 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
    14:31:50:171 11320 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    14:31:51:218 11320 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
    14:31:53:265 11320 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    14:31:54:250 11320 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    14:31:55:234 11320 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
    14:31:56:218 11320 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:31:57:125 11320 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    14:31:58:031 11320 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    14:31:59:109 11320 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    14:31:59:140 11320 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    14:32:00:093 11320 MRVW245 (207cf58fe1ca8d430516c6d9ccb6645b) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
    14:32:01:625 11320 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:32:02:640 11320 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:32:03:718 11320 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    14:32:04:671 11320 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:32:05:656 11320 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:32:06:625 11320 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    14:32:07:937 11320 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:32:11:515 11320 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
    14:32:12:515 11320 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    14:32:13:484 11320 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:32:14:484 11320 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:32:15:500 11320 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:32:16:468 11320 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    14:32:17:453 11320 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:32:18:515 11320 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:32:19:515 11320 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    14:32:20:500 11320 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    14:32:21:625 11320 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
    14:32:22:640 11320 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    14:32:23:968 11320 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:32:24:968 11320 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:32:25:921 11320 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    14:32:26:921 11320 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    14:32:27:875 11320 Partizan (6ddcf3f801ec15fe698f6a215cf30a1f) C:\WINDOWS\system32\drivers\Partizan.sys
    14:32:28:875 11320 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    14:32:29:906 11320 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    14:32:31:546 11320 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    14:32:32:531 11320 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    14:32:34:468 11320 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
    14:32:35:406 11320 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
    14:32:36:359 11320 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    14:32:45:578 11320 pnarp (693ac79715a7585d33313466052e73b6) C:\WINDOWS\system32\DRIVERS\pnarp.sys
    14:32:46:640 11320 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:32:47:625 11320 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    14:32:48:609 11320 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:32:49:546 11320 purendis (051485bf55283126e88a74c337e6fe96) C:\WINDOWS\system32\DRIVERS\purendis.sys
    14:32:50:546 11320 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    14:32:56:875 11320 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:32:57:828 11320 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:32:58:703 11320 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:32:59:640 11320 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:33:00:640 11320 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:33:02:125 11320 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:33:03:109 11320 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
    14:33:04:078 11320 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:33:05:093 11320 RegGuard (37ecebdd930395a9c399fb18a3c236d3) C:\WINDOWS\system32\Drivers\regguard.sys
    14:33:07:000 11320 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
    14:33:08:296 11320 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    14:33:09:281 11320 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    14:33:09:390 11320 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    14:33:09:421 11320 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    14:33:10:421 11320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:33:11:375 11320 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:33:12:390 11320 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    14:33:13:515 11320 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:33:16:390 11320 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    14:33:19:453 11320 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    14:33:21:562 11320 Srv (30efed0c77d59ae0cacb0b5c756767ed) C:\WINDOWS\system32\DRIVERS\srv.sys
    14:33:22:593 11320 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
    14:33:23:625 11320 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
    14:33:24:578 11320 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
    14:33:25:546 11320 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:33:26:500 11320 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    14:33:31:812 11320 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    14:33:32:796 11320 Tcpip (25a740d70e8007814a48d3fa1b34fa34) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:33:33:796 11320 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:33:34:781 11320 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    14:33:35:953 11320 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:33:37:921 11320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    14:33:39:828 11320 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    14:33:40:812 11320 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:33:41:843 11320 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:33:42:843 11320 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:33:43:812 11320 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:33:44:828 11320 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:33:45:828 11320 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    14:33:47:781 11320 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    14:33:48:781 11320 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:33:49:765 11320 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    14:33:51:718 11320 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    14:33:52:718 11320 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    14:33:55:937 11320 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    14:33:57:625 11320 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:33:58:546 11320 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:33:58:562 11320
    14:33:58:562 11320 Completed
    14:33:58:562 11320
    14:33:58:562 11320 Results:
    14:33:58:562 11320 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    14:33:58:562 11320 File objects infected / cured / cured on reboot: 0 / 0 / 0
    14:33:58:562 11320
    14:33:58:578 11320 KLMD(ARK) unloaded successfully


    ** I can retry the anti virus if u want the exact name of the file , i just dont like to keep crashing the pc!!
     
  6. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    can you run combofix in safe mode for me

    it work then ?
     
  7. jonesman0

    jonesman0 Thread Starter

    Joined:
    May 30, 2010
    Messages:
    5
    Managed to run Como fix in safe mode ok , File name that was deleted was "ws2_32.dll" located in system 32 folder.
    Combo went on to delete the file ok this time and a few associated files n folders etc..
    It ran again on boot and as u described said that it had produced a log that could be located in the c:/comboFix folder?? this is cant locate?? unless this is it ????:

    ComboFix 10-05-30.05 - Simon 31/05/2010 16:08:09.3.2 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.732 [GMT 1:00]
    Running from: C:\Documents and Settings\Simon\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Simon\Application Data\3e97ce23.exe
    C:\Documents and Settings\Simon\Application Data\77BA65EC94F678E78B424E86DDC1BC33
    C:\Documents and Settings\Simon\Application Data\77BA65EC94F678E78B424E86DDC1BC33\enemies-names.txt
    C:\Documents and Settings\Simon\Application Data\77BA65EC94F678E78B424E86DDC1BC33\hookdll.dll
    C:\Documents and Settings\Simon\Application Data\Desktopicon
    C:\Documents and Settings\Simon\Application Data\Desktopicon\eBayShortcuts.exe
    C:\Documents and Settings\Simon\Local Settings\Application Data\Windows Server
    C:\Documents and Settings\Simon\Local Settings\Application Data\Windows Server\flags.ini
    C:\Documents and Settings\Simon\Local Settings\Application Data\Windows Server\uses32.dat
    C:\Documents and Settings\Simon\Start Menu\Programs\Antimalware Doctor
    C:\feed.txt
    C:\WINDOWS\system32\bzwsrnsq.dll
    C:\WINDOWS\system32\ernel32.dll
    C:\WINDOWS\system32\hlp.dat
    C:\WINDOWS\system32\Temp

    -- Previous Run --

    Infected copy of C:\WINDOWS\system32\drivers\mouclass.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    C:\WINDOWS\system32\ws2_32.dll . . . is infected!!

    -- Previous Run --

    Infected copy of C:\WINDOWS\system32\drivers\mouclass.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    C:\WINDOWS\system32\ws2_32.dll . . . is infected!!

    --------

    C:\WINDOWS\system32\ws2_32.dll . . . is infected!!

    --------

    C:\WINDOWS\system32\ws2_32.dll . . . is infected!!

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))
    .

    2010-05-31 13:58:21 . 2010-05-31 13:58:21 -------- d-----w- C:\Program Files\Sure Delete
    2010-05-31 13:42:51 . 2010-05-31 13:45:45 -------- d-----w- C:\Program Files\DeleteFilesPermanently
    2010-05-31 13:34:56 . 2010-05-31 13:34:56 52432 ----a-w- C:\WINDOWS\system32\drivers\klmd.sys
    2010-05-30 17:30:50 . 2010-05-30 17:30:50 -------- d-----w- C:\WINDOWS\RestoreSafeDeleted
    2010-05-30 12:52:08 . 2010-05-30 12:52:08 24416 ----a-w- C:\WINDOWS\system32\drivers\regguard.sys
    2010-05-30 11:52:57 . 2010-05-30 11:52:57 37600 ----a-w- C:\WINDOWS\system32\Partizan.exe
    2010-05-30 11:52:57 . 2010-05-30 11:52:57 35816 ----a-w- C:\WINDOWS\system32\drivers\Partizan.sys
    2010-05-30 11:52:49 . 2010-05-30 11:52:49 2 --shatr- C:\WINDOWS\winstart.bat
    2010-05-30 11:52:18 . 2010-05-21 11:16:58 12808 ----a-w- C:\WINDOWS\system32\drivers\UnHackMeDrv.sys
    2010-05-30 11:52:12 . 2010-05-30 11:53:35 -------- d-----w- C:\Program Files\UnHackMe
    2010-05-30 08:40:58 . 2010-05-30 08:40:58 -------- d-----w- C:\Documents and Settings\LocalService\Application Data\WinPatrol
    2010-05-30 08:00:45 . 2010-05-30 08:00:45 -------- d-----w- C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com
    2010-05-30 08:00:45 . 2010-05-30 08:00:45 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-05-30 08:00:28 . 2010-05-30 08:00:31 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2010-05-29 17:13:59 . 2010-05-29 17:13:59 -------- d-----w- C:\VundoFix Backups
    2010-05-29 17:06:14 . 2010-05-29 17:06:14 -------- d-----w- C:\Documents and Settings\Simon\Application Data\Street-Ads
    2010-05-29 17:06:07 . 2010-05-29 17:06:07 -------- d-----w- C:\Documents and Settings\Simon\Application Data\Sky-Banners
    2010-05-29 17:05:41 . 2010-05-29 17:05:41 50981 ----a-w- C:\WINDOWS\system32\jfwuaxkrgmrm.exe
    2010-05-29 17:05:38 . 2010-05-30 08:59:55 -------- d-----w- C:\Documents and Settings\Simon\Local Settings\Application Data\qskrgekoh
    2010-05-29 17:05:30 . 2010-05-29 17:05:30 -------- d-----w- C:\Program Files\$NtUninstallWTF1012$
    2010-05-29 17:04:01 . 2010-05-29 17:04:00 67584 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\Q179o1o9.dll
    2010-05-27 11:57:10 . 2010-05-27 11:57:10 169472 ----a-w- C:\WINDOWS\system32\ykmjibrcapt.dll
    2010-05-25 11:33:21 . 2010-05-25 11:33:21 56 ---ha-w- C:\WINDOWS\system32\ezsidmv.dat
    2010-05-25 11:33:20 . 2010-05-29 19:55:16 -------- d-----w- C:\Documents and Settings\Simon\Application Data\skypePM
    2010-05-25 11:14:36 . 2010-05-30 13:39:47 -------- d-----w- C:\Documents and Settings\Simon\Application Data\Skype
    2010-05-25 11:13:28 . 2010-05-25 11:13:28 -------- d-----w- C:\Program Files\Common Files\Skype
    2010-05-25 11:13:25 . 2010-05-25 11:14:03 -------- d-----r- C:\Program Files\Skype
    2010-05-25 11:13:15 . 2010-05-25 11:13:24 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Skype
    2010-05-25 05:38:04 . 2010-05-25 05:38:04 309248 ----a-w- C:\WINDOWS\system32\owiufztg.dll
    2010-05-24 16:31:20 . 2010-05-24 16:31:20 40633 ----a-w- C:\WINDOWS\system32\yrmfoyeg.exe
    2010-05-22 11:51:03 . 2009-08-21 11:15:26 557568 ----a-w- C:\WINDOWS\system32\B4FM.dll
    2010-05-22 11:51:00 . 2010-05-22 11:58:51 -------- d-----w- C:\Program Files\Burn4Free
    2010-05-03 09:42:15 . 2010-05-03 09:42:15 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Hagel Technologies
    2010-05-03 09:42:06 . 2010-05-03 09:42:06 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
    2010-05-03 09:42:04 . 2010-05-03 09:42:06 -------- d-----w- C:\Program Files\DU Meter

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-30 08:30:41 . 2009-12-08 04:24:29 -------- d-----w- C:\Documents and Settings\Simon\Application Data\Vude
    2010-05-30 08:01:02 . 2010-05-30 08:01:02 63488 ----a-w- C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-05-30 08:01:00 . 2010-05-30 08:01:00 52224 ----a-w- C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-05-30 08:00:56 . 2010-05-30 08:00:56 117760 ----a-w- C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-05-29 17:04:50 . 2010-03-02 13:23:40 -------- d-----w- C:\Documents and Settings\Simon\Application Data\Pyiq
    2010-05-22 05:26:20 . 2010-03-29 16:01:03 439816 ----a-w- C:\Documents and Settings\Simon\Application Data\Real\Update\setup3.10\setup.exe
    2010-05-17 12:00:27 . 2009-04-14 20:46:50 -------- d-----w- C:\Program Files\McAfee
    2010-05-01 12:45:35 . 2009-04-14 20:54:26 -------- d-----w- C:\Program Files\PKR
    2010-04-21 18:14:15 . 2009-04-14 17:50:25 -------- d-----w- C:\Program Files\CCleaner
    2010-04-21 18:14:03 . 2010-04-21 18:14:03 -------- d-----w- C:\Program Files\Ask.com
    2010-04-21 18:14:02 . 2010-04-21 18:13:50 -------- d-----w- C:\Program Files\FinalBurner
    2010-04-21 18:13:31 . 2010-04-21 18:13:31 -------- d-----w- C:\Program Files\DVDVideoSoft
    2010-04-21 18:13:25 . 2010-04-21 18:13:25 -------- d-----w- C:\Program Files\RichFLV
    2010-04-21 18:13:23 . 2010-04-21 18:13:23 -------- d-----w- C:\Program Files\Riva
    2010-04-21 18:13:12 . 2010-02-08 19:55:19 -------- d-----w- C:\Program Files\Common Files\DVDVideoSoft
    2010-04-21 07:21:09 . 2010-04-21 07:20:56 -------- d-----w- C:\Program Files\DVDVideoSoft(2)
    2010-04-18 15:19:46 . 2010-04-18 15:19:45 405416 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-04-18 12:36:07 . 2010-04-18 12:36:07 -------- d-----w- C:\Program Files\Microsoft WSE
    2010-03-26 09:33:34 . 2010-04-21 21:01:45 1496064 ----a-w- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2010-03-26 09:33:16 . 2010-04-21 21:01:45 43008 ----a-w- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2010-03-26 09:33:16 . 2010-04-21 21:01:45 339456 ----a-w- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2010-03-26 09:32:54 . 2010-04-21 21:01:45 346112 ----a-w- C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2010-03-19 16:05:45 . 2010-03-19 16:04:52 1924976 ----a-w- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
    2010-03-19 16:04:59 . 2010-03-19 16:04:53 1025992 ----a-w- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
    2010-03-11 12:38:54 . 2009-02-04 12:35:11 832512 ----a-w- C:\WINDOWS\system32\wininet.dll
    2010-03-11 12:38:52 . 2008-04-14 04:41:56 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
    2010-03-11 12:38:51 . 2008-04-14 04:41:52 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
    2010-03-09 11:06:59 . 2009-02-04 12:35:08 430080 ----a-w- C:\WINDOWS\system32\vbscript.dll
    .

    ------- Sigcheck -------

    [-] 2009-02-04 12:35:39 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649 (xpsp_sp3_qfe.080728-1259)] . . C:\WINDOWS\system32\drivers\tcpip.sys

    [-] 2008-04-14 04:42:10 . 48FDBBE0E55B15E1886FCF5D8563B19F . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
    [-] 2008-04-14 04:42:10 . 48FDBBE0E55B15E1886FCF5D8563B19F . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\user32.dll

    [-] 2008-04-14 04:42:12 . 5D567A625ECB5B4728130E4B31CA87EF . 82432 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\system32\ws2_32.dll

    [-] 2009-02-04 12:40:21 . 5A0ABB27B492E73F7E5C53DD64304AE8 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "C:\Program Files\Softonic-Eng7\tbSof1.dll" [2010-05-17 05:11:17 2515552]

    [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
    2010-05-17 05:11:17 2515552 ----a-w- C:\Program Files\Softonic-Eng7\tbSof1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-06-04 17:04:52 1144712 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2009-06-04 17:04:52 1144712]
    "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "C:\Program Files\Softonic-Eng7\tbSof1.dll" [2010-05-17 05:11:17 2515552]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2009-06-04 17:04:52 1144712]
    "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "C:\Program Files\Softonic-Eng7\tbSof1.dll" [2010-05-17 05:11:17 2515552]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 17:26:23 2397424]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05:26 204288]
    "UnHackMe Monitor"="C:\Program Files\UnHackMe\hackmon.exe" [2010-05-21 11:16:50 594200]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:42:18 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-07 19:16:51 337216]
    "BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 15:21:00 270336]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 16:18:30 413696]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-10-07 06:40:28 198160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:42:18 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2010-03-11 12:38:51 124928]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WN121T Smart Wizard.lnk - C:\Program Files\NETGEAR\WN121T\wn121t.exe [2006-5-14 1302528]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-23 17:27:19 11952 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-11-17 17:42:32 16680 ----a-w- C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Documents and Settings\\Simon\\My Documents\\internet downloads\\StubInstaller.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "C:\\Program Files\\SopCast\\SopCast.exe"=
    "C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
    "C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\TVAnts\\Tvants.exe"=
    "C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro.exe"=
    "C:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
    "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
    "C:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
    "C:\\WINDOWS\\system32\\spoolsv.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [30/05/2010 12:52:57 35816]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [12/04/2009 16:22:36 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [12/04/2009 16:22:40 108552]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25:48 12872]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41:30 67656]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16/09/2008 14:02:26 163840]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [12/04/2009 16:22:27 297752]
    R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [03/05/2010 10:42:04 1391136]
    R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [22/09/2009 14:28:52 233472]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [14/04/2009 21:47:00 93320]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16:05:04 92008]
    R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [22/09/2009 14:28:52 36608]
    S0 relajic;relajic; [x]
    S2 gupdate1ca4718979ec092;Google Update Service (gupdate1ca4718979ec092);C:\Program Files\Google\Update\GoogleUpdate.exe [07/10/2009 07:37:06 133104]
    S3 klmd23;klmd23;C:\WINDOWS\system32\drivers\klmd.sys [31/05/2010 14:34:56 52432]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49:20 227232]
    S3 RegGuard;RegGuard;C:\WINDOWS\system32\drivers\regguard.sys [30/05/2010 13:52:08 24416]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [22/09/2009 14:29:10 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [22/09/2009 14:29:10 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [22/09/2009 14:29:10 121856]
    S4 0155531274097639mcinstcleanup;McAfee Application Installer Cleanup (0155531274097639);C:\WINDOWS\TEMP\015553~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\WINDOWS\TEMP\015553~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - UnHackMeDrv
    .
    Contents of the 'Scheduled Tasks' folder

    2010-05-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34:12 . 2008-07-30 11:34:12]

    2010-05-31 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-07 06:37:06 . 2009-10-07 06:36:57]

    2010-05-31 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-07 06:37:06 . 2009-10-07 06:36:57]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.mirostart.com/?cfg=2-73-0-Ak58
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    FF - ProfilePath - C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://www.mirostart.com/s/?src=FF-Address&site=Yahoo!&cfg=2-73-0-Ak58\n&q=
    FF - component: C:\Documents and Settings\Simon\Application Data\Mozilla\Firefox\Profiles\ul2imatb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: C:\Program Files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - component: C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: C:\Program Files\Common Files\Motive\npMotive.dll
    FF - plugin: C:\Program Files\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmd23.sys


    Sorry if its not!!
    Hey again thanks for all the help , id a bin stuffed without this site !
     
  8. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    Open notepad and copy/paste the text in the quotebox below into it:

    Save this as CFScript.txt


    [​IMG]

    Refering to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
     
  9. jonesman0

    jonesman0 Thread Starter

    Joined:
    May 30, 2010
    Messages:
    5
    Hi there

    Problem solved!! i still cant run the report?? but the problem seems to have stopped?
    My Mrs has use the internet today and says there was no problems?
    A bit unconventional but we seemed to have got there
    Thanks alot for all your help!
     
  10. Rorschach112

    Rorschach112 Malware Specialist

    Joined:
    Oct 12, 2008
    Messages:
    2,392
    okie dokie
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/926153