rockett1001

MY COMPUTER WILL ONLY BOOT UP ON SAFE MODE. MCAFEE WILL DETECT THE TROJAN BUT KEEPS COMING BACK

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 22/07/2008 14:40:51
System Uptime: 20/04/2009 21:03:45 (2 hours ago)

Motherboard: Packard Bell BV | | MCP73VT-PM
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2400/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 454 GiB total, 219.634 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0005
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #6
PNP Device ID: ROOT\*ISATAP\0005
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #7
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel

==== System Restore Points ===================

RP300: 11/03/2009 20:40:31 - Installed Java(TM) 6 Update 12
RP301: 11/03/2009 20:55:09 - Windows Update
RP302: 12/03/2009 12:09:06 - Scheduled Checkpoint
RP303: 13/03/2009 10:01:06 - Scheduled Checkpoint
RP304: 15/03/2009 22:42:21 - Windows Update
RP305: 16/03/2009 12:49:02 - Scheduled Checkpoint
RP306: 19/03/2009 23:33:51 - Scheduled Checkpoint
RP307: 21/03/2009 13:40:18 - Scheduled Checkpoint
RP308: 24/03/2009 14:02:44 - Scheduled Checkpoint
RP309: 24/03/2009 22:25:27 - Windows Update
RP310: 25/03/2009 21:05:53 - Installed HoldemHelpem Calculator
RP311: 26/03/2009 13:15:56 - Scheduled Checkpoint
RP312: 26/03/2009 22:00:30 - Windows Update
RP313: 29/03/2009 15:50:56 - Scheduled Checkpoint
RP314: 04/04/2009 16:27:18 - Scheduled Checkpoint
RP315: 06/04/2009 12:24:45 - Scheduled Checkpoint
RP316: 09/04/2009 11:56:59 - Scheduled Checkpoint
RP317: 09/04/2009 19:47:32 - Installed Java(TM) 6 Update 13
RP318: 10/04/2009 14:43:49 - Scheduled Checkpoint
RP319: 13/04/2009 11:36:54 - Scheduled Checkpoint
RP320: 17/04/2009 19:57:02 - Scheduled Checkpoint
RP321: 17/04/2009 20:11:58 - Windows Update
RP322: 18/04/2009 02:28:11 - Restore Operation

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
4oD
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Reader 8.1.0
Adobe Reader 8.1.3
Adobe Shockwave Player 11
Apple Mobile Device Support
Apple Software Update
µTorrent
Bonjour
British Telecom
Browser Address Error Redirector
BT Yahoo! Applications
Carbonite
Compatibility Pack for the 2007 Office system
DVD Shrink 3.2
EASEUS Data Recovery Wizard Professional 4.3.6
EasyBits Magic Desktop
Firefox
Google BAE
Google Desktop
Google Earth
Google Photos Screensaver
Google Updater
GoogleToolbar
HoldemHelpem Calculator
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HouseCall 6.6
Infocentre Rev. 2.0
Internet From BT
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
L&H TTS3000 British English
Ladbrokes Poker
LiveUpdate Notice (Symantec Corporation)
Lotto Buster 2010 Version 4.3.6
McAfee SecurityCenter
Metaboli
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 9 SE
Microsoft XML Parser
Microsoft® Office Trial 2007
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 8 Essentials
neroxml
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
NVIDIA Drivers
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updator
Picasa 2
Picasa2
PokerStove version 1.23
Protect your files now
QuickTime
ReadPlease 2003/ReadPlease PLUS 2003
Realtek HD Audio V6.0.1.5559
Realtek High Definition Audio Driver
Recover My Files
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Screensavers Installer Version 3
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
SetUp My PC
Tournament Indicator 1.0.4
TVUPlayer 2.3.7.1
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
VCRedistSetup
Video NVIDIA V163.96
WClient
WCtrl
WinPcap 4.0.2
WinZip 11.1

==== Event Viewer Messages From Past Week ========

20/04/2009 21:05:01, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Partizan spldr StarOpen Wanarpv6
20/04/2009 17:55:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk Partizan spldr StarOpen Wanarpv6
18/04/2009 02:36:27, Error: EventLog [6008] - The previous system shutdown at 02:34:38 on 18/04/2009 was unexpected.
18/04/2009 02:21:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
18/04/2009 02:08:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk MPFP NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr StarOpen Tcpip tdx Wanarpv6
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/04/2009 02:08:35, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
18/04/2009 01:03:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
18/04/2009 01:03:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
18/04/2009 01:01:58, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk spldr StarOpen Wanarpv6
18/04/2009 01:01:58, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
18/04/2009 01:01:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
18/04/2009 01:01:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
18/04/2009 00:57:40, Error: EventLog [6008] - The previous system shutdown at 00:56:09 on 18/04/2009 was unexpected.
17/04/2009 20:12:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
17/04/2009 20:12:55, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
17/04/2009 20:12:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/04/2009 02:41:27, Error: EventLog [6008] - The previous system shutdown at 02:39:29 on 13/04/2009 was unexpected.
13/04/2009 02:20:35, Error: EventLog [6008] - The previous system shutdown at 02:18:42 on 13/04/2009 was unexpected.
13/04/2009 02:18:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/04/2009 02:18:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
13/04/2009 02:18:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
13/04/2009 02:18:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
13/04/2009 02:18:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
13/04/2009 02:18:42, Error: EventLog [6008] - The previous system shutdown at 02:17:20 on 13/04/2009 was unexpected.
13/04/2009 01:31:07, Error: Service Control Manager [7023] - The KService service terminated with the following error: Unspecified error
13/04/2009 01:29:27, Error: EventLog [6008] - The previous system shutdown at 01:25:40 on 13/04/2009 was unexpected.
13/04/2009 01:25:40, Error: EventLog [6008] - The previous system shutdown at 01:24:25 on 13/04/2009 was unexpected.

==== End Of File ===========================
DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by chris at 23:14:30.18 on 20/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2815.1995 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\REGEDIT.EXE
C:\Windows\REGEDIT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\chris.chris-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81DQ1ONR\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://go.packardbell.com/?id=9067
uDefault_Page_URL = hxxp://go.packardbell.com/?id=9067
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\ezShellStart.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\google\google_bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\chris~1.chr\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t\wlan111t.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://144.26.58.59/kxhcm10.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://vs1-73418.highspeedoffice.net/activex/AxisCamControl.ocx
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.178,85.255.112.99
TCP: {799C0504-EBD7-4025-8CA0-D24A3CC1BF24} = 85.255.112.178,85.255.112.99
TCP: {CEF22028-4AE6-44A3-8F9C-C54093F42D6E} = 85.255.112.178,85.255.112.99
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL

============= SERVICES / DRIVERS ===============
.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-20 23:17:19
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code 86262750 ZwEnumerateKey
Code 86262718 ZwFlushInstructionCache
Code 86262EC5 IofCallDriver
Code 86262DA6 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcuqcyqmpbmvjcismdvyqbxjekywppirsp.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2512] 0x10000000

---- EOF - GMER 1.0.15 ----

Attached Files

ART.zip (8.7 KB, 2 views)

Blade81

Hi rockett1001

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.