Hello,

First off. I would just like for the person reading this just bear in mind that i am not much of an computer expert which is why im asking for help.

The problem with my computer seems to be that when I scanned my computer for any viruses;which I do usually, the scanner (Superantispyware) detected something called rootkit.agent....... I can't remember the full name but I think it was something like "rootkit.agent/GX-serv" I think. Anyhow I researched it and kind of gathered what it was, I got the picture that it was very dangerous because it was something that a hacker used and it was very hard for an anti-virus software to detect because its aim was to dodge the ant-virus software; so I paniced a little and pressed the next button on the software which quarantined it and restarted my computer and then I removed it but the next day I started the scan again and found the same four files which was very shocking and did the same again but when I started another scan this time a "trojan.agent" was detetced which was a virus because someone informed me briefly. I quarantined the detected files and removed them after that I've run a few scans but only "adware.tracking.cookies" are detected.

My concern lies still because of the fact that I still think there is something wrong and am very feared of logging onto anything. Whilst on cnducting the reaserch I also came across what techniqes and methods hackers use which shock me up and read anecdotes such as peoples details being stolen which resulted in money going missing; which to an extent has had a very daunting effect on me because by believing the rootkits might still be active and logging everything I do like even me writing this forum. I've also run various other anti-virus software that install on the my computer and online ones too.



O'year after reading what I have read and you find it un-structured or any grammer mistakes sorry about that I rushed it a little bit.

Regards
LFC 4 LIfe[b]

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Hello DragonMaster Jay or anyone reading this,

I can't figure out how to attach the ".txt" file; so should I copy/paste the log or not? but i did anyway (confused)
I know it may be abit pathetic but sorry.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-17 21:33:38
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Hussains\AppData\Local\Temp\uxdyykoc.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 86A25BF8
INT 0x51 ? 86A25BF8
INT 0x51 ? 86A25BF8
INT 0x51 ? 86A25BF8
INT 0x51 ? 86DF5F00
INT 0x51 ? 86DF5F00
INT 0x51 ? 86A25BF8
INT 0x61 ? 86DF5F00
INT 0x82 ? 86DF5F00
INT 0xA2 ? 86DF5F00
INT 0xB2 ? 86DF5F00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spji.sys The system cannot find the path specified. !
PAGE ataport.SYS!DllUnload 83EAAB2E 5 Bytes JMP 86A251D8
.text USBPORT.SYS!DllUnload 83FA441B 5 Bytes JMP 86DF54E0

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068D6D2] \SystemRoot\System32\Drivers\spji.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068D040] \SystemRoot\System32\Drivers\spji.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068D7FC] \SystemRoot\System32\Drivers\spji.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068D0BE] \SystemRoot\System32\Drivers\spji.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068D13C] \SystemRoot\System32\Drivers\spji.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7490A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [748E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [748BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7493CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [748DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1480] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86A2A1F8
Device \FileSystem\fastfat \FatCdrom AB31F1F8
Device \Driver\volmgr \Device\VolMgrControl 86A271F8
Device \Driver\usbuhci \Device\USBPDO-0 86DA71F8
Device \Driver\usbuhci \Device\USBPDO-1 86DA71F8
Device \Driver\usbuhci \Device\USBPDO-2 86DA71F8
Device \Driver\usbehci \Device\USBPDO-3 86DF21F8
Device \Driver\usbuhci \Device\USBPDO-4 86DA71F8

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 86DA71F8
Device \Driver\netbt \Device\NetBT_Tcpip_{C9C6B6EF-F0B8-4D7C-8325-36A8868F34D3} 874941F8
Device \Driver\usbuhci \Device\USBPDO-6 86DA71F8
Device \Driver\usbehci \Device\USBPDO-7 86DF21F8
Device \Driver\volmgr \Device\HarddiskVolume1 86A271F8
Device \Driver\volmgr \Device\HarddiskVolume2 86A271F8
Device \Driver\cdrom \Device\CdRom0 86DF31F8
Device \Driver\volmgr \Device\HarddiskVolume3 86A271F8
Device \Driver\cdrom \Device\CdRom1 86DF31F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86A291F8
Device \Driver\atapi \Device\Ide\IdePort0 86A291F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 86A291F8
Device \Driver\atapi \Device\Ide\IdePort1 86A291F8
Device \Driver\atapi \Device\Ide\IdePort2 86A291F8
Device \Driver\atapi \Device\Ide\IdePort3 86A291F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 86A291F8
Device \Driver\volmgr \Device\HarddiskVolume4 86A271F8
Device \Driver\volmgr \Device\HarddiskVolume5 86A271F8
Device \Driver\volmgr \Device\HarddiskVolume6 86A271F8
Device \Driver\volmgr \Device\HarddiskVolume7 86A271F8
Device \Driver\netbt \Device\NetBt_Wins_Export 874941F8
Device \Driver\USBSTOR \Device\00000078 874FE1F8
Device \Driver\Smb \Device\NetbiosSmb 874A7500
Device \Driver\USBSTOR \Device\00000079 874FE1F8
Device \Driver\iScsiPrt \Device\RaidPort0 86EE61F8

AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 86DA71F8
Device \Driver\USBSTOR \Device\0000007a 874FE1F8
Device \Driver\usbuhci \Device\USBFDO-1 86DA71F8
Device \Driver\USBSTOR \Device\0000007b 874FE1F8
Device \Driver\usbuhci \Device\USBFDO-2 86DA71F8
Device \Driver\USBSTOR \Device\0000007c 874FE1F8
Device \Driver\usbehci \Device\USBFDO-3 86DF21F8
Device \Driver\usbuhci \Device\USBFDO-4 86DA71F8
Device \Driver\usbuhci \Device\USBFDO-5 86DA71F8
Device \Driver\usbuhci \Device\USBFDO-6 86DA71F8
Device \Driver\usbehci \Device\USBFDO-7 86DF21F8
Device \FileSystem\fastfat \Fat AB31F1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 879631F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0xDB 0xD4 0xE4 ...
Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5F 0xDB 0xD4 0xE4 ...

---- EOF - GMER 1.0.15 ----

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

hello

just a quick query i wanted to know if the combo fix is supposed to take its time because at the moment its been running on the shutting down screen for 2 hours HELP PLEASE

thanks

Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to blackpudding.bat


Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.

Hello.

you didnt understandme what I meant by the comments was that the combofix programme was very time consuming and that it had completed 50 stages and it was supposed to restart where it was kind of stuck at the shutting down screen but anyway its past that now, the log is pasted below BUT there is a issue every time I click internet explorer or any other software and even conrol panel it comes up with the error message with "Illegal operation attempted on a registry key that has been marked for deletion". I am yet to restart my computer myself after running the combofix programme.

Thanks




ComboFix - Hussains 18/02/2010 19:35:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1026 [GMT 0:00]
Running from: c:\users\Hussains\Desktop\COMBOFIX.EXE
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2072669260-3456327829-1688835100-1002
c:\$recycle.bin\S-1-5-21-2072669260-3456327829-1688835100-1003
c:\$recycle.bin\S-1-5-21-2072669260-3456327829-1688835100-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Hussains\AppData\Roaming\inst.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-18 19:47 . 2010-02-18 22:08 -------- d-----w- c:\users\Hussains\AppData\Local\temp
2010-02-18 19:47 . 2010-02-18 19:47 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-02-18 19:47 . 2010-02-18 19:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-02-18 19:47 . 2010-02-18 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-18 18:42 . 2010-02-18 18:42 -------- d-----w- c:\program files\Trend Micro
2010-02-18 18:40 . 2010-02-18 18:52 -------- d-----w- c:\program files\SpywareGuard
2010-02-18 18:28 . 2010-02-18 18:28 -------- d-----w- c:\program files\CleanUp!
2010-02-18 18:17 . 2009-11-15 22:48 17408 ----a-w- c:\windows\system32\drivers\DiagnosticScan.SYS
2010-02-18 18:17 . 2009-10-19 10:21 5120 ----a-w- c:\windows\system32\drivers\Start1Driver.SYS
2010-02-18 18:17 . 2010-02-18 19:18 -------- d-----w- c:\program files\AA
2010-02-18 15:39 . 2010-02-18 15:58 2560 ----a-w- c:\windows\system32\drivers\MCHINJDRV.SYS
2010-02-18 00:12 . 2010-02-18 02:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-18 00:12 . 2010-02-18 01:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-17 23:16 . 2010-02-17 23:16 -------- d-----w- c:\program files\CCleaner
2010-02-17 00:21 . 2010-02-17 00:21 -------- d-----w- c:\windows\Sun
2010-02-16 22:20 . 2010-02-16 22:20 -------- d-----w- c:\users\Hussains\DoctorWeb
2010-02-16 21:52 . 2010-02-18 17:29 -------- d-----w- C:\$AVG
2010-02-16 21:52 . 2010-02-16 21:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-16 21:52 . 2010-02-16 21:52 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-02-16 21:52 . 2010-02-16 21:52 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-16 21:52 . 2010-02-16 21:52 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-16 21:51 . 2010-02-16 21:51 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-16 21:51 . 2010-02-16 21:51 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-16 21:51 . 2010-02-18 03:18 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-16 21:44 . 2010-02-16 21:44 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-02-16 21:44 . 2010-02-16 21:44 -------- d-----w- c:\programdata\avg9
2010-02-16 21:40 . 2010-02-16 21:44 -------- d-----w- c:\program files\AVG
2010-02-16 21:01 . 2010-02-18 03:30 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-28 20:21 . 2010-01-28 20:21 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2010-01-28 16:34 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-28 16:34 . 2010-01-28 16:34 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-28 16:26 . 2010-01-28 16:26 -------- d-----w- c:\programdata\OviInstallerCache
2010-01-28 16:04 . 2010-01-28 16:04 -------- d-----w- c:\program files\Common Files\Java
2010-01-21 16:12 . 2010-01-21 16:12 552 ----a-w- c:\users\Hussains\AppData\Local\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 22:05 . 2009-06-26 17:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-18 17:58 . 2008-02-24 18:43 1356 ----a-w- c:\users\Hussains\AppData\Local\d3d9caps.dat
2010-02-18 03:59 . 2009-12-16 16:30 -------- d-----w- c:\users\Hussains\AppData\Roaming\vlc
2010-02-17 23:35 . 2009-05-22 19:50 -------- d-----w- c:\program files\ExpressVids
2010-02-17 14:25 . 2009-12-31 00:53 -------- d-----w- c:\program files\Yahoo!
2010-02-17 14:25 . 2009-12-31 00:54 -------- d-----w- c:\programdata\Yahoo!
2010-02-17 04:14 . 2009-05-24 16:25 -------- d--h--w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2010-02-17 04:14 . 2009-05-24 16:21 -------- d--h--w- c:\programdata\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2010-02-17 04:14 . 2009-05-24 16:01 -------- d--h--w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2010-02-16 19:03 . 2009-05-24 16:01 -------- dc-h--w- c:\programdata\~4
2010-02-16 19:03 . 2009-05-24 15:33 -------- d-----w- c:\program files\Uniblue
2010-02-16 19:03 . 2009-05-24 16:21 -------- dc-h--w- c:\programdata\~3
2010-02-16 19:02 . 2009-05-24 16:27 -------- d-----w- c:\programdata\DriverScanner
2010-02-16 19:02 . 2009-05-24 16:25 -------- dc-h--w- c:\programdata\~2
2010-02-16 19:02 . 2008-09-09 16:50 -------- d-----w- c:\users\Hussains\AppData\Roaming\Uniblue
2010-02-15 13:16 . 2009-10-03 20:37 -------- d-----w- c:\users\Hussains\AppData\Roaming\U3
2010-02-14 17:15 . 2008-02-09 21:03 -------- d-----w- c:\users\Hussains\AppData\Roaming\uTorrent
2010-02-11 20:57 . 2009-02-17 16:22 -------- d-----w- c:\users\Hussains\AppData\Roaming\Zoom Player
2010-02-10 16:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 13:39 . 2007-08-29 12:41 -------- d-----w- c:\programdata\Microsoft Help
2010-02-01 07:41 . 2008-10-25 16:25 -------- d-----w- c:\program files\uTorrent
2010-01-28 16:36 . 2008-02-11 19:24 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-28 16:35 . 2008-02-11 19:18 -------- d-----w- c:\program files\Nokia
2010-01-28 16:03 . 2008-01-27 17:32 -------- d-----w- c:\program files\Java
2010-01-21 21:59 . 2007-08-23 15:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 19:51 . 2007-08-29 21:00 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-21 19:48 . 2007-08-29 20:16 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-21 19:18 . 2007-08-23 15:49 -------- d-----w- c:\programdata\Roxio
2010-01-20 19:00 . 2008-03-26 16:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 11:12 . 2009-10-02 17:29 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 16:20 . 2010-01-10 20:54 -------- d-----w- c:\programdata\boost_interprocess
2010-01-10 20:55 . 2010-01-10 20:54 -------- d-----w- c:\users\Hussains\AppData\Roaming\Multi File Downloader
2010-01-08 03:07 . 2008-02-11 19:20 -------- d-----w- c:\users\Hussains\AppData\Roaming\Nokia
2010-01-08 03:01 . 2010-01-08 03:01 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-08 02:54 . 2009-04-08 15:19 -------- d-----w- c:\programdata\Installations
2010-01-04 00:12 . 2007-08-29 10:46 117192 ----a-w- c:\users\Hussains\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-04 00:04 . 2007-08-23 15:57 -------- d-----w- c:\program files\Microsoft Works
2010-01-02 06:38 . 2010-01-22 16:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 16:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 16:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 16:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 00:57 . 2008-12-10 17:27 -------- d-----w- c:\users\Hussains\AppData\Roaming\Yahoo!
2009-12-17 17:14 . 2008-10-25 19:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-11 11:43 . 2010-02-10 13:21 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 13:21 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 13:21 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 13:21 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 13:21 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 13:21 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 13:21 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 13:21 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 13:21 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 13:21 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 13:21 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 13:21 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 13:21 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 13:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 13:21 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 13:21 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 13:21 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 22:50 . 2007-09-21 20:39 117192 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-30 11:52 . 2006-07-11 17:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2007-08-23 23:24 . 2007-08-23 23:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-27 1830128]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" [2009-09-25 113168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 16:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 18:16 2331936 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3d,dc,ef,97,d9,df,c9,01

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSvx.sys [16/02/2010 21:52 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [16/02/2010 21:52 161800]
R0 DiagnosticScan;DiagnosticScan;c:\windows\System32\drivers\DiagnosticScan.SYS [18/02/2010 18:17 17408]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [16/02/2010 21:44 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [16/02/2010 21:51 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [16/02/2010 21:52 360584]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [11/01/2010 18:05 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/01/2010 18:05 345832]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 09:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 09:05 72944]
R1 Start1Driver;Start1Driver;c:\windows\System32\drivers\Start1Driver.SYS [18/02/2010 18:17 5120]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [05/12/2007 06:17 77824]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16/02/2010 21:49 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [16/02/2010 21:50 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [16/02/2010 21:48 5832712]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [08/09/2008 17:45 93320]
R2 nmsunidr;UniDriver for NMS;c:\windows\System32\drivers\nmsunidr.sys [18/02/2007 19:34 5376]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/01/2010 18:05 972008]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18/02/2010 00:12 1153368]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [16/02/2010 21:49 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [16/02/2010 21:49 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [16/02/2010 21:48 27800]
R3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [23/08/2007 15:54 5504]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [06/04/2007 13:08 36312]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [14/08/2008 00:25 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [14/08/2008 00:24 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [14/08/2008 00:24 170480]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 BPAO;BPAO;c:\users\Hussains\AppData\Local\Temp\BPAO.exe --> c:\users\Hussains\AppData\Local\Temp\BPAO.exe [?]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [06/04/2007 13:08 39896]
S3 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [12/02/2007 09:46 208896]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [05/10/2009 19:15 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 NMSCore;Intel(R) NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [06/04/2007 13:07 313816]
S3 QualityManager;Intel(R) Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe [06/04/2007 13:10 272856]
S3 RBFV;RBFV;c:\users\Hussains\AppData\Local\Temp\RBFV.exe --> c:\users\Hussains\AppData\Local\Temp\RBFV.exe [?]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [14/08/2008 00:25 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [14/08/2008 00:23 1124848]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 09:05 7408]
S3 WNGWEVFJ;WNGWEVFJ;c:\users\Hussains\AppData\Local\Temp\WNGWEVFJ.exe --> c:\users\Hussains\AppData\Local\Temp\WNGWEVFJ.exe [?]
S3 XTLUTZSHDTGFWL;XTLUTZSHDTGFWL;c:\users\Hussains\AppData\Local\Temp\XTLUTZSHDTGFWL.exe --> c:\users\Hussains\AppData\Local\Temp\XTLUTZSHDTGFWL.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-10-15 11:22]

2010-02-18 c:\windows\Tasks\User_Feed_Synchronization-{F6BA0F74-53E3-453D-B482-36B19CBCE83A}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Hussains\AppData\Roaming\Mozilla\Firefox\Profiles\eyqfb1f3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 22:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86A1E1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x84baad24
\Driver\ACPI -> acpi.sys @ 0x805bcd68
\Driver\atapi -> 0x86a1e1f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6644)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\Taskmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
.
**************************************************************************
.
Completion time: 2010-02-18 22:19:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-18 22:19

Pre-Run: 129,868,914,688 bytes free
Post-Run: 129,384,226,816 bytes free

- - End Of File - - 03720C8D4BAA4813BE0D116443AC73E1

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Should i run the malwarebytes.. in safe mode ?; because im running it on the normal mode and should I have the internet connected? because I am using that computer to get help from you guys ( helpmyos)

Also just to inform you I downloaded Spybot - search and destroy from the original site it found load of problems which were mostly removed it detected things like keylogger and other stuff ( i ran it on the safe mode with internet connection); is my system still infected or has keylogger or anything else really bad; will apreciate an answer.

please reply it may be vital

Thanks

Go ahead and try in Safe Mode and see what happens...

im running it on the normal mode and it detected 27 objects so should still run it on safe mode and ive got my internet connection does that matter sorry for being abit of a pest

Go ahead and run a Full scan in Normal Mode and post a log, please.

ok once it is done I will post the log


Thanks

Alrighty.

This is the log that it produced
should i remove the detected files/objects ?

Thank you


Malwarebytes' Anti-Malware 1.44
Database version: 3759
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

19/02/2010 02:51:16
mbam-log-2010-02-19 (02-51-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 358612
Time elapsed: 2 hour(s), 43 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f5e2da4-b0d9-1715-429d-5b5dce6535af} (Rogue.AntiVirus.Gold) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.AntiVirus2008) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ExpressVids (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adware away v3.1.5_is1 (Rogue.AdwareAway) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=222&q={searchTerms}) Good: (http://www.Google.com/) -> No action taken.

Folders Infected:
C:\Program Files\ExpressVids (Trojan.DNSChanger) -> No action taken.
C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExpressVids (Trojan.DNSChanger) -> No action taken.
C:\ProgramData\WSDDSys (Rogue.WindowsSystemDefender) -> No action taken.
C:\Users\Hussains\AppData\Roaming\Windows System Defender (Rogue.WindowsSystemDefender) -> No action taken.

Files Infected:
C:\Users\Hussains\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExpressVids\Uninstall.lnk (Trojan.DNSChanger) -> No action taken.
C:\ProgramData\WSDDSys\wsd.cfg (Rogue.WindowsSystemDefender) -> No action taken.
C:\Users\Hussains\AppData\Roaming\Windows System Defender\cookies.sqlite (Rogue.WindowsSystemDefender) -> No action taken.
C:\Users\Hussains\AppData\Roaming\Windows System Defender\Instructions.ini (Rogue.WindowsSystemDefender) -> No action taken.
C:\Users\Hussains\Desktop\Adware Away.lnk (Rogue.AdwareAway) -> No action taken.