links are being redirected

**chopperfritzz** · 13-11-2010

Search engine results are being redirect as well as links from other sites. Even on this site my computer randomly opens a new explorer window and takes me to some advertisment. I restored my computer to factory settings twice, once from the recovery partition and once from my set of recovery discs and yet the problem persists...??? I followed the presteps you have listed and have the logs, no antimalware or antivirus has found anything but I think the virus is not allowing malewarebytes to update...it keeps giving me an update error message. Here are my logs in the order you have listed....thank you.

Malware bytes:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/12/2010 1:44:57 PM
mbam-log-2010-11-12 (13-44-57).txt

Scan type: Quick scan
Objects scanned: 123878
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-12 16:05:23
Windows 5.1.2600 Service Pack 3
Running: mdn8elrf.exe; Driver: C:\DOCUME~1\Jason\LOCALS~1\Temp\pwriqpoc.sys

---- System - GMER 1.0.15 ----

SSDT 89B3FC50 ZwAlertResumeThread
SSDT 89587290 ZwAlertThread
SSDT 896EDD58 ZwAllocateVirtualMemory
SSDT 89867B58 ZwAssignProcessToJobObject
SSDT 87ACB620 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xECA35210]
SSDT 89704268 ZwCreateMutant
SSDT 89797370 ZwCreateSymbolicLinkObject
SSDT 89B08320 ZwCreateThread
SSDT 89559050 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xECA35490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xECA359F0]
SSDT 896F06E0 ZwDuplicateObject
SSDT 896ECC88 ZwFreeVirtualMemory
SSDT 89791050 ZwImpersonateAnonymousToken
SSDT 8950B298 ZwImpersonateThread
SSDT 89A5C268 ZwLoadDriver
SSDT 89B7D838 ZwMapViewOfSection
SSDT 89BAA050 ZwOpenEvent
SSDT 896F09B8 ZwOpenProcess
SSDT 89B76E78 ZwOpenProcessToken
SSDT 8970A238 ZwOpenSection
SSDT 896F0870 ZwOpenThread
SSDT 896852A8 ZwProtectVirtualMemory
SSDT 8954F308 ZwResumeThread
SSDT 89863480 ZwSetContextThread
SSDT 896EC8A8 ZwSetInformationProcess
SSDT 89792050 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xECA35C40]
SSDT 895FA228 ZwSuspendProcess
SSDT 89B36E08 ZwSuspendThread
SSDT 89B76E18 ZwTerminateProcess
SSDT 8965F0B0 ZwTerminateThread
SSDT 89864610 ZwUnmapViewOfSection
SSDT 896D93E0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF52C9360, 0x22698D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2568] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

MBR check:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 157):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF798D000 viaide.sys
0xF798F000 aliide.sys
0xF7329000 pcmcia.sys
0xF74B7000 MountMgr.sys
0xF730A000 ftdisk.sys
0xF7991000 dmload.sys
0xF72E4000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF72CC000 atapi.sys
0xF71F6000 iaStor.sys
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF71D6000 fltmgr.sys
0xF7180000 SYMDS.SYS
0xF716E000 sr.sys
0xF7141000 SYMEFA.SYS
0xF7717000 PxHelp20.sys
0xF712A000 KSecDD.sys
0xF709D000 Ntfs.sys
0xF7070000 NDIS.sys
0xF74F7000 Serial.sys
0xF7056000 Mup.sys
0xF7527000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF75F7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7943000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7947000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF52C9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF52B5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF528D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF4F15000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xF4ED8000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF7817000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF4EB4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF781F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF4EA0000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF7827000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF7607000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF4E54000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF7967000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF7617000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF782F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7627000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7837000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF4E1D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79A5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF783F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF671D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF670D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF66FD000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF4DFA000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7847000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7B5D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF66ED000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF796F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF4DE3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF66DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF66CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF784F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF4DD2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF66BD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7857000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF785F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF4DA2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF66AD000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79A7000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF4D44000 \SystemRoot\system32\DRIVERS\update.sys
0xF6358000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6354000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF669D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xECE14000 \SystemRoot\system32\drivers\CHDAud.sys
0xECDF0000 \SystemRoot\system32\drivers\portcls.sys
0xED294000 \SystemRoot\system32\drivers\drmk.sys
0xECDBC000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xECCCA000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xECC17000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xEF081000 \SystemRoot\System32\Drivers\Modem.SYS
0xED234000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF0750000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79F7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF2248000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F9000 \SystemRoot\System32\Drivers\Beep.SYS
0xF1580000 \SystemRoot\System32\drivers\vga.sys
0xF79FB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79FF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF1578000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF2861000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF074C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xECB1A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xECAC1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xECA6A000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMT DI.SYS
0xECA44000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xECA1F000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF22C8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF22B8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEC9C7000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\2 0101111.001\IDSxpx86.sys
0xEC99F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEC97D000 \SystemRoot\System32\drivers\afd.sys
0xF259F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7A0B000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0xEC95E000 \SystemRoot\system32\drivers\N360\0403000.005\Iron x86.SYS
0xEEF91000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF255F000 \SystemRoot\system32\drivers\N360\0403000.005\SRTS PX.SYS
0xEC933000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEC8C3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF254F000 \SystemRoot\System32\Drivers\Fips.SYS
0xEC865000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEC848000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEC7C9000 \SystemRoot\system32\drivers\N360\0403000.005\ccHP x86.sys
0xEC71D000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\ 20101104.001\BHDrvx86.sys
0xEC70A000 \SystemRoot\System32\Drivers\5U870CAP.sys
0xED214000 \SystemRoot\System32\Drivers\STREAM.SYS
0xEEF69000 \SystemRoot\System32\Drivers\USBCAMD.SYS
0xF793F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xEC6E6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF4D30000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEC610000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF4D18000 \SystemRoot\System32\drivers\Dxapi.sys
0xEEF51000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF5E0A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEE96A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB85E6000 \SystemRoot\system32\drivers\wdmaud.sys
0xED1C4000 \SystemRoot\system32\drivers\sysaudio.sys
0xF258F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7C63000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB7B32000 \SystemRoot\System32\Drivers\HTTP.sys
0xB7A8A000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7C37000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB79AB000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0xB7811000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0xB6FC2000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTS P.SYS
0xB6DD4000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs \20101112.002\NAVEX15.SYS
0xB6D20000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs \20101112.002\NAVENG.SYS
0xB46E7000 \??\C:\DOCUME~1\Jason\LOCALS~1\Temp\pwriqpoc.sys
0xB2C9D000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
872 C:\WINDOWS\system32\smss.exe
948 csrss.exe
980 C:\WINDOWS\system32\winlogon.exe
1024 C:\WINDOWS\system32\services.exe
1036 C:\WINDOWS\system32\lsass.exe
1212 C:\WINDOWS\system32\svchost.exe
1280 svchost.exe
1424 C:\WINDOWS\system32\svchost.exe
1560 svchost.exe
1620 svchost.exe
1964 C:\WINDOWS\system32\spoolsv.exe
388 C:\WINDOWS\explorer.exe
556 C:\WINDOWS\ehome\ehtray.exe
564 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
576 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
1084 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1240 C:\Program Files\HP\QuickPlay\QPService.exe
1220 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
1328 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1336 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1388 C:\Program Files\Windows Media Player\wmpnscfg.exe
1504 C:\WINDOWS\system32\ctfmon.exe
1688 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
1736 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
312 svchost.exe
420 msdtc.exe
644 C:\WINDOWS\ehome\ehrecvr.exe
656 C:\WINDOWS\ehome\ehSched.exe
724 C:\WINDOWS\system32\svchost.exe
788 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
892 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
1632 svchost.exe
2084 C:\WINDOWS\system32\svchost.exe
2220 mcrdsvc.exe
2388 C:\WINDOWS\system32\mqsvc.exe
2536 wmpnetwk.exe
2568 C:\WINDOWS\system32\searchindexer.exe
2948 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3228 wmiprvse.exe
3468 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
3548 C:\WINDOWS\system32\mqtgsvc.exe
4004 C:\WINDOWS\system32\dllhost.exe
2628 C:\WINDOWS\ehome\ehmsas.exe
3400 alg.exe
3692 C:\Program Files\Internet Explorer\iexplore.exe
1708 C:\Program Files\Internet Explorer\iexplore.exe
2004 C:\Program Files\Internet Explorer\iexplore.exe
2452 C:\WINDOWS\system32\searchprotocolhost.exe
3984 searchfilterhost.exe
3260 C:\Program Files\Internet Explorer\iexplore.exe
2156 C:\WINDOWS\system32\searchprotocolhost.exe
936 C:\Documents and Settings\Jason\My Documents\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`d2534000 (FAT32)

PhysicalDrive0 Model Number: ST9120821AS, Rev: 7.24
PhysicalDrive1 Model Number: ST9120821AS, Rev: 7.24

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F19F100B4DC860880BDC331CC9D56B1C13F605D5
111 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): -1

Done!

DDS:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/7/2010 4

14 PM
System Uptime: 11/12/2010 2:30:07 PM (2 hours ago)

Motherboard: Quanta | | 30BD
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U2E1 | 1663/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 99 GiB total, 77.757 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 111.708 GiB free.
E: is FIXED (FAT32) - 11 GiB total, 1.34 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 11/7/2010 4

18 PM - System Checkpoint
RP2: 11/7/2010 4:59:45 PM - Installed Vongo
RP3: 11/7/2010 5:10:31 PM - Installed HP Pavilion Webcam Demo
RP4: 11/7/2010 5:13:13 PM - Installed HP Help and Support
RP5: 11/7/2010 6:14:58 PM - Software Distribution Service 3.0
RP6: 11/7/2010 6:20:32 PM - Software Distribution Service 3.0
RP7: 11/7/2010 7:36:38 PM - Software Distribution Service 3.0
RP8: 11/7/2010 9:54:50 PM - Software Distribution Service 3.0
RP9: 11/7/2010 10:51:14 PM - Software Distribution Service 3.0
RP10: 11/7/2010 11:27:48 PM - Software Distribution Service 3.0
RP11: 11/8/2010 12:25:21 AM - Software Distribution Service 3.0
RP12: 11/8/2010 1:04:33 AM - Software Distribution Service 3.0
RP13: 11/8/2010 10:12:12 AM - Configured easy Internet sign-up
RP14: 11/8/2010 10:15:03 AM - Removed Microsoft Office Standard Edition 2003
RP15: 11/8/2010 10:18:05 AM - Removed Vongo
RP16: 11/9/2010 12:47:26 AM - Software Distribution Service 3.0
RP17: 11/10/2010 12:47:57 AM - System Checkpoint
RP18: 11/10/2010 3:00:14 AM - Software Distribution Service 3.0
RP19: 11/12/2010 1:16:35 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.5
AutoUpdate
BufferChm
CCleaner
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DivX
FullDPAppQFolder
GemMaster Mystic
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP Imaging Device Functions 6.0
HP Pavilion Webcam Demo
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Update
HP User Guides 0036
HP Wireless Assistant 2.00 G2
HpSdpAppCoreApp
InstantShareDevices
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
LightScribe 1.4.97.1
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
Netscape Browser (remove only)
NetWaiting
Norton Security Suite
NVIDIA Drivers
Office 2003 Trial Assistant
OptionalContentQFolder
Otto
PhotoGallery
Quicken 2006
RandMap
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SkinsHP1
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Synaptics Pointing Device Driver
TourSetup
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Vongo
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wireless Home Network Setup
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer

==== Event Viewer Messages From Past Week ========

11/8/2010 12:29:52 AM, error: HBtnKey [4] -
11/7/2010 9:23:22 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB975560).
11/12/2010 12:59:00 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
11/12/2010 12:59:00 PM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
11/11/2010 2:10:26 AM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

==== End Of File ===========================

DDS (Ver_10-11-10.01) - NTFSx86
Run by Jason at 16:11:30.21 on Fri 11/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1311 [GMT -8:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jason\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ado ber~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpp hot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\win dow~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005 \symds.sys [2010-11-8 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\040300 0.005\symefa.sys [2010-11-8 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\ 20101104.001\BHDrvx86.sys [2010-11-3 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000. 005\cchpx86.sys [2010-11-8 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.00 5\ironx86.sys [2010-11-8 116784]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-11-8 126392]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-6-6 61952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-11-8 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\2 0101111.001\IDSXpx86.sys [2010-10-19 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs \20101112.002\NAVENG.SYS [2010-11-12 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs \20101112.002\NAVEX15.SYS [2010-11-12 1371184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-12 21:36:59 -------- d-----w- c:\docume~1\jason\applic~1\Malwarebytes
2010-11-12 21:36:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-12 21:36:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-12 21:36:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-12 21:36:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-11 10:27:14 -------- d-----w- c:\program files\CCleaner
2010-11-11 10:11:23 -------- d-sha-r- C:\cmdcons
2010-11-11 10:09:53 98816 ----a-w- c:\windows\sed.exe
2010-11-11 10:09:53 89088 ----a-w- c:\windows\MBR.exe
2010-11-11 10:09:53 256512 ----a-w- c:\windows\PEV.exe
2010-11-11 10:09:53 161792 ----a-w- c:\windows\SWREG.exe
2010-11-11 09:39:46 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-11 09:39:45 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-11 09:37:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-11-11 04:22:09 -------- d-----w- c:\docume~1\jason\locals~1\applic~1\Adobe
2010-11-11 04:15:42 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-11-08 18:36:36 43696 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp x.sys
2010-11-08 18:36:36 361904 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtd i.sys
2010-11-08 18:36:36 339504 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symtd iv.sys
2010-11-08 18:36:36 328752 ----a-r- c:\windows\system32\drivers\n360\0403000.005\symds .sys
2010-11-08 18:36:36 173104 ----a-w- c:\windows\system32\drivers\n360\0403000.005\symef a.sys
2010-11-08 18:36:35 501888 ----a-w- c:\windows\system32\drivers\n360\0403000.005\cchpx 86.sys
2010-11-08 18:36:35 325680 ----a-w- c:\windows\system32\drivers\n360\0403000.005\srtsp .sys
2010-11-08 18:36:35 116784 ----a-w- c:\windows\system32\drivers\n360\0403000.005\ironx 86.sys
2010-11-08 18:36:15 -------- d-----w- c:\windows\system32\drivers\n360\0403000.005
2010-11-08 18:15:47 -------- d-----w- c:\windows\system32\appmgmt
2010-11-08 10:12:27 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-08 10:12:27 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-11-08 10:12:12 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-08 10:12:12 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-08 10:12:11 -------- d-----w- c:\program files\Symantec
2010-11-08 10:11:12 -------- d-----w- c:\windows\system32\drivers\N360
2010-11-08 10:11:08 -------- d-----w- c:\program files\Norton Security Suite
2010-11-08 09:59:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\PCSettings
2010-11-08 09:59:28 -------- d-----w- c:\program files\NortonInstaller
2010-11-08 09:59:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-11-08 09:47:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-11-08 08:32:30 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-08 08:32:09 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2010-11-08 08:32:01 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2010-11-08 08:32:01 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2010-11-08 08:32:01 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2010-11-08 08:32:01 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-08 08:32:01 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-08 08:32:01 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-08 08:32:00 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-08 08:32:00 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-08 08:29:38 -------- d-----w- c:\docume~1\jason\locals~1\applic~1\Identities
2010-11-08 08:29:36 -------- d-----w- c:\docume~1\jason\applic~1\Windows Desktop Search
2010-11-08 08:29:13 -------- d-----w- c:\program files\Windows Desktop Search
2010-11-08 08:29:12 -------- d-----w- c:\windows\system32\GroupPolicy
2010-11-08 08:28:48 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-11-08 08:28:48 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-11-08 08:28:47 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-11-08 08:25:15 13312 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-11-08 07:25:51 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-08 07:25:51 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-11-08 07:25:51 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-08 07:23:21 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-08 07:19:16 -------- d-sh--w- c:\documents and settings\jason\PrivacIE
2010-11-08 06:59:37 -------- d-----w- c:\windows\system32\scripting
2010-11-08 06:59:37 -------- d-----w- c:\windows\system32\en
2010-11-08 06:59:37 -------- d-----w- c:\windows\system32\bits
2010-11-08 06:59:37 -------- d-----w- c:\windows\l2schemas
2010-11-08 06

53 -------- d-----w- c:\windows\network diagnostic
2010-11-08 06:11:42 -------- d-sh--w- c:\documents and settings\jason\IETldCache
2010-11-08 06:03:59 -------- d-----w- c:\windows\ie8updates
2010-11-08 06:03:53 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-11-08 06:03:52 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-08 06:03:52 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-08 06:03:52 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-08 06:03:52 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-08 06:03:52 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-11-08 06:03:52 11080192 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-11-08 06:03:29 -------- dc-h--w- c:\windows\ie8
2010-11-08 05:54:36 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-11-08 05:54:36 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2010-11-08 05:12:53 -------- d-----w- c:\windows\ServicePackFiles
2010-11-08 03:37:35 -------- d-----w- c:\program files\MSXML 4.0
2010-11-08 03:27:39 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-11-08 03:02:23 357248 ------w- c:\windows\system32\dllcache\srv.sys
2010-11-08 03:00:10 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-08 02:59:58 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-08 02:59:57 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-08 02:59:29 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-08 02:59:21 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-08 02:59:21 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-08 02:59:12 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-11-08 02:59:04 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-11-08 02:53:23 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-08 02:53:10 23040 ------w- c:\windows\kb913800.exe
2010-11-08 02:47:38 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-08 02:38:01 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-11-08 02:34:27 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-11-08 02:26:58 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-11-08 02:26:09 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-08 02:25:59 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-11-08 02:19:57 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-08 02:19:56 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-11-08 02:18:53 -------- d-sh--w- c:\documents and settings\jason\UserData
2010-11-08 02:15:03 -------- d-----w- c:\windows\system32\PreInstall
2010-11-08 01:11:16 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-08 01:10:39 -------- d-----w- c:\windows\system32\LogFiles
2010-11-08 01:10:31 -------- d-----w- c:\program files\HP Pavilion Webcam Demo
2010-11-08 00:58:39 -------- d-sh--w- c:\documents and settings\jason\Temporary Internet Files
2010-11-08 00:58:39 -------- d-sh--w- c:\documents and settings\jason\History
2010-11-08 00:54:41 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2010-11-08 00:54:40 5632 ----a-w- c:\windows\system32\kbdusa.dll
2010-11-08 00:54:40 10752 ----a-w- c:\windows\system32\c_iscii.dll
2010-11-08 00:54:39 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2010-11-08 00:54:30 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-08 00:54:26 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-08 00:54:23 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-08 00:54:19 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2010-09-18 20:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A5B5030]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008b[0x8A5BD9A0]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-0[0x8A051030]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!

============= FINISH: 16:12:07.59 ===============

**broni** · 13-11-2010

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ==================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

**chopperfritzz** · 13-11-2010

I've just scanned with the TDSSKiller, no infedctions were found and here is the log report...again, thank you very much for your help with this.

2010/11/13 13:59:43.0890 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/13 13:59:43.0890 ================================================== ==============================
2010/11/13 13:59:43.0890 SystemInfo:
2010/11/13 13:59:43.0890
2010/11/13 13:59:43.0890 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/13 13:59:43.0890 Product type: Workstation
2010/11/13 13:59:43.0890 ComputerName: CHOPCHOP
2010/11/13 13:59:43.0890 UserName: Jason
2010/11/13 13:59:43.0890 Windows directory: C:\WINDOWS
2010/11/13 13:59:43.0890 System windows directory: C:\WINDOWS
2010/11/13 13:59:43.0890 Processor architecture: Intel x86
2010/11/13 13:59:43.0890 Number of processors: 2
2010/11/13 13:59:43.0890 Page size: 0x1000
2010/11/13 13:59:43.0890 Boot type: Normal boot
2010/11/13 13:59:43.0890 ================================================== ==============================
2010/11/13 13:59:44.0421 Initialize success
2010/11/13 13:59:47.0984 ================================================== ==============================
2010/11/13 13:59:47.0984 Scan started
2010/11/13 13:59:47.0984 Mode: Manual;
2010/11/13 13:59:47.0984 ================================================== ==============================
2010/11/13 13:59:48.0937 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
2010/11/13 13:59:49.0031 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/13 13:59:49.0125 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/13 13:59:49.0156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/13 13:59:49.0203 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/13 13:59:49.0234 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/13 13:59:49.0296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/13 13:59:49.0359 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/13 13:59:49.0390 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/13 13:59:49.0421 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/13 13:59:49.0468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/13 13:59:49.0500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/13 13:59:49.0562 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/13 13:59:49.0609 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/13 13:59:49.0656 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/13 13:59:49.0703 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/13 13:59:49.0750 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/13 13:59:49.0796 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/13 13:59:49.0812 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/13 13:59:49.0859 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/13 13:59:49.0937 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/13 13:59:49.0968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/13 13:59:50.0046 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/13 13:59:50.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/13 13:59:50.0140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/13 13:59:50.0359 BHDrvx86 (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\ 20101104.001\BHDrvx86.sys
2010/11/13 13:59:50.0531 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/11/13 13:59:50.0703 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/13 13:59:50.0718 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/13 13:59:50.0781 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/13 13:59:50.0859 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx 86.sys
2010/11/13 13:59:51.0000 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/13 13:59:51.0062 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/13 13:59:51.0093 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/13 13:59:51.0203 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/13 13:59:51.0296 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/13 13:59:51.0343 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/13 13:59:51.0390 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/13 13:59:51.0453 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/13 13:59:51.0500 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/13 13:59:51.0546 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/13 13:59:51.0609 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/13 13:59:51.0703 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/13 13:59:51.0781 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/13 13:59:51.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/13 13:59:51.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/13 13:59:51.0906 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/13 13:59:51.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/13 13:59:52.0015 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/11/13 13:59:52.0031 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2010/11/13 13:59:52.0078 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
2010/11/13 13:59:52.0234 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/13 13:59:52.0265 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/13 13:59:52.0484 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/13 13:59:52.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/13 13:59:52.0593 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/13 13:59:52.0609 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/13 13:59:52.0656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/13 13:59:52.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/13 13:59:52.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/13 13:59:52.0796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/13 13:59:52.0859 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/13 13:59:52.0906 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2010/11/13 13:59:52.0984 HdAudAddService (4905d28aa09f63e6a2f4e93ed6dd7d19) C:\WINDOWS\system32\drivers\CHDAud.sys
2010/11/13 13:59:53.0046 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/13 13:59:53.0078 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/13 13:59:53.0140 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/13 13:59:53.0203 HSFHWAZL (0aaef566e6782957252fa79f566fbc0b) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/11/13 13:59:53.0265 HSF_DPV (e472e0cb4e716cc34c0e045f2c196221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/11/13 13:59:53.0375 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/13 13:59:53.0437 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/13 13:59:53.0468 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/13 13:59:53.0515 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/13 13:59:53.0593 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/11/13 13:59:53.0812 IDSxpx86 (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\2 0101112.001\IDSxpx86.sys
2010/11/13 13:59:54.0000 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/13 13:59:54.0093 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/13 13:59:54.0156 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/13 13:59:54.0234 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/13 13:59:54.0265 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/13 13:59:54.0312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/13 13:59:54.0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/13 13:59:54.0375 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/13 13:59:54.0406 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/13 13:59:54.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/13 13:59:54.0484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/13 13:59:54.0515 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/13 13:59:54.0531 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/13 13:59:54.0562 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/13 13:59:54.0609 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/13 13:59:54.0718 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/13 13:59:54.0781 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/11/13 13:59:54.0812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/13 13:59:54.0875 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/13 13:59:54.0921 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/13 13:59:54.0984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/13 13:59:55.0031 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/13 13:59:55.0093 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
2010/11/13 13:59:55.0140 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/13 13:59:55.0171 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/13 13:59:55.0234 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/13 13:59:55.0265 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/13 13:59:55.0296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/13 13:59:55.0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/13 13:59:55.0359 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/13 13:59:55.0406 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/13 13:59:55.0437 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/13 13:59:55.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/13 13:59:55.0531 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/13 13:59:55.0718 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs \20101113.003\NAVENG.SYS
2010/11/13 13:59:55.0843 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs \20101113.003\NAVEX15.SYS
2010/11/13 13:59:56.0031 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/13 13:59:56.0078 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/13 13:59:56.0140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/13 13:59:56.0203 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/13 13:59:56.0250 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/13 13:59:56.0281 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/13 13:59:56.0312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/13 13:59:56.0375 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/13 13:59:56.0593 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/11/13 13:59:56.0765 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/13 13:59:56.0812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/13 13:59:56.0890 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/13 13:59:56.0968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/13 13:59:57.0156 nv (c493bec0b489551bfe60de6c76e6f4ec) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/13 13:59:57.0343 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/13 13:59:57.0375 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/13 13:59:57.0421 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/13 13:59:57.0468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/13 13:59:57.0500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/13 13:59:57.0531 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/13 13:59:57.0578 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/13 13:59:57.0625 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/13 13:59:57.0656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/13 13:59:57.0765 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/13 13:59:57.0796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/13 13:59:57.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/13 13:59:57.0890 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/13 13:59:57.0906 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/13 13:59:57.0937 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/13 13:59:57.0968 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/13 13:59:58.0000 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/13 13:59:58.0015 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/13 13:59:58.0046 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/13 13:59:58.0078 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/13 13:59:58.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/13 13:59:58.0171 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/13 13:59:58.0203 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/13 13:59:58.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/13 13:59:58.0265 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/13 13:59:58.0296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/13 13:59:58.0359 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/13 13:59:58.0406 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/13 13:59:58.0453 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/13 13:59:58.0515 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/11/13 13:59:58.0546 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/11/13 13:59:58.0578 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/11/13 13:59:58.0625 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
2010/11/13 13:59:58.0687 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/13 13:59:58.0765 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/13 13:59:58.0812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/13 13:59:58.0859 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/13 13:59:58.0937 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/13 13:59:59.0015 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/13 13:59:59.0046 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/13 13:59:59.0093 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/13 13:59:59.0140 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/13 13:59:59.0187 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/13 13:59:59.0281 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP .SYS
2010/11/13 13:59:59.0312 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSP X.SYS
2010/11/13 13:59:59.0375 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/13 13:59:59.0437 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/13 13:59:59.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/13 13:59:59.0515 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/13 13:59:59.0562 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/13 13:59:59.0593 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/13 13:59:59.0656 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS .SYS
2010/11/13 13:59:59.0703 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEF A.SYS
2010/11/13 13:59:59.0750 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/13 13:59:59.0828 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx 86.SYS
2010/11/13 13:59:59.0875 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTD I.SYS
2010/11/13 13:59:59.0921 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/13 13:59:59.0937 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/13 14:00:00.0000 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/13 14:00:00.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/13 14:00:00.0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/13 14:00:00.0171 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/13 14:00:00.0203 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/13 14:00:00.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/13 14:00:00.0312 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/13 14:00:00.0359 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/13 14:00:00.0421 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/13 14:00:00.0484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/13 14:00:00.0546 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/13 14:00:00.0578 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/13 14:00:00.0609 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/13 14:00:00.0656 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/13 14:00:00.0687 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/13 14:00:00.0718 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/13 14:00:00.0765 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/13 14:00:00.0796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/13 14:00:00.0812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/13 14:00:00.0906 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/11/13 14:00:01.0062 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/13 14:00:01.0156 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/13 14:00:01.0265 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/13 14:00:01.0328 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/11/13 14:00:01.0406 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/13 14:00:01.0453 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/13 14:00:01.0562 ================================================== ==============================
2010/11/13 14:00:01.0562 Scan finished
2010/11/13 14:00:01.0562 ================================================== ==============================

**broni** · 13-11-2010

OK...

Wrong instructions...hold on...

**broni** · 13-11-2010

Now, we have to fix your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

**chopperfritzz** · 14-11-2010

I understand your directions but at the burn the CD part it keeps telling me to insert a blank CD which I have done with about 20 different blank CDs. Can I burn this CD on a different computer?

**broni** · 14-11-2010

Yes, you can.

**chopperfritzz** · 15-11-2010

Ok, sorry this next step took me so long, i could not burn the NTBR onto a CD from a number of computers but was finally able to when using a blank DVD. Anyway, thank you again and now here is the new MBR check log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 155):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF798D000 viaide.sys
0xF798F000 aliide.sys
0xF7329000 pcmcia.sys
0xF74B7000 MountMgr.sys
0xF730A000 ftdisk.sys
0xF7991000 dmload.sys
0xF72E4000 dmio.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF72CC000 atapi.sys
0xF71F6000 iaStor.sys
0xF74D7000 disk.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF71D6000 fltmgr.sys
0xF7180000 SYMDS.SYS
0xF716E000 sr.sys
0xF7141000 SYMEFA.SYS
0xF7717000 PxHelp20.sys
0xF712A000 KSecDD.sys
0xF709D000 Ntfs.sys
0xF7070000 NDIS.sys
0xF74F7000 Serial.sys
0xF7056000 Mup.sys
0xF7527000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7587000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF793F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7947000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF51C9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF51B5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF518D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF4E15000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xF4DD8000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF781F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF4DB4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7827000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF4DA0000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF782F000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF7597000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF4D54000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF7967000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7837000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF671D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF783F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF4D1D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF799B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7847000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF670D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF66FD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF66ED000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF4CFA000 \SystemRoot\system32\DRIVERS\ks.sys
0xF784F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7AB1000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF66DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6370000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF4CE3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF66CD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF66BD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7857000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF4CD2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF66AD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF785F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7867000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF4CA2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF669D000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF799D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF4C1C000 \SystemRoot\system32\DRIVERS\update.sys
0xF6350000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF634C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF668D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE44C000 \SystemRoot\system32\drivers\CHDAud.sys
0xEE428000 \SystemRoot\system32\drivers\portcls.sys
0xF0274000 \SystemRoot\system32\drivers\drmk.sys
0xEE3F4000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xEE302000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xEE24F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xEFF9B000 \SystemRoot\System32\Drivers\Modem.SYS
0xEFC3B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEFCD1000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF111E000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF29F9000 \SystemRoot\System32\drivers\vga.sys
0xF79F9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79FB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF29F1000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF29E9000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF00CA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE1F2000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE199000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE142000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMT DI.SYS
0xEE11C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE0F7000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF143C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF28F4000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xEE09F000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\2 0101112.001\IDSxpx86.sys
0xEE077000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE055000 \SystemRoot\System32\drivers\afd.sys
0xF28E4000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF79FD000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0xEE036000 \SystemRoot\system32\drivers\N360\0403000.005\Iron x86.SYS
0xF28D4000 \SystemRoot\system32\drivers\N360\0403000.005\SRTS PX.SYS
0xEE00B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDF9B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF28C4000 \SystemRoot\System32\Drivers\Fips.SYS
0xEB5EB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEB5CE000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEB54F000 \SystemRoot\system32\drivers\N360\0403000.005\ccHP x86.sys
0xEB4A3000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\ 20101104.001\BHDrvx86.sys
0xF29C9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xEB47F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEB46C000 \SystemRoot\System32\Drivers\5U870CAP.sys
0xF2884000 \SystemRoot\System32\Drivers\STREAM.SYS
0xF2253000 \SystemRoot\System32\Drivers\USBCAMD.SYS
0xF238C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF2388000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEB396000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF236C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF223B000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF618D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEBCFC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB7FE7000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0B90000 \SystemRoot\system32\drivers\sysaudio.sys
0xB7E4C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF55C0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7533000 \SystemRoot\System32\Drivers\HTTP.sys
0xB73C3000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7630000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB73AC000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0xB728A000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0xB689B000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTS P.SYS
0xB674D000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs \20101114.003\NAVEX15.SYS
0xB6739000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs \20101114.003\NAVENG.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
864 C:\WINDOWS\system32\smss.exe
936 csrss.exe
968 C:\WINDOWS\system32\winlogon.exe
1012 C:\WINDOWS\system32\services.exe
1024 C:\WINDOWS\system32\lsass.exe
1196 C:\WINDOWS\system32\svchost.exe
1264 svchost.exe
1304 C:\WINDOWS\system32\svchost.exe
1404 svchost.exe
1452 svchost.exe
1764 C:\WINDOWS\system32\spoolsv.exe
2008 C:\WINDOWS\explorer.exe
216 C:\WINDOWS\ehome\ehtray.exe
284 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
288 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
576 svchost.exe
616 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
640 C:\Program Files\HP\QuickPlay\QPService.exe
656 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
700 msdtc.exe
712 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
720 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
820 C:\Program Files\Windows Media Player\wmpnscfg.exe
904 C:\WINDOWS\system32\ctfmon.exe
1248 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
1372 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
1496 C:\WINDOWS\ehome\ehrecvr.exe
1516 C:\WINDOWS\ehome\ehSched.exe
1628 C:\WINDOWS\system32\svchost.exe
1464 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1872 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
1916 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
1832 svchost.exe
1136 C:\WINDOWS\system32\svchost.exe
768 mcrdsvc.exe
1616 C:\WINDOWS\system32\mqsvc.exe
2104 C:\WINDOWS\system32\wuauclt.exe
2168 wmpnetwk.exe
2252 C:\WINDOWS\system32\searchindexer.exe
2364 C:\WINDOWS\ehome\ehmsas.exe
2496 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2648 wmiprvse.exe
2860 C:\WINDOWS\system32\mqtgsvc.exe
2932 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe
3328 wmiprvse.exe
3344 C:\WINDOWS\system32\dllhost.exe
3668 C:\WINDOWS\system32\searchprotocolhost.exe
3684 searchfilterhost.exe
3784 alg.exe
2376 C:\Documents and Settings\Jason\My Documents\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`d2534000 (FAT32)

PhysicalDrive0 Model Number: ST9120821AS, Rev: 7.24
PhysicalDrive1 Model Number: ST9120821AS, Rev: 7.24

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
111 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

**broni** · 15-11-2010

Good job

Looks good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**chopperfritzz** · 15-11-2010

Ok, here is the combofix.txt:

ComboFix 10-11-14.01 - Jason 11/14/2010 21:04:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1381 [GMT -8:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-12 21:36 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-12 21:36 . 2010-11-12 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-12 21:36 . 2010-11-12 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-12 21:36 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-11 10:27 . 2010-11-11 10:27 -------- d-----w- c:\program files\CCleaner
2010-11-11 09:39 . 2010-11-11 10:32 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-11 09:39 . 2010-11-11 09:39 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-11 09:37 . 2010-11-11 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-11-11 04:15 . 2008-04-13 18:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-11-08 10:15 . 2010-11-08 10:15 -------- d-----w- c:\windows\Sun
2010-11-08 10:12 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-08 10:12 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-11-08 10:12 . 2010-11-08 10:12 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-11-08 10:12 . 2010-11-08 10:12 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-08 10:12 . 2010-11-08 10:12 -------- d-----w- c:\program files\Symantec
2010-11-08 10:11 . 2010-11-09 08:20 -------- d-----w- c:\windows\system32\drivers\N360
2010-11-08 10:11 . 2010-11-08 10:11 -------- d-----w- c:\program files\Norton Security Suite
2010-11-08 10:11 . 2010-11-08 10:11 -------- d-----w- c:\program files\Windows Sidebar
2010-11-08 09:59 . 2010-11-08 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-11-08 09:59 . 2010-11-08 09:59 -------- d-----w- c:\program files\NortonInstaller
2010-11-08 09:47 . 2010-11-08 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-11-08 08:32 . 2010-11-08 08:32 -------- d-----w- c:\windows\system32\XPSViewer
2010-11-08 08:32 . 2010-11-08 08:32 -------- d-----w- c:\program files\MSBuild
2010-11-08 08:32 . 2010-11-08 08:32 -------- d-----w- c:\program files\Reference Assemblies
2010-11-08 08:32 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2010-11-08 08:32 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2010-11-08 08:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-11-08 08:32 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-11-08 08:32 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-11-08 08:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2010-11-08 08:32 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2010-11-08 08:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-11-08 08:32 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-11-08 08:29 . 2010-11-09 11:16 -------- d-----w- c:\program files\Windows Desktop Search
2010-11-08 08:29 . 2010-11-08 08:29 -------- d-----w- c:\windows\system32\GroupPolicy
2010-11-08 08:28 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-11-08 08:28 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-11-08 08:28 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-11-08 08:28 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-11-08 08:27 . 2010-11-08 08:27 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-11-08 08:25 . 2010-08-26 11:08 13312 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-11-08 07:25 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-08 07:25 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-11-08 07:25 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-08 07:23 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-08 06:59 . 2010-11-08 06:59 -------- d-----w- c:\windows\system32\scripting
2010-11-08 06:59 . 2010-11-08 06:59 -------- d-----w- c:\windows\system32\en
2010-11-08 06:59 . 2010-11-08 06:59 -------- d-----w- c:\windows\system32\bits
2010-11-08 06:59 . 2010-11-08 06:59 -------- d-----w- c:\windows\l2schemas
2010-11-08 06:12 . 2010-11-08 06:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-08 06:03 . 2010-09-10 05:58 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-11-08 06:03 . 2010-09-10 05:58 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-08 06:03 . 2010-09-10 05:58 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-08 06:03 . 2010-09-10 05:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-11-08 06:03 . 2010-09-10 05:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-08 06:03 . 2010-09-10 05:58 11080192 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-11-08 06:03 . 2010-09-10 05:58 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-08 06:03 . 2010-11-08 06:03 -------- dc-h--w- c:\windows\ie8
2010-11-08 05:54 . 2010-02-05 18:27 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2010-11-08 05:54 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-11-08 05:12 . 2010-11-08 06:58 -------- d-----w- c:\windows\ServicePackFiles
2010-11-08 03:37 . 2010-11-08 03:37 -------- d-----w- c:\program files\MSXML 4.0
2010-11-08 03:27 . 2004-08-04 06:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-11-08 03:02 . 2010-08-26 13:39 357248 ------w- c:\windows\system32\dllcache\srv.sys
2010-11-08 03:00 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-08 02:59 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-08 02:59 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-08 02:59 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-08 02:59 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-08 02:59 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-08 02:59 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-11-08 02:59 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-11-08 02:53 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-08 02:53 . 2006-03-21 03:23 23040 ------w- c:\windows\kb913800.exe
2010-11-08 02:47 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-08 02:38 . 2010-06-30 12:31 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-11-08 02:34 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-11-08 02:26 . 2009-06-10 17:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-11-08 02:26 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-08 02:25 . 2010-06-14 07:41 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-11-08 02:19 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-08 02:19 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-11-08 01:10 . 2010-11-08 08:27 -------- d-----w- c:\windows\system32\LogFiles
2010-11-08 01:10 . 2010-11-08 01:10 -------- d-----w- c:\program files\HP Pavilion Webcam Demo
2010-11-08 00:57 . 2010-11-11 10:29 -------- d-----w- c:\documents and settings\Jason
2010-11-08 00:56 . 2006-08-07 21:38 65536 ----a-r- c:\windows\system32\config\systemprofile\Applicati on Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00 B0D0428C0C.exe
2010-11-08 00:56 . 2006-08-07 21:38 61440 ----a-r- c:\windows\system32\config\systemprofile\Applicati on Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F 81614F45A.exe
2010-11-08 00:56 . 2006-08-07 21:38 61440 ----a-r- c:\windows\system32\config\systemprofile\Applicati on Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F 81614F45A.exe
2010-11-08 00:56 . 2006-08-07 21:38 61440 ----a-r- c:\windows\system32\config\systemprofile\Applicati on Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F 81614F45A.exe
2010-11-08 00:56 . 2006-08-07 21:38 61440 ----a-r- c:\windows\system32\config\systemprofile\Applicati on Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F 81614F45A.exe
2010-11-08 00:56 . 2006-08-07 21:38 61440 ----a-r- c:\windows\system32\config\systemprofile\Applicati on Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8 F81614F45A.exe
2010-11-08 00:56 . 2006-08-07 21:38 61440 ----a-r- c:\windows\system32\config\systemprofile\Applicati on Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F 81614F45A.exe
2010-11-08 00:56 . 2006-08-07 21:14 45056 ----a-r- c:\windows\system32\config\systemprofile\Applicati on Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2010-11-08 00:56 . 2010-11-07 21:40 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\Symantec
2010-11-08 00:56 . 2010-11-07 21:40 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\Intuit
2010-11-08 00:54 . 2006-03-15 20:00 185344 ----a-w- c:\windows\system32\Thawbrkr.dll
2010-11-08 00:54 . 2006-03-15 20:00 5632 ----a-w- c:\windows\system32\kbdusa.dll
2010-11-08 00:54 . 2006-03-15 20:00 10752 ----a-w- c:\windows\system32\c_iscii.dll
2010-11-08 00:54 . 2006-03-15 20:00 6144 ----a-w- c:\windows\system32\ftlx041e.dll
2010-11-08 00:54 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-08 00:54 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-08 00:54 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-08 00:54 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-18 20:23 . 2006-03-16 04:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-03-16 04:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-03-16 04:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-03-16 04:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-03-16 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-03-16 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-03-16 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2006-03-16 04:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-03-16 04:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2005-10-18 05:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-03-16 04:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2005-05-10 08:17 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2006-03-16 04:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-11-11_10.16.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 03:51 . 2010-11-15 03:51 16384 c:\windows\temp\Perflib_Perfdata_77c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-28 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-07-20 86016]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-27 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005 \symds.sys [11/8/2010 10:36 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\040300 0.005\symefa.sys [11/8/2010 10:36 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\ 20101104.001\BHDrvx86.sys [11/3/2010 4:07 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000. 005\cchpx86.sys [11/8/2010 10:36 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.00 5\ironx86.sys [11/8/2010 10:36 AM 116784]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [11/8/2010 10:36 AM 126392]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 12:39 PM 61952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/8/2010 8:15 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\2 0101112.001\IDSXpx86.sys [10/19/2010 12:36 PM 341880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-14 21:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????[??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
c:\docume~1\Jason\LOCALS~1\Temp\catchme.sys
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A5CDAB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008b[0x8A579908]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IAAStorageDevice-0[0x8A5D0030]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5852)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-14 21:11:35
ComboFix-quarantined-files.txt 2010-11-15 05:11
ComboFix2.txt 2010-11-11 10:17

Pre-Run: 83,249,184,768 bytes free
Post-Run: 83,388,981,248 bytes free

- - End Of File - - 588F6E48972196D6C244C8F0FC4E9EF0

links are being redirected

links are being redirected

Similar Threads

Links being redirected

Links Redirected! Help Please!

links redirected to ads

Google links redirected

Google links being redirected.