aidanj

I cannot run my computer in normal mode as a blue screen comes up on startup and the computer restarts.
I run it in safe mode and I have scanned mcafee for virus's and It detects the ntoskrnl-hook file and it says that it removes it but everytime i scan again the same file is there.

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Aidan at 22:03:29.01 on 20/04/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.44.1033.18.2047.1527 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\Aidan\Desktop\RootRepeal.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aidan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGGS831Z\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://home.myspace.com/index.cfm?fuseaction=user
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://en.uk.acer.yahoo.com
mDefault_Page_URL = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.911.3380\GoogleToolbarNotifier.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
uRun: [ManyCam] "c:\program files\manycam 2.3\ManyCam.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [WeatherDPA] "c:\program files\zango\bin\10.3.79.0\Weather.exe" -auto
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [eRecoveryService]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdminWorks Tray] "c:\acer\lanscope agent\awtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\ASETRES.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{1c94c999-15d2-4c75-9a73-bcc8a677d42e}\IcoUltraMon.ico
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 85.255.112.171,85.255.112.109
TCP: {5E86C23B-BFE9-4F35-ADF4-72D402B35AAC} = 85.255.112.171,85.255.112.109
TCP: {98D518DE-DBBD-4799-9B2D-1598CF9EE94B} = 85.255.112.171,85.255.112.109
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

S1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2007-8-24 26768]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
S2 eProtection;eProtection Service;c:\program files\acer\eprotection\service\eProtectionServ.exe [2002-4-11 24576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-1 210216]
S2 netlimiter;netlimiter;c:\windows\system32\drivers\NetLimiter.sys [2006-10-3 18072]
S2 netlock;netlock;c:\windows\system32\drivers\NetLock.sys [2007-5-30 14616]
S2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2009-2-15 15640]
S2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-11-8 10944]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S3 AgentPresenceSnmpService;vProSnmpService;c:\program files\acer\lanscope\vProSNMPService.exe [2007-5-22 64280]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 RDID1061;EDIROL UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [2009-4-18 140672]
S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);c:\windows\system32\drivers\O4501U.sys [2008-11-1 408064]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2008-1-21 19968]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2002-4-11 123424]

=============== Created Last 30 ================

2009-04-20 21:55 <DIR> --d----- C:\ComboFix
2009-04-20 21:52 318,976 a------- c:\windows\system32\CF12201.exe
2009-04-20 21:45 318,976 a------- c:\windows\system32\CF10908.exe
2009-04-20 21:45 318,976 a------- c:\windows\system32\CF10744.exe
2009-04-20 21:44 318,976 a------- c:\windows\system32\CF10604.exe
2009-04-19 01:01 <DIR> --d----- c:\program files\QuickyPlaeyr
2009-04-19 00:51 <DIR> --d----- c:\programdata\ZangoSA
2009-04-19 00:51 <DIR> --d----- c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2009-04-19 00:51 <DIR> --d----- c:\progra~2\ZangoSA
2009-04-19 00:51 <DIR> --d----- c:\progra~2\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2009-04-19 00:51 <DIR> --d----- c:\users\aidan\appdata\roaming\WeatherDPA
2009-04-19 00:51 <DIR> --d----- c:\users\aidan\appdata\roaming\Zango
2009-04-18 16:41 421,346 a------- c:\users\aidan\Lame_v3.98.2_for_Audacity_on_Windows.exe
2009-04-18 16:38 <DIR> --d----- c:\program files\Lame for Audacity
2009-04-18 14:49 270,336 a------- c:\windows\system32\RDDP1061.DAT
2009-04-18 14:49 140,672 a------- c:\windows\system32\drivers\Rdwm1061.sys
2009-04-18 14:49 102,400 a------- c:\windows\system32\rdas1061.dll
2009-04-18 14:49 61,440 a------- c:\windows\system32\RDCP1061.CPL
2009-04-18 14:49 12,800 a------- c:\windows\system32\RdCi1061.dll
2009-04-18 14:49 4,088 a------- c:\windows\system32\RD3T1061.DAT
2009-04-18 14:40 <DIR> --d----- c:\program files\Audacity
2009-04-18 14:19 <DIR> --d----- c:\program files\MIKSOFT
2009-04-17 17:19 <DIR> --d----- c:\program files\Pure Motion
2009-04-17 17:19 <DIR> --d----- c:\program files\Sonic Foundry
2009-04-17 17:19 <DIR> --d----- c:\program files\DebugMode
2009-04-17 15:36 1,120 a------- c:\windows\system32\E_ADDNET.DAT
2009-04-17 15:35 135,168 a------- c:\windows\system32\EEBAPI.dll
2009-04-17 15:35 110,592 a------- c:\windows\system32\EEBDSCVR.dll
2009-04-17 15:35 77,824 a------- c:\windows\system32\EBAPI.dll
2009-04-17 15:35 65,536 a------- c:\windows\system32\EEBUtil.dll
2009-04-17 15:35 55,808 a------- c:\windows\system32\EEBSDKIF.dll
2009-04-17 15:35 <DIR> --d----- c:\program files\common files\EPSON
2009-04-17 15:35 474,892 a------- c:\windows\system32\ensppmon.dll
2009-04-17 15:35 474,892 a------- c:\windows\system32\enppmon.dll
2009-04-17 15:35 457,099 a------- c:\windows\system32\ensppui.dll
2009-04-17 15:35 457,099 a------- c:\windows\system32\enppui.dll
2009-04-17 15:35 249,344 a------- c:\windows\system32\enspres.dll
2009-04-17 15:35 249,344 a------- c:\windows\system32\enpres.dll
2009-04-17 15:35 <DIR> --d----- c:\program files\EpsonNet
2009-04-17 15:20 <DIR> --d----- c:\programdata\UDL
2009-04-17 15:20 <DIR> --d----- c:\progra~2\UDL
2009-04-17 15:16 <DIR> --d----- c:\program files\Epson Software
2009-04-17 15:15 <DIR> --d----- c:\program files\ABBYY FineReader 6.0 Sprint
2009-04-17 14:47 8,192 a------- c:\windows\system32\E_DCINST.DLL
2009-04-17 14:47 86,528 a------- c:\windows\system32\E_FLBEKE.DLL
2009-04-17 14:47 78,848 a------- c:\windows\system32\E_FD4BEKE.DLL
2009-04-17 14:47 <DIR> --d----- c:\programdata\EPSON
2009-04-17 14:47 <DIR> --d----- c:\progra~2\EPSON
2009-04-17 14:46 <DIR> --d----- c:\windows\LastGood.Tmp
2009-04-17 14:46 71,680 a------- c:\windows\system32\escwiad.dll
2009-04-17 14:46 9,216 a------- c:\windows\system32\escdev.dll
2009-04-17 14:46 <DIR> --d----- c:\program files\epson
2009-04-16 11:56 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-04-14 03:19 41,808 a------- c:\windows\system32\xfcodec.dll
2009-04-07 09:47 <DIR> --d----- C:\NVIDIA
2009-04-06 10:09 <DIR> --d----- c:\users\aidan\appdata\roaming\Realtime Soft
2009-04-06 10:09 <DIR> --d----- c:\programdata\Realtime Soft
2009-04-06 10:09 <DIR> --d----- c:\program files\UltraMon
2009-04-06 10:09 <DIR> --d----- c:\program files\common files\Realtime Soft
2009-04-06 10:09 <DIR> --d----- c:\progra~2\Realtime Soft
2009-04-04 19:38 <DIR> --d----- c:\program files\Perfect World Entertainment
2009-04-04 19:38 258,352 a------- c:\windows\system32\unicows.dll
2009-04-04 18:17 <DIR> --d----- c:\programdata\PMB Files
2009-04-04 18:17 <DIR> --d----- c:\progra~2\PMB Files
2009-04-04 18:17 204 a------- C:\Plugins
2009-04-04 18:17 <DIR> --d----- c:\program files\Pando Networks
2009-04-01 19:00 12,927 a------- c:\windows\system32\Config.MPF
2009-04-01 17:36 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-01 17:36 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-01 17:36 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-01 17:36 130,424 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-01 17:35 <DIR> --d----- c:\program files\common files\McAfee
2009-04-01 17:35 <DIR> --d----- c:\program files\McAfee.com
2009-04-01 17:35 <DIR> --d----- c:\program files\McAfee
2009-04-01 17:31 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-01 16:53 <DIR> --d----- c:\users\aidan\appdata\roaming\SiteAdvisor
2009-03-31 21:27 <DIR> --d----- c:\users\aidan\__MACOSX
2009-03-31 18:43 <DIR> --d----- c:\program files\Essentials Codec Pack
2009-03-31 18:38 <DIR> --d----- C:\YouTubeDownload
2009-03-31 18:38 <DIR> --d----- C:\ConverterOutput
2009-03-31 18:38 372,736 a------- c:\windows\system32\xvid.ax
2009-03-31 18:38 98,304 a------- c:\windows\system32\L3CODECX.AX
2009-03-31 18:38 <DIR> --d----- c:\program files\Cucusoft
2009-03-29 20:37 1,700,352 a------- c:\windows\system32\gdiplus.dll
2009-03-29 20:37 719,872 a------- c:\windows\system32\devil.dll
2009-03-29 20:37 351,744 a------- c:\windows\system32\avisynth.dll
2009-03-29 20:37 <DIR> --d----- c:\program files\common files\Common Share
2009-03-29 20:32 <DIR> --d----- c:\programdata\CyberLink
2009-03-25 21:42 <DIR> --d----- c:\program files\Ask Search Assistant
2009-03-25 19:10 <DIR> --d----- c:\users\aidan\appdata\roaming\Malwarebytes
2009-03-25 19:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-25 19:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 19:10 <DIR> --d----- c:\programdata\Malwarebytes
2009-03-25 19:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 19:10 <DIR> --d----- c:\progra~2\Malwarebytes
2009-03-22 15:34 <DIR> --d----- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2009-04-18 23:15 138,920 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-18 23:15 189,072 a------- c:\windows\system32\PnkBstrB.exe
2009-04-18 14:51 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-18 14:51 51,200 a------- c:\windows\inf\infpub.dat
2009-04-18 14:51 86,016 a------- c:\windows\inf\infstor.dat
2009-03-27 08:14 453,152 a------- c:\windows\system32\nvuninst.exe
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-17 04:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 04:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 04:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-03 05:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 05:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 05:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 05:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 05:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 05:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 05:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 05:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 05:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 05:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 04:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 03:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 03:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-27 22:44 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-02-13 09:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-09 04:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-05 17:00 31 a------- c:\users\aidan\jagex_runescape_preferences.dat
2008-12-02 20:27 56 a---h--- c:\programdata\ezsidmv.dat
2008-12-02 20:27 56 a---h--- c:\progra~2\ezsidmv.dat
2008-11-10 18:12 22,328 a------- c:\users\aidan\appdata\roaming\PnkBstrK.sys
2008-10-29 20:11 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:03:46.57 ===============

Attached Files

Attach.zip (4.3 KB, 2 views)

Ried

Hello aidanj,

I see you've tried to run ComboFix. As noted in the ComboFix Disclaimer, this tool should not be run without proper guidance. Also, as noted in our pre-posting topic:
That being said, let's get this rootkit off your system. The success is totally dependent upon you properly disabling McAfee. Go into the Control Center and turn off every category you see listed there. There are several sections. Pay particular attention to finding 'when to restart the protection' - select 'Never' for now. You can re-enable it all when we're through.

If you can't figure out how to completely disable it, uninstall it and we'll reinstall it later.

Once you've properly disabled, or uninstalled McAfee, rename ComboFix.exe to aidanj.exe. Double click it to run it and post the C:\ComboFix.txt for further review.