TechSpot

According to Norton 360 infected with ZeroAccess Rootkit 4

Solved
By rlm59
Feb 13, 2012
  1. Hi,

    Infected computer:
    Samsung N310 GO Duel Boot with Windows XP SP3 and Ubuntu(most current version)

    Norton 360 informed me I was infected with ZeroAccess Rootkit 4, but would not run the removal toolkit that it prompted me to use. In normal windows I can no longer access the task manager, and everything runs at a glacial speed. Most recent boot allows me to log in(included log in music), but then just gives me my desktop image and nothing more.

    Safemode is available works just fine. Requested logs are below, each were produced in safemode.

    Thank you in advance for the help.

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.13.03

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Rachael :: LITTLEONE [administrator]

    Protection: Disabled

    2/13/2012 14:24:53 PM
    mbam-log-2012-02-13 (14-29-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 267763
    Time elapsed: 4 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\WINDOWS\system32\point32.dll (RootKit.0Access.H) -> No action taken.
    C:\WINDOWS\system32\usbatapi2000.dll (RootKit.0Access.H) -> No action taken.
    C:\WINDOWS\Installer\MSI78.tmp (HackTool.Hiderun) -> No action taken.
    C:\WINDOWS\Installer\MSIC5.tmp (HackTool.Hiderun) -> No action taken.

    (end)


    GMER: No Logs

    DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Rachael at 14:52:10 on 2012-02-13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1674 [GMT 0:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2704262
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.0.13\ips\IPSBHO.DLL
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [NetMeter] c:\program files\hootech net meter\HooNetMeter.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SUPBackGround] c:\program files\samsung\samsung update plus\SUPBackGround.exe
    mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
    mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
    mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\rachael\startm~1\programs\startup\easydi~1.lnk - c:\program files\samsung\easy display manager\DMLauncher_XP.exe
    StartupFolder: c:\docume~1\rachael\startm~1\programs\startup\magick~1.lnk - c:\program files\samsung\magickbd\PreMKBD.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{1ce60928-8325-49a8-8b06-633e48dd2b67}\Icon3E5562ED7.ico
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\rachael\application data\mozilla\firefox\profiles\90841v1g.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
    FF - plugin: c:\documents and settings\rachael\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\rachael\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\rachael\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
    FF - plugin: c:\program files\sony\media go\npmediago.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-15 64512]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-1-31 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-1-31 744568]
    S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120207.003\BHDrvx86.sys [2012-2-8 820344]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-1-31 136312]
    S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2010-1-16 4300]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-6-23 99896]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2152152]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-13 652360]
    S2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-1-31 130008]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\startmansvc.exe --> c:\program files\common files\pc tools\smonitor\StartManSvc.exe [?]
    S2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\srs labs\srs wow xt and tsxt\SRS_PostInstaller.exe [2009-5-19 66792]
    S2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-9-4 98304]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    S2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2004-8-12 14336]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-16 1684736]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120210.002\IDSXpx86.sys [2012-2-11 356280]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-7-21 15232]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-13 20464]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2011-6-23 17408]
    S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120212.017\NAVENG.SYS [2012-2-13 86136]
    S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120212.017\NAVEX15.SYS [2012-2-13 1576312]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-9-7 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-9-7 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-9-7 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-9-7 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-9-7 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-9-7 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-9-7 109864]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-28 155344]
    S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2010-3-14 233512]
    S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2011-8-9 238464]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-15 394952]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-5-20 11520]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
    .
    =============== Created Last 30 ================
    .
    2012-02-13 14:21:58 -------- d-----w- c:\documents and settings\rachael\application data\Malwarebytes
    2012-02-13 14:21:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-02-13 14:21:49 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-13 14:21:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-13 13:10:42 -------- d-sha-r- C:\cmdcons
    2012-02-13 11:42:18 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-13 11:35:16 98816 ----a-w- c:\windows\sed.exe
    2012-02-13 11:35:16 518144 ----a-w- c:\windows\SWREG.exe
    2012-02-13 11:35:16 256000 ----a-w- c:\windows\PEV.exe
    2012-02-13 11:35:16 208896 ----a-w- c:\windows\MBR.exe
    2012-02-13 11:00:45 32808 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
    2012-02-13 10:03:24 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-13 10:01:08 -------- d-----w- c:\program files\Catan
    2012-02-13 08:50:58 -------- d-----w- c:\documents and settings\all users\application data\Protexis
    2012-02-13 08:49:43 -------- d-----w- c:\program files\Oberon
    2012-02-11 18:27:38 -------- d-----w- c:\program files\common files\PC Tools
    2012-02-03 20:47:13 -------- d-----w- c:\documents and settings\rachael\application data\NCH Software
    2012-02-03 20:46:43 -------- d-----w- c:\program files\NCH Software
    2012-02-03 20:41:22 -------- d-----w- c:\documents and settings\rachael\application data\MtStudio
    2012-01-31 11:58:10 -------- d-----w- c:\documents and settings\rachael\application data\DDMSettings
    2012-01-31 05:00:33 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
    2012-01-31 05:00:32 744568 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
    2012-01-31 05:00:32 516216 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
    2012-01-31 05:00:32 50168 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
    2012-01-31 05:00:32 369784 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdi.sys
    2012-01-31 05:00:32 340088 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
    2012-01-31 05:00:32 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
    2012-01-31 05:00:32 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
    2012-01-31 04:59:49 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
    2012-01-23 00:02:42 -------- d-----w- c:\windows\_swf_imagine digital freedom_work
    2012-01-22 21:02:43 -------- d-----w- c:\program files\Lame For Audacity
    2012-01-22 20:29:40 -------- d-----w- c:\program files\Audacity
    .
    ==================== Find3M ====================
    .
    2012-01-05 10:16:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
    .
    ============= FINISH: 14:52:37.70 ===============

    Attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/16/2010 7:34:44 PM
    System Uptime: 2/13/2012 2:42:12 PM (0 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N310
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1595/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 135 GiB total, 63.309 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: BCM2046 Bluetooth Device
    Device ID: USB\VID_0A5C&PID_2151\002556E92D41
    Manufacturer:
    Name: BCM2046 Bluetooth Device
    PNP Device ID: USB\VID_0A5C&PID_2151\002556E92D41
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP382: 11/12/2011 8:06:46 AM - System Checkpoint
    RP383: 11/13/2011 3:09:40 PM - System Checkpoint
    RP384: 11/14/2011 9:57:36 PM - System Checkpoint
    RP385: 11/15/2011 11:18:31 PM - System Checkpoint
    RP386: 11/18/2011 2:54:56 AM - System Checkpoint
    RP387: 11/19/2011 3:49:29 AM - System Checkpoint
    RP388: 11/23/2011 8:44:03 AM - System Checkpoint
    RP389: 11/25/2011 8:01:40 PM - System Checkpoint
    RP390: 12/1/2011 5:40:58 PM - Installed QuickTime
    RP391: 12/3/2011 11:24:04 AM - System Checkpoint
    RP392: 12/4/2011 1:55:28 PM - System Checkpoint
    RP393: 12/6/2011 11:31:38 AM - System Checkpoint
    RP394: 12/12/2011 7:29:11 PM - System Checkpoint
    RP395: 12/15/2011 12:01:22 AM - System Checkpoint
    RP396: 12/16/2011 1:03:04 AM - System Checkpoint
    RP397: 12/16/2011 3:00:49 AM - Software Distribution Service 3.0
    RP398: 12/19/2011 9:46:55 PM - System Checkpoint
    RP399: 12/23/2011 8:17:02 PM - System Checkpoint
    RP400: 12/26/2011 2:00:52 AM - System Checkpoint
    RP401: 12/27/2011 3:51:40 AM - System Checkpoint
    RP402: 12/28/2011 10:25:34 AM - System Checkpoint
    RP403: 12/29/2011 4:40:13 PM - System Checkpoint
    RP404: 12/31/2011 8:20:02 PM - System Checkpoint
    RP405: 1/3/2012 5:20:40 AM - System Checkpoint
    RP406: 1/3/2012 9:02:52 PM - Installed Boingo Wi-Finder
    RP407: 1/4/2012 10:26:18 AM - Software Distribution Service 3.0
    RP408: 1/5/2012 10:18:57 AM - Removed Boingo Wi-Finder
    RP409: 1/7/2012 4:12:46 AM - System Checkpoint
    RP410: 1/12/2012 4:52:50 AM - Software Distribution Service 3.0
    RP411: 1/14/2012 5:44:13 AM - System Checkpoint
    RP412: 1/15/2012 6:45:51 PM - System Checkpoint
    RP413: 1/17/2012 1:04:57 AM - System Checkpoint
    RP414: 1/18/2012 3:00:18 AM - Software Distribution Service 3.0
    RP415: 1/19/2012 3:09:49 AM - System Checkpoint
    RP416: 1/20/2012 11:50:12 AM - System Checkpoint
    RP417: 1/21/2012 1:02:03 PM - System Checkpoint
    RP418: 1/23/2012 9:01:46 PM - System Checkpoint
    RP419: 1/25/2012 3:08:00 PM - System Checkpoint
    RP420: 1/27/2012 8:38:58 PM - System Checkpoint
    RP421: 1/31/2012 7:35:33 PM - System Checkpoint
    RP422: 2/1/2012 7:50:43 PM - System Checkpoint
    RP423: 2/4/2012 8:06:47 AM - System Checkpoint
    RP424: 2/6/2012 4:20:00 PM - System Checkpoint
    RP425: 2/7/2012 7:08:55 PM - System Checkpoint
    RP426: 2/8/2012 9:38:47 PM - System Checkpoint
    RP427: 2/10/2012 1:38:59 AM - System Checkpoint
    RP428: 2/13/2012 8:49:41 AM - Installed Catan
    RP429: 2/13/2012 10:26:28 AM - Norton 360 Registry Clean
    .
    ==== Installed Programs ======================
    .
    .
    Ad-Aware
    Adobe Acrobat 8 Standard - English, Français, Deutsch
    Adobe Acrobat 8.3.1 - CPSID_83708
    Adobe Acrobat 8.3.1 Standard
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    Adobe Shockwave Player 11.6
    Amazon Kindle
    Apple Application Support
    Apple Software Update
    Aspell 0.6 Dictionary (Language: de)
    Aspell 0.6 Dictionary (Language: en)
    Aspell Data
    Avadon
    BatteryLifeExtender
    calibre
    Catan
    Catan - Cities and Knights
    Cisco Systems VPN Client 5.0.07.0410
    Diablo II
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    Dropbox
    Easy Display Manager
    Easy Network Manager
    Easy Resolution Manager
    Google Chrome
    Google Gears
    Google Talk Plugin
    Google Update Helper
    Hero Editor V0.96
    Hero Editor V1.04
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB973442)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952117-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB981793)
    HP LaserJet Professional P1100-P1560-P1600 Series
    imagine digital freedom - Samsung
    Intel(R) Graphics Media Accelerator Driver
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 29
    LADSPA_plugins-win-0.4.15
    LAME v3.98.3 for Audacity
    Magic Keyboard
    Malwarebytes Anti-Malware version 1.60.1.1000
    Marvell Miniport Driver
    Media Go
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WinUsb 1.0
    MiKTeX 2.9
    Mozilla Firefox 9.0.1 (x86 en-US)
    Mozilla Thunderbird (7.0.1)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MusicBrainz Picard
    Namuga 1.3M Webcam
    Net Meter v3.6 build 437
    Norton 360
    NVIDIA PhysX
    QuickTime
    Realtek High Definition Audio Driver
    REALTEK Wireless LAN Software
    Samsung Battery Manager
    Samsung Magic Doctor
    Samsung Recovery Solution III
    Samsung Update Plus
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 5.5
    Sony Ericsson PC Companion 2.02.002
    SRS WOW XT and TSXT
    swMSM
    Torchlight
    Ultra Defragmenter
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.6195
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.3
    WavePad Sound Editor
    WD SmartWare
    WebFldrs XP
    Winamp
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Mobile Device Updater Component
    Windows XP Service Pack 3
    Xvid 1.2.1 final uninstall
    Yahoo! Detect
    Zune
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2012 6:05:48 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
    2/8/2012 5:41:35 PM, error: i8042prt [40] - An error occurred while trying to acquire the device ID of the mouse
    2/7/2012 2:53:06 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    2/13/2012 12:23:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SymIRON SYMTDI Tcpip WS2IFSL
    2/13/2012 12:06:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/13/2012 12:03:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2/13/2012 11:59:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd SRTSP SRTSPX SymIRON SYMTDI Tcpip WS2IFSL
    2/13/2012 11:58:35 AM, error: sptd [4] - Driver detected an internal error in its data structures for .
    2/13/2012 11:20:49 AM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    2/13/2012 11:20:47 AM, error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/13/2012 11:19:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2/13/2012 11:18:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/13/2012 11:18:33 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SymIRON SYMTDI Tcpip
    2/13/2012 11:18:33 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2/13/2012 11:18:33 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/13/2012 11:18:33 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/13/2012 11:18:33 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    2/13/2012 10:55:01 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    2/13/2012 10:54:34 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
    2/13/2012 10:53:26 AM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    2/13/2012 10:53:26 AM, error: SRTSP [4] - Error loading virus definitions.
    2/13/2012 1:31:22 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    2/13/2012 1:07:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 eeCtrl Fips intelppm sptd SRTSP SRTSPX SymIRON SYMTDI
    2/10/2012 5:46:55 PM, error: NetBT [4321] - The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.0.6. The machine with the IP address 192.168.0.3 did not allow the name to be claimed by this machine.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If you can run any of the following in Normal Mode, please do so.

    If you cannot run in Normal Mode, do the following:

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, and then press ENTER.

    Please go back and rerun Malwarebytes. Take care to check the section to remove the entries it finds. The entries show "No action taken."

    Please disable the Norton 360 Registry Clean. I don't want a registry cleaner removing files while I'm helping you. (FYI: We don't recommend a registry cleaner to anyone. The potential risk outweighs any benefit.
    ========================================
    If there are files, icons, program, etc. that seem to be missing, run the following. Be sure to read the note that this does not remove the malware.
    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note 1: This does not remove the malware- only the attribute causing the 'missing' problem.So it is important for you to continue.
    ===========================================
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result. Save log to post.
    • A reboot is required after disinfection.
    ===========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ==========================================
    Please leave the new log for Malwarebytes, the TDSSKiller log and the Combofix log in your next reply.

    I will help with remaining problems of desktop and start menu after we remove some of the malware entries.
    =======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
     
  3. rlm59

    rlm59 TS Rookie Topic Starter

    How can I go about disabling Norton 360? In safe mode it will only boot up running a scan, and normal mode still isn't working giving me just my desktop image.
     
  4. rlm59

    rlm59 TS Rookie Topic Starter

    Was able to boot into normal mode eventually. Task manager and my computer are still not runable, nor was Malwarebytes.

    Reran the Malwarebytes utility(Had to be run in safe mode, it would not open in normal)- it came up with no errors. See below log

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.13.03

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Rachael :: LITTLEONE [administrator]

    Protection: Disabled

    2/13/2012 15:52:54 PM
    mbam-log-2012-02-13 (15-52-54).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 267770
    Time elapsed: 3 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Ran TDSSKiller in safemode- received no errors. Tried to boot into normal, was successful, ran in normal received one error. Only had to option to copy to quarantine. See below log.

    16:08:07.0296 1060 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
    16:08:07.0328 1060 ============================================================
    16:08:07.0328 1060 Current date / time: 2012/02/13 16:08:07.0328
    16:08:07.0328 1060 SystemInfo:
    16:08:07.0328 1060
    16:08:07.0328 1060 OS Version: 5.1.2600 ServicePack: 3.0
    16:08:07.0328 1060 Product type: Workstation
    16:08:07.0328 1060 ComputerName: LITTLEONE
    16:08:07.0328 1060 UserName: Rachael
    16:08:07.0328 1060 Windows directory: C:\WINDOWS
    16:08:07.0328 1060 System windows directory: C:\WINDOWS
    16:08:07.0328 1060 Processor architecture: Intel x86
    16:08:07.0328 1060 Number of processors: 2
    16:08:07.0328 1060 Page size: 0x1000
    16:08:07.0328 1060 Boot type: Normal boot
    16:08:07.0328 1060 ============================================================
    16:08:09.0812 1060 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    16:08:09.0859 1060 \Device\Harddisk0\DR0:
    16:08:09.0859 1060 MBR used
    16:08:09.0859 1060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x10DFF817
    16:08:09.0984 1060 Initialize success
    16:08:09.0984 1060 ============================================================
    16:08:11.0578 2044 ============================================================
    16:08:11.0578 2044 Scan started
    16:08:11.0578 2044 Mode: Manual;
    16:08:11.0578 2044 ============================================================
    16:08:12.0562 2044 Abiosdsk - ok
    16:08:12.0578 2044 abp480n5 - ok
    16:08:12.0671 2044 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    16:08:12.0687 2044 ACPI - ok
    16:08:12.0718 2044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    16:08:12.0718 2044 ACPIEC - ok
    16:08:12.0734 2044 adpu160m - ok
    16:08:12.0828 2044 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    16:08:12.0828 2044 aec - ok
    16:08:12.0937 2044 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    16:08:12.0937 2044 AFD - ok
    16:08:12.0953 2044 Aha154x - ok
    16:08:12.0968 2044 aic78u2 - ok
    16:08:12.0984 2044 aic78xx - ok
    16:08:13.0015 2044 AliIde - ok
    16:08:13.0125 2044 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    16:08:13.0203 2044 Ambfilt - ok
    16:08:13.0218 2044 amsint - ok
    16:08:13.0359 2044 AR5416 (c413e2e549488a5f1969decb5b03187a) C:\WINDOWS\system32\DRIVERS\athw.sys
    16:08:13.0468 2044 AR5416 - ok
    16:08:13.0484 2044 asc - ok
    16:08:13.0500 2044 asc3350p - ok
    16:08:13.0515 2044 asc3550 - ok
    16:08:13.0593 2044 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    16:08:13.0609 2044 AsyncMac - ok
    16:08:13.0656 2044 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    16:08:13.0656 2044 atapi - ok
    16:08:13.0687 2044 Atdisk - ok
    16:08:13.0718 2044 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    16:08:13.0718 2044 Atmarpc - ok
    16:08:13.0781 2044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    16:08:13.0781 2044 audstub - ok
    16:08:13.0828 2044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    16:08:13.0828 2044 Beep - ok
    16:08:14.0093 2044 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
    16:08:14.0109 2044 BHDrvx86 - ok
    16:08:14.0296 2044 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    16:08:14.0312 2044 BVRPMPR5 - ok
    16:08:14.0500 2044 catchme - ok
    16:08:14.0593 2044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    16:08:14.0593 2044 cbidf2k - ok
    16:08:14.0671 2044 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    16:08:14.0671 2044 CCDECODE - ok
    16:08:14.0687 2044 cd20xrnt - ok
    16:08:14.0734 2044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    16:08:14.0734 2044 Cdaudio - ok
    16:08:14.0781 2044 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    16:08:14.0781 2044 Cdfs - ok
    16:08:14.0859 2044 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    16:08:14.0875 2044 Cdrom - ok
    16:08:14.0890 2044 Changer - ok
    16:08:14.0984 2044 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    16:08:14.0984 2044 CmBatt - ok
    16:08:15.0000 2044 CmdIde - ok
    16:08:15.0015 2044 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    16:08:15.0031 2044 Compbatt - ok
    16:08:15.0062 2044 Cpqarray - ok
    16:08:15.0109 2044 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    16:08:15.0125 2044 CVirtA - ok
    16:08:15.0171 2044 CVPNDRVA (cb90b2762b1a1d0b40496400c55b6ade) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    16:08:15.0218 2044 CVPNDRVA - ok
    16:08:15.0234 2044 dac2w2k - ok
    16:08:15.0250 2044 dac960nt - ok
    16:08:15.0312 2044 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    16:08:15.0312 2044 Disk - ok
    16:08:15.0375 2044 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    16:08:15.0421 2044 dmboot - ok
    16:08:15.0484 2044 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    16:08:15.0500 2044 dmio - ok
    16:08:15.0546 2044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    16:08:15.0562 2044 dmload - ok
    16:08:15.0593 2044 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    16:08:15.0593 2044 DMusic - ok
    16:08:15.0656 2044 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    16:08:15.0671 2044 DNE - ok
    16:08:15.0703 2044 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS
    16:08:15.0750 2044 DOSMEMIO - ok
    16:08:15.0781 2044 dpti2o - ok
    16:08:15.0796 2044 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    16:08:15.0796 2044 drmkaud - ok
    16:08:15.0921 2044 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    16:08:15.0937 2044 eeCtrl - ok
    16:08:15.0968 2044 EraserUtilRebootDrv - ok
    16:08:16.0062 2044 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    16:08:16.0078 2044 Fastfat - ok
    16:08:16.0140 2044 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    16:08:16.0156 2044 Fdc - ok
    16:08:16.0171 2044 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    16:08:16.0171 2044 Fips - ok
    16:08:16.0234 2044 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    16:08:16.0234 2044 Flpydisk - ok
    16:08:16.0343 2044 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    16:08:16.0343 2044 FltMgr - ok
    16:08:16.0421 2044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    16:08:16.0437 2044 Fs_Rec - ok
    16:08:16.0453 2044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    16:08:16.0453 2044 Ftdisk - ok
    16:08:16.0500 2044 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    16:08:16.0531 2044 GEARAspiWDM - ok
    16:08:16.0562 2044 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    16:08:16.0609 2044 Gpc - ok
    16:08:16.0656 2044 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    16:08:16.0671 2044 HDAudBus - ok
    16:08:16.0703 2044 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    16:08:16.0718 2044 HidUsb - ok
    16:08:16.0734 2044 hpn - ok
    16:08:16.0781 2044 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    16:08:16.0781 2044 HPZius12 - ok
    16:08:16.0843 2044 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    16:08:16.0875 2044 HTTP - ok
    16:08:16.0906 2044 i2omgmt - ok
    16:08:16.0921 2044 i2omp - ok
    16:08:16.0968 2044 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    16:08:16.0968 2044 i8042prt - ok
    16:08:17.0203 2044 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    16:08:17.0359 2044 ialm - ok
    16:08:17.0625 2044 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSxpx86.sys
    16:08:17.0640 2044 IDSxpx86 - ok
    16:08:17.0828 2044 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    16:08:17.0828 2044 Imapi - ok
    16:08:17.0859 2044 ini910u - ok
    16:08:18.0156 2044 IntcAzAudAddService (0cacdcbbc8e6f11e2865c47bfc509848) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    16:08:18.0250 2044 IntcAzAudAddService - ok
    16:08:18.0390 2044 IntelIde - ok
    16:08:18.0421 2044 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    16:08:18.0421 2044 intelppm - ok
    16:08:18.0453 2044 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    16:08:18.0453 2044 Ip6Fw - ok
    16:08:18.0515 2044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    16:08:18.0531 2044 IpFilterDriver - ok
    16:08:18.0593 2044 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    16:08:18.0593 2044 IpInIp - ok
    16:08:18.0656 2044 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    16:08:18.0656 2044 IpNat - ok
    16:08:18.0703 2044 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    16:08:18.0718 2044 IPSec - ok
    16:08:18.0765 2044 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    16:08:18.0765 2044 IRENUM - ok
    16:08:18.0828 2044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    16:08:18.0828 2044 isapnp - ok
    16:08:18.0906 2044 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    16:08:18.0906 2044 Kbdclass - ok
    16:08:18.0953 2044 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    16:08:18.0953 2044 kmixer - ok
    16:08:19.0000 2044 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    16:08:19.0015 2044 KSecDD - ok
    16:08:19.0156 2044 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    16:08:19.0171 2044 Lavasoft Kernexplorer - ok
    16:08:19.0234 2044 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    16:08:19.0250 2044 Lbd - ok
    16:08:19.0250 2044 lbrtfdc - ok
    16:08:19.0328 2044 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    16:08:19.0343 2044 LHidFilt - ok
    16:08:19.0421 2044 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    16:08:19.0437 2044 LMouFilt - ok
    16:08:19.0500 2044 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    16:08:19.0500 2044 MBAMProtector - ok
    16:08:19.0578 2044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    16:08:19.0578 2044 mnmdd - ok
    16:08:19.0671 2044 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    16:08:19.0671 2044 Modem - ok
    16:08:19.0781 2044 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    16:08:19.0859 2044 Monfilt - ok
    16:08:19.0937 2044 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
    16:08:19.0953 2044 motccgp - ok
    16:08:20.0015 2044 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
    16:08:20.0015 2044 motccgpfl - ok
    16:08:20.0093 2044 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    16:08:20.0093 2044 Mouclass - ok
    16:08:20.0171 2044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    16:08:20.0171 2044 mouhid - ok
    16:08:20.0203 2044 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    16:08:20.0203 2044 MountMgr - ok
    16:08:20.0218 2044 mraid35x - ok
    16:08:20.0296 2044 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    16:08:20.0296 2044 MRxDAV - ok
    16:08:20.0421 2044 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    16:08:20.0421 2044 MRxSmb - ok
    16:08:20.0453 2044 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    16:08:20.0453 2044 Msfs - ok
    16:08:20.0546 2044 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    16:08:20.0546 2044 MSKSSRV - ok
    16:08:20.0625 2044 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    16:08:20.0625 2044 MSPCLOCK - ok
    16:08:20.0640 2044 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    16:08:20.0656 2044 MSPQM - ok
    16:08:20.0703 2044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    16:08:20.0703 2044 mssmbios - ok
    16:08:20.0734 2044 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    16:08:20.0734 2044 MSTEE - ok
    16:08:20.0765 2044 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    16:08:20.0796 2044 Mup - ok
    16:08:20.0859 2044 mvusbews (1889385f1825c0782c5c179a0518d490) C:\WINDOWS\system32\Drivers\mvusbews.sys
    16:08:20.0875 2044 mvusbews - ok
    16:08:20.0937 2044 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    16:08:20.0953 2044 NABTSFEC - ok
    16:08:21.0203 2044 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120212.017\NAVENG.SYS
    16:08:21.0234 2044 NAVENG - ok
    16:08:21.0328 2044 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120212.017\NAVEX15.SYS
    16:08:21.0421 2044 NAVEX15 - ok
    16:08:21.0625 2044 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
    16:08:21.0656 2044 NDIS - ok
    16:08:21.0703 2044 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    16:08:21.0703 2044 NdisIP - ok
    16:08:21.0750 2044 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    16:08:21.0765 2044 NdisTapi - ok
    16:08:21.0796 2044 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    16:08:21.0796 2044 Ndisuio - ok
    16:08:21.0812 2044 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    16:08:21.0843 2044 NdisWan - ok
    16:08:21.0906 2044 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    16:08:21.0921 2044 NDProxy - ok
    16:08:21.0953 2044 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    16:08:21.0953 2044 NetBIOS - ok
    16:08:22.0031 2044 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    16:08:22.0046 2044 NetBT - ok
    16:08:22.0109 2044 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    16:08:22.0109 2044 Npfs - ok
    16:08:22.0171 2044 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    16:08:22.0203 2044 Ntfs - ok
    16:08:22.0265 2044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    16:08:22.0265 2044 Null - ok
    16:08:22.0343 2044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    16:08:22.0343 2044 NwlnkFlt - ok
    16:08:22.0406 2044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    16:08:22.0406 2044 NwlnkFwd - ok
    16:08:22.0468 2044 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    16:08:22.0484 2044 Parport - ok
    16:08:22.0500 2044 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    16:08:22.0500 2044 PartMgr - ok
    16:08:22.0546 2044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    16:08:22.0546 2044 ParVdm - ok
    16:08:22.0593 2044 PCASp50 - ok
    16:08:22.0609 2044 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    16:08:22.0609 2044 PCI - ok
    16:08:22.0625 2044 PCIDump - ok
    16:08:22.0671 2044 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    16:08:22.0671 2044 PCIIde - ok
    16:08:22.0703 2044 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    16:08:22.0703 2044 Pcmcia - ok
    16:08:22.0750 2044 PDCOMP - ok
    16:08:22.0765 2044 PDFRAME - ok
    16:08:22.0781 2044 PDRELI - ok
    16:08:22.0796 2044 PDRFRAME - ok
    16:08:22.0843 2044 perc2 - ok
    16:08:22.0859 2044 perc2hib - ok
    16:08:22.0921 2044 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    16:08:22.0937 2044 PptpMiniport - ok
    16:08:22.0984 2044 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    16:08:22.0984 2044 PSched - ok
    16:08:23.0015 2044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    16:08:23.0015 2044 Ptilink - ok
    16:08:23.0046 2044 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    16:08:23.0062 2044 PxHelp20 - ok
    16:08:23.0078 2044 ql1080 - ok
    16:08:23.0093 2044 Ql10wnt - ok
    16:08:23.0109 2044 ql12160 - ok
    16:08:23.0125 2044 ql1240 - ok
    16:08:23.0140 2044 ql1280 - ok
    16:08:23.0187 2044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    16:08:23.0187 2044 RasAcd - ok
    16:08:23.0218 2044 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    16:08:23.0218 2044 Rasl2tp - ok
    16:08:23.0281 2044 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    16:08:23.0296 2044 RasPppoe - ok
    16:08:23.0359 2044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    16:08:23.0375 2044 Raspti - ok
    16:08:23.0406 2044 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    16:08:23.0421 2044 Rdbss - ok
    16:08:23.0484 2044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    16:08:23.0500 2044 RDPCDD - ok
    16:08:23.0578 2044 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    16:08:23.0593 2044 RDPWD - ok
    16:08:23.0656 2044 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    16:08:23.0656 2044 redbook - ok
    16:08:23.0750 2044 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
    16:08:23.0750 2044 s1018bus - ok
    16:08:23.0812 2044 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
    16:08:23.0812 2044 s1018mdfl - ok
    16:08:23.0890 2044 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
    16:08:23.0906 2044 s1018mdm - ok
    16:08:23.0968 2044 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
    16:08:23.0968 2044 s1018mgmt - ok
    16:08:24.0031 2044 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
    16:08:24.0046 2044 s1018nd5 - ok
    16:08:24.0109 2044 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
    16:08:24.0109 2044 s1018obex - ok
    16:08:24.0187 2044 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
    16:08:24.0203 2044 s1018unic - ok
    16:08:24.0281 2044 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    16:08:24.0281 2044 Secdrv - ok
    16:08:24.0343 2044 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    16:08:24.0343 2044 Serial - ok
    16:08:24.0421 2044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    16:08:24.0421 2044 Sfloppy - ok
    16:08:24.0453 2044 Simbad - ok
    16:08:24.0484 2044 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    16:08:24.0484 2044 SLIP - ok
    16:08:24.0515 2044 Sparrow - ok
    16:08:24.0562 2044 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    16:08:24.0562 2044 splitter - ok
    16:08:24.0656 2044 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    16:08:24.0671 2044 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    16:08:24.0671 2044 sptd ( LockedFile.Multi.Generic ) - warning
    16:08:24.0671 2044 sptd - detected LockedFile.Multi.Generic (1)
    16:08:24.0687 2044 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    16:08:24.0687 2044 sr - ok
    16:08:24.0781 2044 SRS_PremiumSound_Service (7d7ad4aba007e20acc35cab03b28a935) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
    16:08:24.0812 2044 SRS_PremiumSound_Service - ok
    16:08:24.0906 2044 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
    16:08:24.0953 2044 SRTSP - ok
    16:08:25.0000 2044 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
    16:08:25.0031 2044 SRTSPX - ok
    16:08:25.0109 2044 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    16:08:25.0140 2044 Srv - ok
    16:08:25.0203 2044 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    16:08:25.0203 2044 streamip - ok
    16:08:25.0234 2044 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    16:08:25.0234 2044 swenum - ok
    16:08:25.0281 2044 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    16:08:25.0281 2044 swmidi - ok
    16:08:25.0328 2044 symc810 - ok
    16:08:25.0343 2044 symc8xx - ok
    16:08:25.0406 2044 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
    16:08:25.0437 2044 SymDS - ok
    16:08:25.0500 2044 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
    16:08:25.0562 2044 SymEFA - ok
    16:08:25.0671 2044 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    16:08:25.0703 2044 SymEvent - ok
    16:08:25.0781 2044 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
    16:08:25.0781 2044 SymIRON - ok
    16:08:25.0859 2044 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
    16:08:25.0859 2044 SYMTDI - ok
    16:08:25.0890 2044 sym_hi - ok
    16:08:25.0906 2044 sym_u3 - ok
    16:08:25.0968 2044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    16:08:25.0968 2044 sysaudio - ok
    16:08:26.0015 2044 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
    16:08:26.0031 2044 tbhsd - ok
    16:08:26.0109 2044 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    16:08:26.0109 2044 Tcpip - ok
    16:08:26.0156 2044 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    16:08:26.0156 2044 TDPIPE - ok
    16:08:26.0171 2044 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    16:08:26.0187 2044 TDTCP - ok
    16:08:26.0203 2044 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    16:08:26.0218 2044 TermDD - ok
    16:08:26.0234 2044 TosIde - ok
    16:08:26.0281 2044 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    16:08:26.0281 2044 Udfs - ok
    16:08:26.0296 2044 ultra - ok
    16:08:26.0375 2044 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    16:08:26.0390 2044 Update - ok
    16:08:26.0453 2044 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    16:08:26.0453 2044 usbccgp - ok
    16:08:26.0531 2044 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    16:08:26.0531 2044 usbehci - ok
    16:08:26.0593 2044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    16:08:26.0593 2044 usbhub - ok
    16:08:26.0671 2044 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    16:08:26.0671 2044 usbprint - ok
    16:08:26.0734 2044 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    16:08:26.0750 2044 usbscan - ok
    16:08:26.0812 2044 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    16:08:26.0812 2044 usbstor - ok
    16:08:26.0859 2044 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    16:08:26.0875 2044 usbuhci - ok
    16:08:26.0921 2044 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    16:08:26.0921 2044 usbvideo - ok
    16:08:26.0984 2044 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    16:08:26.0984 2044 VgaSave - ok
    16:08:27.0000 2044 ViaIde - ok
    16:08:27.0109 2044 VMC326 (20a559a25c4ae3f9b35f8229636ee5a7) C:\WINDOWS\system32\Drivers\VMC326.sys
    16:08:27.0140 2044 VMC326 - ok
    16:08:27.0187 2044 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    16:08:27.0203 2044 VolSnap - ok
    16:08:27.0250 2044 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
    16:08:27.0343 2044 vsdatant - ok
    16:08:27.0421 2044 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:08:27.0421 2044 Wanarp - ok
    16:08:27.0484 2044 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    16:08:27.0484 2044 WDC_SAM - ok
    16:08:27.0578 2044 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    16:08:27.0593 2044 Wdf01000 - ok
    16:08:27.0609 2044 WDICA - ok
    16:08:27.0656 2044 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    16:08:27.0656 2044 wdmaud - ok
    16:08:27.0765 2044 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    16:08:27.0765 2044 WinUSB - ok
    16:08:27.0875 2044 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    16:08:27.0875 2044 WpdUsb - ok
    16:08:27.0953 2044 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    16:08:27.0953 2044 WS2IFSL - ok
    16:08:28.0000 2044 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    16:08:28.0000 2044 WSTCODEC - ok
    16:08:28.0062 2044 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    16:08:28.0062 2044 WudfPf - ok
    16:08:28.0140 2044 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    16:08:28.0140 2044 WudfRd - ok
    16:08:28.0234 2044 yukonwxp (7578410b1512fad9c485b134561e8b78) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    16:08:28.0281 2044 yukonwxp - ok
    16:08:28.0343 2044 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
    16:08:28.0359 2044 zumbus - ok
    16:08:28.0437 2044 MBR (0x1B8) (6aefa2bac284226f1a5aed86e53d7bb9) \Device\Harddisk0\DR0
    16:08:28.0484 2044 \Device\Harddisk0\DR0 - ok
    16:08:28.0515 2044 Boot (0x1200) (27a5293f3e174c1d1864e778a2122dfd) \Device\Harddisk0\DR0\Partition0
    16:08:28.0515 2044 \Device\Harddisk0\DR0\Partition0 - ok
    16:08:28.0531 2044 ============================================================
    16:08:28.0531 2044 Scan finished
    16:08:28.0531 2044 ============================================================
    16:08:28.0546 1128 Detected object count: 1
    16:08:28.0546 1128 Actual detected object count: 1
    16:09:45.0828 1128 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
    16:09:45.0828 1128 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine


    Ran ComboFix in Normal mode, it would go through the initial run down, but then would quit. Went to safe mod, uninstalled norton 360, still got the errormessage saying that it was there. Went ahead and ran it because it told me the uninstall was successful, and received the following log.

    ComboFix 12-02-12.01 - Rachael 02/13/2012 17:30:02.4.2 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1735 [GMT 0:00]
    Running from: c:\documents and settings\Rachael\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-13 17:15 . 2012-02-13 17:15 -------- d-----w- c:\windows\LastGood
    2012-02-13 16:09 . 2012-02-13 16:09 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-13 16:07 . 2012-02-13 16:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\documents and settings\Rachael\Application Data\Malwarebytes
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-13 14:21 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-13 11:42 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-13 11:00 . 2012-02-13 14:02 32808 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
    2012-02-13 10:03 . 2012-02-13 11:07 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-13 10:01 . 2012-02-13 10:01 -------- d-----w- c:\program files\Catan
    2012-02-13 08:50 . 2012-02-13 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
    2012-02-13 08:49 . 2012-02-13 08:49 -------- d-----w- c:\program files\Oberon
    2012-02-11 18:27 . 2012-02-13 08:51 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-02-03 20:47 . 2012-02-03 20:47 -------- d-----w- c:\documents and settings\Rachael\Application Data\NCH Software
    2012-02-03 20:47 . 2012-02-03 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
    2012-02-03 20:46 . 2012-02-03 20:46 -------- d-----w- c:\program files\NCH Software
    2012-02-03 20:41 . 2012-02-03 20:41 -------- d-----w- c:\documents and settings\Rachael\Application Data\MtStudio
    2012-01-31 11:58 . 2012-01-31 11:58 -------- d-----w- c:\documents and settings\Rachael\Application Data\DDMSettings
    2012-01-23 00:02 . 2012-01-23 00:02 -------- d-----w- c:\windows\_swf_imagine digital freedom_work
    2012-01-22 21:02 . 2012-01-22 21:02 -------- d-----w- c:\program files\Lame For Audacity
    2012-01-22 20:58 . 2012-02-03 21:10 -------- d-----w- c:\documents and settings\Rachael\Application Data\Audacity
    2012-01-22 20:29 . 2012-02-08 19:00 -------- d-----w- c:\program files\Audacity
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-05 10:16 . 2011-05-27 07:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2011-11-25 21:57 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-12 14:09 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-12 14:03 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-08-12 14:09 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-08-12 14:04 152064 ----a-w- c:\windows\system32\schannel.dll
    2012-01-11 07:42 . 2012-01-11 07:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-13_12.50.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-01-16 19:36 . 2012-02-13 13:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2010-01-16 19:36 . 2012-02-13 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2012-02-13 17:15 . 2011-07-06 12:44 27888 c:\windows\LastGood\system32\DRIVERS\GEARAspiWDM.sys
    + 2010-05-17 07:40 . 2008-04-17 21:12 107368 c:\windows\system32\GEARAspi.dll
    + 2012-02-13 17:15 . 2010-08-21 03:59 106928 c:\windows\LastGood\system32\GEARAspi.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NetMeter"="c:\program files\HooTech Net Meter\HooNetMeter.exe" [2008-12-06 577536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
    "SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2010-04-20 300912]
    "DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
    "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-11-27 2768896]
    "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    .
    c:\documents and settings\Rachael\Start Menu\Programs\Startup\
    Easy Display Manager for XP.lnk - c:\program files\Samsung\Easy Display Manager\DMLauncher_XP.exe [2010-5-14 466944]
    Magic Keyboard.lnk - c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe [2010-1-16 151552]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2010-11-23 6144]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\Rachael\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Documents and Settings\\Rachael\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/15/2011 3:23 PM 64512]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/21/2011 6:59 PM 2152152]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/19/2010 1:31 AM 691696]
    S2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [1/16/2010 7:50 PM 4300]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 3:39 PM 135664]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [6/23/2011 2:21 PM 99896]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/13/2012 2:21 PM 652360]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
    S2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [5/19/2009 9:39 AM 66792]
    S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/4/2009 1:22 PM 98304]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 7:58 AM 20480]
    S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [8/12/2004 2:06 PM 14336]
    S3 70979179;70979179; [x]
    S3 78673605;78673605; [x]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/16/2010 7:44 PM 1684736]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 3:39 PM 135664]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [7/21/2011 6:59 PM 15232]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/13/2012 2:21 PM 20464]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 4:49 AM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 4:49 AM 8320]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [6/23/2011 2:20 PM 17408]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [9/7/2010 2:03 PM 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [9/7/2010 2:03 PM 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [9/7/2010 2:03 PM 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [9/7/2010 2:03 PM 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [9/7/2010 2:03 PM 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [9/7/2010 2:03 PM 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [9/7/2010 2:03 PM 109864]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/28/2011 9:02 AM 155344]
    S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [3/14/2010 8:56 AM 233512]
    S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [8/9/2011 5:14 PM 238464]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/20/2010 10:31 AM 11520]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 12:19 PM 268528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    yksvcs REG_MULTI_SZ yksvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    vserial
    aswrdr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 07:40]
    .
    2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 15:38]
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 15:38]
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-484061587-725345543-1004Core.job
    - c:\documents and settings\Rachael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 00:08]
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-484061587-725345543-1004UA.job
    - c:\documents and settings\Rachael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 00:08]
    .
    2012-02-03 c:\windows\Tasks\wavepadSevenDays.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-02-03 20:46]
    .
    2012-02-06 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-02-03 20:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2704262
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Rachael\Application Data\Mozilla\Firefox\Profiles\90841v1g.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-13 17:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1960408961-484061587-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:0c,dc,26,dc,bf,be,97,e2,c4,5a,8a,cc,49,21,a4,9c,76,80,2b,41,03,ca,75,
    fd,42,68,c8,9b,c0,70,76,aa,cb,c5,94,6a,52,4b,0c,a3,9f,97,cf,5d,ac,aa,cd,cf,\
    "??"=hex:5a,2d,06,f2,75,07,34,72,16,00,f2,7c,6f,d4,1e,45
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1700)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2012-02-13 17:47:59
    ComboFix-quarantined-files.txt 2012-02-13 17:47
    ComboFix2.txt 2012-02-13 17:04
    ComboFix3.txt 2012-02-13 13:44
    ComboFix4.txt 2012-02-13 12:55
    .
    Pre-Run: 68,605,718,528 bytes free
    Post-Run: 68,611,379,200 bytes free
    .
    - - End Of File - - E510D94ADA451F4DF3E16A8BE2522E7B
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I'm not really sure what has been done here:
    2012-02-13 17:15 -------- d-----w- c:\windows\LastGood

    Did you roll the system back to the Last Known Good Configuration
    ---------------------------------------------------
    About Norton: I just wanted you to disable the Norton 360 Registry Cleaner
    A Restore Point was set here: RP429: 2/13/2012 10:26:28 AM - Norton 360 Registry Clean
    So that may be when the registry cleaner was scheduled to run

    You just need to open the 360 Settings> choose Task Scheduler option> In the settings panel> Uncheck Registry Cleaner> Save the settings.
    This will stop if from running automatically.

    But the Norton AV and FW should be disabled when Combofix is run:[You do not have to uninstall the program, just disable it.
    • Right-click the Norton 360 Premier Edition icon in the system tray and select Disable Antivirus Automatic-Protect.
    • You will get a new dialog box with five options: 15 minutes, 1 hour, 5 hours, Until system restart, Permanently.
    • Choose 5 hours.
    ======================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\drivers\FixZeroAccess.sys
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\system32\vsdatant.sys
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2704262
    Extra::
    Firefox::
    Firefox-:- Profile - c:\documents and settings\rachael\application data\mozilla\firefox\profiles\90841v1g.default\
    Firefox-:  prefs.js - Search.DefaultURL
    RegNull::
    [HKEY_USERS\S-1-5-21-1960408961-484061587-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    Clearjavacache::
    Driver::
    70979179
    vsdatant
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Did you know you still had a process running from ZoneAlarm? (2007) I removed it.

    Tell me please what problems you are still having.
     
  6. rlm59

    rlm59 TS Rookie Topic Starter

    Thanks a bunch for all your help. I did not intentionally roll back the system to the last good configuration, but at one point ComboFix did mention that it was looking for the last good configuration.

    I only uninstalled norton because in safe mode it is not possible to open the program beyond scanning, and I was being prevented from opening it in normal windows. It will be reinstalled once my computer is cleaned. (I hope that it was ok that I did this, but it was the only way to prevent it from running at the time.)

    Below is the log for the CFScript.

    ComboFix 12-02-12.01 - Rachael 02/13/2012 22:29:19.6.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1654 [GMT 0:00]
    Running from: c:\documents and settings\Rachael\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Rachael\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    FILE ::
    "c:\windows\system32\dds_trash_log.cmd"
    "c:\windows\system32\drivers\FixZeroAccess.sys"
    "c:\windows\system32\vsdatant.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_70979179
    -------\Legacy_VSDATANT
    -------\Service_70979179
    -------\Service_vsdatant
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-13 16:09 . 2012-02-13 16:09 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-13 16:07 . 2012-02-13 16:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\documents and settings\Rachael\Application Data\Malwarebytes
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-13 14:21 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-13 11:42 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-13 11:00 . 2012-02-13 14:02 32808 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
    2012-02-13 10:03 . 2012-02-13 11:07 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-13 10:01 . 2012-02-13 10:01 -------- d-----w- c:\program files\Catan
    2012-02-13 08:50 . 2012-02-13 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
    2012-02-13 08:49 . 2012-02-13 08:49 -------- d-----w- c:\program files\Oberon
    2012-02-11 18:27 . 2012-02-13 08:51 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-02-03 20:47 . 2012-02-03 20:47 -------- d-----w- c:\documents and settings\Rachael\Application Data\NCH Software
    2012-02-03 20:47 . 2012-02-03 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
    2012-02-03 20:46 . 2012-02-03 20:46 -------- d-----w- c:\program files\NCH Software
    2012-02-03 20:41 . 2012-02-03 20:41 -------- d-----w- c:\documents and settings\Rachael\Application Data\MtStudio
    2012-01-31 11:58 . 2012-01-31 11:58 -------- d-----w- c:\documents and settings\Rachael\Application Data\DDMSettings
    2012-01-23 00:02 . 2012-01-23 00:02 -------- d-----w- c:\windows\_swf_imagine digital freedom_work
    2012-01-22 21:02 . 2012-01-22 21:02 -------- d-----w- c:\program files\Lame For Audacity
    2012-01-22 20:58 . 2012-02-03 21:10 -------- d-----w- c:\documents and settings\Rachael\Application Data\Audacity
    2012-01-22 20:29 . 2012-02-08 19:00 -------- d-----w- c:\program files\Audacity
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-05 10:16 . 2011-05-27 07:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2011-11-25 21:57 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-12 14:09 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-12 14:03 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-08-12 14:09 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-08-12 14:04 152064 ----a-w- c:\windows\system32\schannel.dll
    2012-01-11 07:42 . 2012-01-11 07:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-13_12.50.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-13 22:46 . 2012-02-13 22:46 16384 c:\windows\temp\Perflib_Perfdata_20c.dat
    + 2012-02-13 22:49 . 2012-02-13 22:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2010-01-16 19:36 . 2012-02-13 22:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2010-01-16 19:36 . 2012-02-13 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2012-02-13 22:15 . 2012-02-13 22:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2010-01-16 19:36 . 2012-02-13 12:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2010-05-17 07:40 . 2008-04-17 21:12 107368 c:\windows\system32\GEARAspi.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NetMeter"="c:\program files\HooTech Net Meter\HooNetMeter.exe" [2008-12-06 577536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
    "SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2010-04-20 300912]
    "DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
    "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-11-27 2768896]
    "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    .
    c:\documents and settings\Rachael\Start Menu\Programs\Startup\
    Easy Display Manager for XP.lnk - c:\program files\Samsung\Easy Display Manager\DMLauncher_XP.exe [2010-5-14 466944]
    Magic Keyboard.lnk - c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe [2010-1-16 151552]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2010-11-23 6144]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\Rachael\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Documents and Settings\\Rachael\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/15/2011 3:23 PM 64512]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/19/2010 1:31 AM 691696]
    R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [1/16/2010 7:50 PM 4300]
    R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [6/23/2011 2:21 PM 99896]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/21/2011 6:59 PM 2152152]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/13/2012 2:21 PM 652360]
    R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [5/19/2009 9:39 AM 66792]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/4/2009 1:22 PM 98304]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 7:58 AM 20480]
    R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [8/12/2004 2:06 PM 14336]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/13/2012 2:21 PM 20464]
    R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [3/14/2010 8:56 AM 233512]
    R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [8/9/2011 5:14 PM 238464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 3:39 PM 135664]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
    S3 78673605;78673605; [x]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/16/2010 7:44 PM 1684736]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 3:39 PM 135664]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 4:49 AM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 4:49 AM 8320]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [6/23/2011 2:20 PM 17408]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [9/7/2010 2:03 PM 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [9/7/2010 2:03 PM 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [9/7/2010 2:03 PM 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [9/7/2010 2:03 PM 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [9/7/2010 2:03 PM 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [9/7/2010 2:03 PM 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [9/7/2010 2:03 PM 109864]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/28/2011 9:02 AM 155344]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/20/2010 10:31 AM 11520]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 12:19 PM 268528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    yksvcs REG_MULTI_SZ yksvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    vserial
    aswrdr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 07:40]
    .
    2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 15:38]
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 15:38]
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-484061587-725345543-1004Core.job
    - c:\documents and settings\Rachael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 00:08]
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-484061587-725345543-1004UA.job
    - c:\documents and settings\Rachael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 00:08]
    .
    2012-02-03 c:\windows\Tasks\wavepadSevenDays.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-02-03 20:46]
    .
    2012-02-06 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-02-03 20:46]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Rachael\Application Data\Mozilla\Firefox\Profiles\90841v1g.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-13 22:47
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(712)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    c:\windows\system32\ZuneBusEnum.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-13 22:53:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-13 22:53
    ComboFix2.txt 2012-02-13 20:56
    ComboFix3.txt 2012-02-13 17:48
    ComboFix4.txt 2012-02-13 17:04
    ComboFix5.txt 2012-02-13 22:19
    .
    Pre-Run: 68,581,384,192 bytes free
    Post-Run: 68,590,616,576 bytes free
    .
    - - End Of File - - F4ED1C0B15F5921E372B87943A8FB88F

    ==================================
    Problems resolved-
    Task manager once again reappears
    It no longer takes ages to boot up
    I can once again access My Computer, and the command line
    Internet is once again accessible in normal mode

    Problems still seen-
    It still takes about 2x times as long to boot up as it did preinfection.
    Plug and Play still not happening(not a huge deal)
     
  7. rlm59

    rlm59 TS Rookie Topic Starter

    I have kept the computer disconnected from the internet, and booted it up yesterday. It is still running much slower than usual in normal mode,and a scan with TDSSKiller still shows one infected area that it can only copy to quarantine, not actually get rid of. What would your advice be on proceeding further?
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please be sure to copy everything in the code box when you run the script.

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    "c:\windows\system32\dds_trash_log.cmd"
    "c:\windows\system32\drivers\FixZeroAccess.sys"
    "c:\windows\system32\vsdatant.sys"
    FileLook::
    C:\WINDOWS\system32\Drivers\sptd.sys
    Extra::
    Firefox::
    Firefox-:- Profile - c:\documents and settings\rachael\application data\mozilla\firefox\profiles\90841v1g.default\
    Firefox-:  prefs.js - Search.DefaultURL
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2704262
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=-
    RegNull::
    [HKEY_USERS\S-1-5-21-1960408961-484061587-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    Clearjavacache::
    Driver::
    70979179
    78673605
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Commnents:
    1. It looks like you're using a Netbook with Duel Boot with Windows XP SP3 and Ubuntu(most current version)
    Install Date: 1/16/2010 7:34:44 PM. Was this reinstall? Or is the original only 2 years old?

    2. Did you run TDSSKiller again after this scan> Current date / time: 2012/02/13 16:08:07.0328. If yes, log please.

    3. The system is already slow yet you are adding programs:The first log is dated 2012-02-13:
    2012-02-13 10:01:08 -------- d-----w- c:\program files\Catan
    2012-02-13 08:50:58 -------- d-----w- c:\documents and settings\all users\application data\Protexis
    2012-02-13 08:49:43 -------- d-----w- c:\program files\Oberon
    2012-02-11 18:27:38 -------- d-----w- c:\program files\common files\PC Tools

    4. How much RAM is installed?
    The computer was running 'slower than normal' before the infection, was it not? The only way this cleaning will affect that is if there were so many processes from the malware running to 'choke' the system and slow it down and they were found and removed.[/QUOTE]
    =======================================
    Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    Adobe Reader > Current is vX(10.xx)> Adobe Reader Update
    Java(TM) > Current is v6u30> Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system.
    =====================================
     
  9. rlm59

    rlm59 TS Rookie Topic Starter

    Thank you very much, I will post the logs when I get home from work tomorrow, I have gotten swamped and been up able to get back to fixing my computer these past few days. Please do not shut down the thread.
     
  10. rlm59

    rlm59 TS Rookie Topic Starter

    1. It looks like you're using a Netbook with Duel Boot with Windows XP SP3 and Ubuntu(most current version)
    Install Date: 1/16/2010 7:34:44 PM. Was this reinstall? Or is the original only 2 years old?

    Original install for windows, I partitioned the drive to add Ubuntu

    2. Did you run TDSSKiller again after this scan> Current date / time: 2012/02/13 16:08:07.0328. If yes, log please.

    See below, rerun upon turning the computer on today(it has remained off since last run of the CFScript.

    3. The system is already slow yet you are adding programs:The first log is dated 2012-02-13:
    2012-02-13 10:01:08 -------- d-----w- c:\program files\Catan
    2012-02-13 08:50:58 -------- d-----w- c:\documents and settings\all users\application data\Protexis
    2012-02-13 08:49:43 -------- d-----w- c:\program files\Oberon
    2012-02-11 18:27:38 -------- d-----w- c:\program files\common files\PC Tools

    I have not added any programs since the rootkit infected the computer. Prior to the rootkit the netbook was running at its normal speed, and I deemed it allowable to install programs.

    4. How much RAM is installed?
    The computer was running 'slower than normal' before the infection, was it not?
    No it was not running "slower than normal prior" prior to the infection. It is a netbook, so it does tend to run a bit slower than most computer, but it was running at the same speed it always had. It has 2gig of ram, I installed the upgrade about a year ago. Since cleaning started it has sped back up in all but the logging into windows stage.

    Log for TDSSKiller:
    19:18:20.0484 3848 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
    19:18:20.0515 3848 ============================================================
    19:18:20.0515 3848 Current date / time: 2012/02/20 19:18:20.0515
    19:18:20.0515 3848 SystemInfo:
    19:18:20.0515 3848
    19:18:20.0515 3848 OS Version: 5.1.2600 ServicePack: 3.0
    19:18:20.0515 3848 Product type: Workstation
    19:18:20.0515 3848 ComputerName: LITTLEONE
    19:18:20.0515 3848 UserName: Rachael
    19:18:20.0515 3848 Windows directory: C:\WINDOWS
    19:18:20.0515 3848 System windows directory: C:\WINDOWS
    19:18:20.0515 3848 Processor architecture: Intel x86
    19:18:20.0515 3848 Number of processors: 2
    19:18:20.0515 3848 Page size: 0x1000
    19:18:20.0515 3848 Boot type: Normal boot
    19:18:20.0515 3848 ============================================================
    19:18:22.0203 3848 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    19:18:22.0203 3848 \Device\Harddisk0\DR0:
    19:18:22.0203 3848 MBR used
    19:18:22.0203 3848 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x10DFF817
    19:18:22.0234 3848 Initialize success
    19:18:22.0234 3848 ============================================================
    19:18:28.0312 3868 ============================================================
    19:18:28.0312 3868 Scan started
    19:18:28.0312 3868 Mode: Manual;
    19:18:28.0312 3868 ============================================================
    19:18:28.0515 3868 78673605 - ok
    19:18:28.0531 3868 Abiosdsk - ok
    19:18:28.0546 3868 abp480n5 - ok
    19:18:28.0609 3868 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    19:18:28.0609 3868 ACPI - ok
    19:18:28.0656 3868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    19:18:28.0656 3868 ACPIEC - ok
    19:18:28.0671 3868 adpu160m - ok
    19:18:28.0718 3868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    19:18:28.0734 3868 aec - ok
    19:18:28.0812 3868 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    19:18:28.0812 3868 AFD - ok
    19:18:28.0828 3868 Aha154x - ok
    19:18:28.0843 3868 aic78u2 - ok
    19:18:28.0859 3868 aic78xx - ok
    19:18:28.0890 3868 AliIde - ok
    19:18:29.0000 3868 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    19:18:29.0015 3868 Ambfilt - ok
    19:18:29.0109 3868 amsint - ok
    19:18:29.0234 3868 AR5416 (c413e2e549488a5f1969decb5b03187a) C:\WINDOWS\system32\DRIVERS\athw.sys
    19:18:29.0250 3868 AR5416 - ok
    19:18:29.0265 3868 asc - ok
    19:18:29.0281 3868 asc3350p - ok
    19:18:29.0296 3868 asc3550 - ok
    19:18:29.0375 3868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:18:29.0375 3868 AsyncMac - ok
    19:18:29.0421 3868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:18:29.0421 3868 atapi - ok
    19:18:29.0421 3868 Atdisk - ok
    19:18:29.0484 3868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:18:29.0484 3868 Atmarpc - ok
    19:18:29.0531 3868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:18:29.0546 3868 audstub - ok
    19:18:29.0578 3868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    19:18:29.0578 3868 Beep - ok
    19:18:29.0640 3868 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    19:18:29.0640 3868 BVRPMPR5 - ok
    19:18:29.0812 3868 catchme - ok
    19:18:29.0859 3868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:18:29.0859 3868 cbidf2k - ok
    19:18:29.0921 3868 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    19:18:29.0921 3868 CCDECODE - ok
    19:18:29.0937 3868 cd20xrnt - ok
    19:18:29.0953 3868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:18:29.0953 3868 Cdaudio - ok
    19:18:29.0968 3868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    19:18:29.0968 3868 Cdfs - ok
    19:18:30.0046 3868 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:18:30.0046 3868 Cdrom - ok
    19:18:30.0062 3868 Changer - ok
    19:18:30.0125 3868 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    19:18:30.0125 3868 CmBatt - ok
    19:18:30.0140 3868 CmdIde - ok
    19:18:30.0156 3868 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    19:18:30.0171 3868 Compbatt - ok
    19:18:30.0187 3868 Cpqarray - ok
    19:18:30.0265 3868 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    19:18:30.0265 3868 CVirtA - ok
    19:18:30.0312 3868 CVPNDRVA (cb90b2762b1a1d0b40496400c55b6ade) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    19:18:30.0328 3868 CVPNDRVA - ok
    19:18:30.0328 3868 dac2w2k - ok
    19:18:30.0359 3868 dac960nt - ok
    19:18:30.0375 3868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    19:18:30.0375 3868 Disk - ok
    19:18:30.0453 3868 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    19:18:30.0453 3868 dmboot - ok
    19:18:30.0500 3868 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    19:18:30.0500 3868 dmio - ok
    19:18:30.0546 3868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    19:18:30.0546 3868 dmload - ok
    19:18:30.0593 3868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    19:18:30.0593 3868 DMusic - ok
    19:18:30.0625 3868 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    19:18:30.0625 3868 DNE - ok
    19:18:30.0703 3868 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS
    19:18:30.0703 3868 DOSMEMIO - ok
    19:18:30.0718 3868 dpti2o - ok
    19:18:30.0734 3868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    19:18:30.0734 3868 drmkaud - ok
    19:18:30.0828 3868 EraserUtilRebootDrv - ok
    19:18:30.0890 3868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    19:18:30.0890 3868 Fastfat - ok
    19:18:30.0937 3868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    19:18:30.0937 3868 Fdc - ok
    19:18:30.0968 3868 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    19:18:30.0968 3868 Fips - ok
    19:18:30.0984 3868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    19:18:30.0984 3868 Flpydisk - ok
    19:18:31.0046 3868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    19:18:31.0062 3868 FltMgr - ok
    19:18:31.0078 3868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:18:31.0078 3868 Fs_Rec - ok
    19:18:31.0093 3868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:18:31.0093 3868 Ftdisk - ok
    19:18:31.0109 3868 GEARAspiWDM - ok
    19:18:31.0156 3868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:18:31.0156 3868 Gpc - ok
    19:18:31.0187 3868 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    19:18:31.0203 3868 HDAudBus - ok
    19:18:31.0250 3868 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    19:18:31.0250 3868 HidUsb - ok
    19:18:31.0265 3868 hpn - ok
    19:18:31.0312 3868 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    19:18:31.0312 3868 HPZius12 - ok
    19:18:31.0421 3868 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    19:18:31.0437 3868 HTTP - ok
    19:18:31.0515 3868 i2omgmt - ok
    19:18:31.0593 3868 i2omp - ok
    19:18:31.0718 3868 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:18:31.0718 3868 i8042prt - ok
    19:18:32.0046 3868 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    19:18:32.0109 3868 ialm - ok
    19:18:32.0250 3868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:18:32.0250 3868 Imapi - ok
    19:18:32.0281 3868 ini910u - ok
    19:18:32.0625 3868 IntcAzAudAddService (0cacdcbbc8e6f11e2865c47bfc509848) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    19:18:32.0687 3868 IntcAzAudAddService - ok
    19:18:32.0828 3868 IntelIde - ok
    19:18:32.0906 3868 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    19:18:32.0906 3868 intelppm - ok
    19:18:32.0937 3868 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    19:18:32.0937 3868 Ip6Fw - ok
    19:18:33.0015 3868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:18:33.0015 3868 IpFilterDriver - ok
    19:18:33.0062 3868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:18:33.0062 3868 IpInIp - ok
    19:18:33.0078 3868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:18:33.0093 3868 IpNat - ok
    19:18:33.0109 3868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:18:33.0109 3868 IPSec - ok
    19:18:33.0140 3868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:18:33.0140 3868 IRENUM - ok
    19:18:33.0187 3868 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:18:33.0203 3868 isapnp - ok
    19:18:33.0250 3868 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:18:33.0250 3868 Kbdclass - ok
    19:18:33.0312 3868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    19:18:33.0312 3868 kmixer - ok
    19:18:33.0343 3868 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    19:18:33.0343 3868 KSecDD - ok
    19:18:33.0375 3868 lbrtfdc - ok
    19:18:33.0437 3868 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    19:18:33.0453 3868 LHidFilt - ok
    19:18:33.0468 3868 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    19:18:33.0468 3868 LMouFilt - ok
    19:18:33.0515 3868 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    19:18:33.0515 3868 MBAMProtector - ok
    19:18:33.0546 3868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    19:18:33.0546 3868 mnmdd - ok
    19:18:33.0562 3868 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    19:18:33.0578 3868 Modem - ok
    19:18:33.0671 3868 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    19:18:33.0703 3868 Monfilt - ok
    19:18:33.0750 3868 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
    19:18:33.0750 3868 motccgp - ok
    19:18:33.0781 3868 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
    19:18:33.0781 3868 motccgpfl - ok
    19:18:33.0812 3868 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:18:33.0812 3868 Mouclass - ok
    19:18:33.0875 3868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    19:18:33.0875 3868 mouhid - ok
    19:18:33.0921 3868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    19:18:33.0921 3868 MountMgr - ok
    19:18:33.0937 3868 mraid35x - ok
    19:18:33.0984 3868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:18:33.0984 3868 MRxDAV - ok
    19:18:34.0062 3868 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:18:34.0078 3868 MRxSmb - ok
    19:18:34.0093 3868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    19:18:34.0093 3868 Msfs - ok
    19:18:34.0156 3868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:18:34.0156 3868 MSKSSRV - ok
    19:18:34.0187 3868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:18:34.0187 3868 MSPCLOCK - ok
    19:18:34.0203 3868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    19:18:34.0203 3868 MSPQM - ok
    19:18:34.0250 3868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:18:34.0250 3868 mssmbios - ok
    19:18:34.0281 3868 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    19:18:34.0296 3868 MSTEE - ok
    19:18:34.0328 3868 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    19:18:34.0328 3868 Mup - ok
    19:18:34.0359 3868 mvusbews (1889385f1825c0782c5c179a0518d490) C:\WINDOWS\system32\Drivers\mvusbews.sys
    19:18:34.0359 3868 mvusbews - ok
    19:18:34.0406 3868 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    19:18:34.0406 3868 NABTSFEC - ok
    19:18:34.0437 3868 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
    19:18:34.0437 3868 NDIS - ok
    19:18:34.0468 3868 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    19:18:34.0468 3868 NdisIP - ok
    19:18:34.0546 3868 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:18:34.0546 3868 NdisTapi - ok
    19:18:34.0562 3868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:18:34.0578 3868 Ndisuio - ok
    19:18:34.0593 3868 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:18:34.0593 3868 NdisWan - ok
    19:18:34.0671 3868 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    19:18:34.0671 3868 NDProxy - ok
    19:18:34.0687 3868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:18:34.0687 3868 NetBIOS - ok
    19:18:34.0703 3868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:18:34.0718 3868 NetBT - ok
    19:18:34.0750 3868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    19:18:34.0750 3868 Npfs - ok
    19:18:34.0812 3868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    19:18:34.0828 3868 Ntfs - ok
    19:18:34.0859 3868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    19:18:34.0859 3868 Null - ok
    19:18:34.0921 3868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:18:34.0921 3868 NwlnkFlt - ok
    19:18:34.0968 3868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:18:34.0968 3868 NwlnkFwd - ok
    19:18:35.0015 3868 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    19:18:35.0031 3868 Parport - ok
    19:18:35.0046 3868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    19:18:35.0046 3868 PartMgr - ok
    19:18:35.0078 3868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    19:18:35.0093 3868 ParVdm - ok
    19:18:35.0093 3868 PCASp50 - ok
    19:18:35.0125 3868 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    19:18:35.0125 3868 PCI - ok
    19:18:35.0140 3868 PCIDump - ok
    19:18:35.0171 3868 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:18:35.0171 3868 PCIIde - ok
    19:18:35.0203 3868 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:18:35.0203 3868 Pcmcia - ok
    19:18:35.0218 3868 PDCOMP - ok
    19:18:35.0234 3868 PDFRAME - ok
    19:18:35.0250 3868 PDRELI - ok
    19:18:35.0265 3868 PDRFRAME - ok
    19:18:35.0281 3868 perc2 - ok
    19:18:35.0296 3868 perc2hib - ok
    19:18:35.0375 3868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:18:35.0375 3868 PptpMiniport - ok
    19:18:35.0390 3868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    19:18:35.0390 3868 PSched - ok
    19:18:35.0406 3868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:18:35.0406 3868 Ptilink - ok
    19:18:35.0453 3868 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    19:18:35.0453 3868 PxHelp20 - ok
    19:18:35.0468 3868 ql1080 - ok
    19:18:35.0484 3868 Ql10wnt - ok
    19:18:35.0500 3868 ql12160 - ok
    19:18:35.0515 3868 ql1240 - ok
    19:18:35.0531 3868 ql1280 - ok
    19:18:35.0546 3868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:18:35.0562 3868 RasAcd - ok
    19:18:35.0609 3868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:18:35.0609 3868 Rasl2tp - ok
    19:18:35.0625 3868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:18:35.0625 3868 RasPppoe - ok
    19:18:35.0640 3868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:18:35.0640 3868 Raspti - ok
    19:18:35.0687 3868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:18:35.0687 3868 Rdbss - ok
    19:18:35.0703 3868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:18:35.0703 3868 RDPCDD - ok
    19:18:35.0781 3868 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    19:18:35.0781 3868 RDPWD - ok
    19:18:35.0828 3868 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:18:35.0828 3868 redbook - ok
    19:18:35.0906 3868 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
    19:18:35.0906 3868 s1018bus - ok
    19:18:35.0968 3868 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
    19:18:35.0968 3868 s1018mdfl - ok
    19:18:36.0031 3868 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
    19:18:36.0031 3868 s1018mdm - ok
    19:18:36.0093 3868 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
    19:18:36.0093 3868 s1018mgmt - ok
    19:18:36.0171 3868 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
    19:18:36.0171 3868 s1018nd5 - ok
    19:18:36.0218 3868 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
    19:18:36.0218 3868 s1018obex - ok
    19:18:36.0281 3868 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
    19:18:36.0281 3868 s1018unic - ok
    19:18:36.0359 3868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:18:36.0359 3868 Secdrv - ok
    19:18:36.0421 3868 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    19:18:36.0421 3868 Serial - ok
    19:18:36.0468 3868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:18:36.0468 3868 Sfloppy - ok
    19:18:36.0484 3868 Simbad - ok
    19:18:36.0531 3868 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    19:18:36.0531 3868 SLIP - ok
    19:18:36.0546 3868 Sparrow - ok
    19:18:36.0593 3868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    19:18:36.0593 3868 splitter - ok
    19:18:36.0687 3868 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    19:18:36.0687 3868 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    19:18:36.0687 3868 sptd ( LockedFile.Multi.Generic ) - warning
    19:18:36.0687 3868 sptd - detected LockedFile.Multi.Generic (1)
    19:18:36.0718 3868 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    19:18:36.0718 3868 sr - ok
    19:18:36.0796 3868 SRS_PremiumSound_Service (7d7ad4aba007e20acc35cab03b28a935) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
    19:18:36.0796 3868 SRS_PremiumSound_Service - ok
    19:18:36.0859 3868 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    19:18:36.0859 3868 Srv - ok
    19:18:36.0937 3868 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    19:18:36.0937 3868 streamip - ok
    19:18:36.0968 3868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:18:36.0968 3868 swenum - ok
    19:18:36.0984 3868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    19:18:36.0984 3868 swmidi - ok
    19:18:37.0015 3868 symc810 - ok
    19:18:37.0031 3868 symc8xx - ok
    19:18:37.0046 3868 sym_hi - ok
    19:18:37.0062 3868 sym_u3 - ok
    19:18:37.0078 3868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    19:18:37.0078 3868 sysaudio - ok
    19:18:37.0125 3868 tbhsd (4d46f63f7ddc2442941d63327c360b90) C:\WINDOWS\system32\drivers\tbhsd.sys
    19:18:37.0125 3868 tbhsd - ok
    19:18:37.0187 3868 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:18:37.0203 3868 Tcpip - ok
    19:18:37.0234 3868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:18:37.0234 3868 TDPIPE - ok
    19:18:37.0265 3868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    19:18:37.0265 3868 TDTCP - ok
    19:18:37.0281 3868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:18:37.0281 3868 TermDD - ok
    19:18:37.0312 3868 TosIde - ok
    19:18:37.0359 3868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    19:18:37.0359 3868 Udfs - ok
    19:18:37.0375 3868 ultra - ok
    19:18:37.0421 3868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    19:18:37.0421 3868 Update - ok
    19:18:37.0484 3868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    19:18:37.0484 3868 usbccgp - ok
    19:18:37.0531 3868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:18:37.0531 3868 usbehci - ok
    19:18:37.0562 3868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:18:37.0562 3868 usbhub - ok
    19:18:37.0609 3868 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    19:18:37.0609 3868 usbprint - ok
    19:18:37.0687 3868 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    19:18:37.0687 3868 usbscan - ok
    19:18:37.0734 3868 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:18:37.0734 3868 usbstor - ok
    19:18:37.0765 3868 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    19:18:37.0765 3868 usbuhci - ok
    19:18:37.0812 3868 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    19:18:37.0812 3868 usbvideo - ok
    19:18:37.0968 3868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    19:18:37.0968 3868 VgaSave - ok
    19:18:38.0046 3868 ViaIde - ok
    19:18:38.0328 3868 VMC326 (20a559a25c4ae3f9b35f8229636ee5a7) C:\WINDOWS\system32\Drivers\VMC326.sys
    19:18:38.0328 3868 VMC326 - ok
    19:18:38.0484 3868 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    19:18:38.0484 3868 VolSnap - ok
    19:18:38.0500 3868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:18:38.0500 3868 Wanarp - ok
    19:18:38.0562 3868 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
    19:18:38.0562 3868 WDC_SAM - ok
    19:18:38.0625 3868 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    19:18:38.0625 3868 Wdf01000 - ok
    19:18:38.0640 3868 WDICA - ok
    19:18:38.0671 3868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    19:18:38.0687 3868 wdmaud - ok
    19:18:38.0750 3868 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    19:18:38.0750 3868 WinUSB - ok
    19:18:38.0812 3868 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    19:18:38.0812 3868 WpdUsb - ok
    19:18:38.0859 3868 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    19:18:38.0875 3868 WS2IFSL - ok
    19:18:38.0921 3868 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    19:18:38.0921 3868 WSTCODEC - ok
    19:18:38.0984 3868 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    19:18:38.0984 3868 WudfPf - ok
    19:18:39.0031 3868 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    19:18:39.0031 3868 WudfRd - ok
    19:18:39.0140 3868 yukonwxp (7578410b1512fad9c485b134561e8b78) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    19:18:39.0140 3868 yukonwxp - ok
    19:18:39.0203 3868 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
    19:18:39.0203 3868 zumbus - ok
    19:18:39.0281 3868 MBR (0x1B8) (6aefa2bac284226f1a5aed86e53d7bb9) \Device\Harddisk0\DR0
    19:18:39.0328 3868 \Device\Harddisk0\DR0 - ok
    19:18:39.0359 3868 Boot (0x1200) (27a5293f3e174c1d1864e778a2122dfd) \Device\Harddisk0\DR0\Partition0
    19:18:39.0359 3868 \Device\Harddisk0\DR0\Partition0 - ok
    19:18:39.0359 3868 ============================================================
    19:18:39.0359 3868 Scan finished
    19:18:39.0359 3868 ============================================================
    19:18:39.0375 3860 Detected object count: 1
    19:18:39.0375 3860 Actual detected object count: 1
    19:18:49.0890 3860 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
    19:18:49.0890 3860 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine


    Log for CFScript run on ComboFix:

    ComboFix 12-02-19.02 - Rachael 02/20/2012 19:47:19.9.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1694 [GMT 0:00]
    Running from: c:\documents and settings\Rachael\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Rachael\Desktop\CFScript.txt
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    FILE ::
    "c:\windows\system32\dds_trash_log.cmd"
    "c:\windows\system32\drivers\FixZeroAccess.sys"
    "c:\windows\system32\vsdatant.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_78673605
    -------\Service_78673605
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-13 16:09 . 2012-02-20 19:18 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\documents and settings\Rachael\Application Data\Malwarebytes
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-13 14:21 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-13 11:42 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-13 11:00 . 2012-02-13 14:02 32808 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
    2012-02-13 10:03 . 2012-02-13 11:07 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-13 10:01 . 2012-02-20 19:34 -------- d-----w- c:\program files\Catan
    2012-02-13 08:50 . 2012-02-13 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
    2012-02-11 18:27 . 2012-02-13 08:51 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-02-03 20:47 . 2012-02-03 20:47 -------- d-----w- c:\documents and settings\Rachael\Application Data\NCH Software
    2012-02-03 20:47 . 2012-02-03 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
    2012-02-03 20:46 . 2012-02-03 20:46 -------- d-----w- c:\program files\NCH Software
    2012-02-03 20:41 . 2012-02-03 20:41 -------- d-----w- c:\documents and settings\Rachael\Application Data\MtStudio
    2012-01-31 11:58 . 2012-01-31 11:58 -------- d-----w- c:\documents and settings\Rachael\Application Data\DDMSettings
    2012-01-23 00:02 . 2012-01-23 00:02 -------- d-----w- c:\windows\_swf_imagine digital freedom_work
    2012-01-22 21:02 . 2012-01-22 21:02 -------- d-----w- c:\program files\Lame For Audacity
    2012-01-22 20:58 . 2012-02-03 21:10 -------- d-----w- c:\documents and settings\Rachael\Application Data\Audacity
    2012-01-22 20:29 . 2012-02-08 19:00 -------- d-----w- c:\program files\Audacity
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-05 10:16 . 2011-05-27 07:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2011-11-25 21:57 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-12 14:09 1859584 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 07:42 . 2012-01-11 07:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\system32\Drivers\sptd.sys ---
    Company: ------
    File Description: ------
    File Version: ------
    Product Name: ------
    Copyright: ------
    Original Filename: ------
    File size: 691696
    Created time: 2010-09-19 01:31
    Modified time: 2010-09-19 01:31
    MD5: !HASH: COULD NOT OPEN FILE !!!!!
    SHA1: !HASH: COULD NOT OPEN FILE !!!!!
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-13_12.50.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-20 20:04 . 2012-02-20 20:04 16384 c:\windows\temp\Perflib_Perfdata_138.dat
    + 2010-01-16 19:36 . 2012-02-14 19:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2010-01-16 19:36 . 2012-02-13 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2010-05-17 07:40 . 2008-04-17 21:12 107368 c:\windows\system32\GEARAspi.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NetMeter"="c:\program files\HooTech Net Meter\HooNetMeter.exe" [2008-12-06 577536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
    "SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2010-04-20 300912]
    "DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
    "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-11-27 2768896]
    "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    .
    c:\documents and settings\Rachael\Start Menu\Programs\Startup\
    Easy Display Manager for XP.lnk - c:\program files\Samsung\Easy Display Manager\DMLauncher_XP.exe [2010-5-14 466944]
    Magic Keyboard.lnk - c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe [2010-1-16 151552]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2010-11-23 6144]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\Rachael\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Documents and Settings\\Rachael\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/19/2010 1:31 AM 691696]
    R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [1/16/2010 7:50 PM 4300]
    R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [6/23/2011 2:21 PM 99896]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/13/2012 2:21 PM 652360]
    R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [5/19/2009 9:39 AM 66792]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/4/2009 1:22 PM 98304]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 7:58 AM 20480]
    R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [8/12/2004 2:06 PM 14336]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/13/2012 2:21 PM 20464]
    R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [3/14/2010 8:56 AM 233512]
    R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [8/9/2011 5:14 PM 238464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 3:39 PM 135664]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/16/2010 7:44 PM 1684736]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 3:39 PM 135664]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 4:49 AM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 4:49 AM 8320]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [6/23/2011 2:20 PM 17408]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [9/7/2010 2:03 PM 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [9/7/2010 2:03 PM 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [9/7/2010 2:03 PM 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [9/7/2010 2:03 PM 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [9/7/2010 2:03 PM 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [9/7/2010 2:03 PM 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [9/7/2010 2:03 PM 109864]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/28/2011 9:02 AM 155344]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/20/2010 10:31 AM 11520]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 12:19 PM 268528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    yksvcs REG_MULTI_SZ yksvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    vserial
    aswrdr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 15:38]
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 15:38]
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-484061587-725345543-1004Core.job
    - c:\documents and settings\Rachael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 00:08]
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-484061587-725345543-1004UA.job
    - c:\documents and settings\Rachael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 00:08]
    .
    2012-02-03 c:\windows\Tasks\wavepadSevenDays.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-02-03 20:46]
    .
    2012-02-06 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-02-03 20:46]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    FF - ProfilePath - c:\documents and settings\Rachael\Application Data\Mozilla\Firefox\Profiles\90841v1g.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-20 20:05
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3640)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    c:\windows\system32\ZuneBusEnum.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-20 20:12:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-20 20:12
    ComboFix2.txt 2012-02-14 20:36
    ComboFix3.txt 2012-02-13 23:34
    ComboFix4.txt 2012-02-13 22:53
    ComboFix5.txt 2012-02-20 19:37
    .
    Pre-Run: 71,530,520,576 bytes free
    Post-Run: 71,546,286,080 bytes free
    .
    - - End Of File - - 070B8DED591843B33C385DC4A3541AD3
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2


    For 64bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
      :filefind
      sptd.*
      
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    =============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\drivers\FixZeroAccess.sys
    Extra::
    File::
    Firefox::
    Firefox-: - Profile- c:\documents and settings\Rachael\Application Data\Mozilla\Firefox\Profiles\90841v1g.default\
    Firefox-: prefs.js Search.Default
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=
    Clearjavacache::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    I was trying to offer suggestions for you to check for posible contributors to the slowness.
    =====================
    Last scans.
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ===================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
     
  12. rlm59

    rlm59 TS Rookie Topic Starter

    My apologies, I have been very sick, I will run the above instructed on my computer tomorrow morning first thing and post the logs.
     
  13. rlm59

    rlm59 TS Rookie Topic Starter

    Systemlook

    SystemLook 30.07.11 by jpshortstuff
    Log created at 07:53 on 27/02/2012 by Rachael
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "sptd.*"
    C:\WINDOWS\system32\drivers\sptd.sys --a---- 691696 bytes [01:31 19/09/2010] [01:31 19/09/2010] (Unable to calculate MD5)

    -= EOF =-


    Combofix with CFScript
    ComboFix 12-02-25.02 - Rachael 02/27/2012 8:13.10.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1687 [GMT 0:00]
    Running from: c:\documents and settings\Rachael\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Rachael\Desktop\CFScript.txt
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    FILE ::
    "c:\windows\system32\drivers\FixZeroAccess.sys"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-27 07:49 . 2012-02-27 07:49 -------- d-----w- C:\HijackThis
    2012-02-20 19:34 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-20 19:34 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-13 16:09 . 2012-02-20 19:18 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\documents and settings\Rachael\Application Data\Malwarebytes
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-02-13 14:21 . 2012-02-13 14:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-13 14:21 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-13 11:42 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-13 10:03 . 2012-02-13 11:07 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-13 10:01 . 2012-02-20 19:34 -------- d-----w- c:\program files\Catan
    2012-02-13 08:50 . 2012-02-13 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
    2012-02-11 18:27 . 2012-02-13 08:51 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-02-03 20:47 . 2012-02-03 20:47 -------- d-----w- c:\documents and settings\Rachael\Application Data\NCH Software
    2012-02-03 20:47 . 2012-02-03 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
    2012-02-03 20:46 . 2012-02-03 20:46 -------- d-----w- c:\program files\NCH Software
    2012-02-03 20:41 . 2012-02-03 20:41 -------- d-----w- c:\documents and settings\Rachael\Application Data\MtStudio
    2012-01-31 11:58 . 2012-01-31 11:58 -------- d-----w- c:\documents and settings\Rachael\Application Data\DDMSettings
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-05 10:16 . 2011-05-27 07:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2012-01-11 07:42 . 2012-01-11 07:42 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-13_12.50.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-27 08:11 . 2012-02-27 08:11 16384 c:\windows\temp\Perflib_Perfdata_14c.dat
    - 2010-01-16 19:36 . 2012-02-13 12:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2010-01-16 19:36 . 2012-02-14 19:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2010-01-23 16:01 . 2012-01-12 04:56 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
    + 2010-01-23 16:01 . 2012-02-27 07:52 35088 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\oisicon.exe
    - 2010-01-23 16:01 . 2012-01-12 04:56 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
    + 2010-01-23 16:01 . 2012-02-27 07:52 18704 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\mspicons.exe
    - 2010-01-23 16:01 . 2012-01-12 04:56 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
    + 2010-01-23 16:01 . 2012-02-27 07:52 20240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\cagicon.exe
    + 2010-10-01 18:07 . 2012-02-27 07:54 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    - 2010-10-01 18:07 . 2011-10-13 07:34 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2010-05-17 07:40 . 2008-04-17 21:12 107368 c:\windows\system32\GEARAspi.dll
    + 2010-01-23 16:01 . 2012-02-27 07:52 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
    - 2010-01-23 16:01 . 2012-01-12 04:56 888080 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\wordicon.exe
    - 2010-01-23 16:01 . 2012-01-12 04:56 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
    + 2010-01-23 16:01 . 2012-02-27 07:52 272648 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pubs.exe
    - 2010-01-23 16:01 . 2012-01-12 04:56 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
    + 2010-01-23 16:01 . 2012-02-27 07:52 922384 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\pptico.exe
    + 2010-01-23 16:01 . 2012-02-27 07:52 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
    - 2010-01-23 16:01 . 2012-01-12 04:56 845584 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\outicon.exe
    - 2010-01-23 16:01 . 2012-01-12 04:56 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
    + 2010-01-23 16:01 . 2012-02-27 07:52 217864 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\misc.exe
    + 2012-02-03 15:13 . 2012-02-03 15:13 4988928 c:\windows\Installer\80c6d.msp
    + 2010-01-23 16:01 . 2012-02-27 07:52 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
    - 2010-01-23 16:01 . 2012-01-12 04:56 1172240 c:\windows\Installer\{91120000-00CA-0000-0000-0000000FF1CE}\xlicons.exe
    + 2012-02-27 07:52 . 2012-02-27 07:52 20333056 c:\windows\Installer\80c78.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Rachael\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NetMeter"="c:\program files\HooTech Net Meter\HooNetMeter.exe" [2008-12-06 577536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
    "SUPBackGround"="c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe" [2010-04-20 300912]
    "DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
    "BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-11-27 2768896]
    "MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    .
    c:\documents and settings\Rachael\Start Menu\Programs\Startup\
    Easy Display Manager for XP.lnk - c:\program files\Samsung\Easy Display Manager\DMLauncher_XP.exe [2010-5-14 466944]
    Magic Keyboard.lnk - c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe [2010-1-16 151552]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2010-11-23 6144]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\Rachael\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Documents and Settings\\Rachael\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/19/2010 1:31 AM 691696]
    R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [1/16/2010 7:50 PM 4300]
    R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [6/23/2011 2:21 PM 99896]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/13/2012 2:21 PM 652360]
    R2 SRS_WOWXT_Service;SRS WOWXT/TSXT Service;c:\program files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe [5/19/2009 9:39 AM 66792]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/4/2009 1:22 PM 98304]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 7:58 AM 20480]
    R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [8/12/2004 2:06 PM 14336]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/13/2012 2:21 PM 20464]
    R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [3/14/2010 8:56 AM 233512]
    R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [8/9/2011 5:14 PM 238464]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 3:39 PM 135664]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe --> c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/16/2010 7:44 PM 1684736]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 3:39 PM 135664]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 4:49 AM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 4:49 AM 8320]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [6/23/2011 2:20 PM 17408]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [9/7/2010 2:03 PM 86824]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [9/7/2010 2:03 PM 15016]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [9/7/2010 2:03 PM 114728]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [9/7/2010 2:03 PM 106208]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [9/7/2010 2:03 PM 26024]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [9/7/2010 2:03 PM 104744]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [9/7/2010 2:03 PM 109864]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [5/28/2011 9:02 AM 155344]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/20/2010 10:31 AM 11520]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 12:19 PM 268528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    yksvcs REG_MULTI_SZ yksvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    vserial
    aswrdr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
    .
    2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 15:38]
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 15:38]
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-484061587-725345543-1004Core.job
    - c:\documents and settings\Rachael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 00:08]
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-484061587-725345543-1004UA.job
    - c:\documents and settings\Rachael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 00:08]
    .
    2012-02-03 c:\windows\Tasks\wavepadSevenDays.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-02-03 20:46]
    .
    2012-02-06 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Software\WavePad\wavepad.exe [2012-02-03 20:46]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Rachael\Application Data\Mozilla\Firefox\Profiles\90841v1g.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-27 08:27
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2012-02-27 08:30:12
    ComboFix-quarantined-files.txt 2012-02-27 08:29
    ComboFix2.txt 2012-02-20 20:12
    ComboFix3.txt 2012-02-14 20:36
    ComboFix4.txt 2012-02-13 23:34
    ComboFix5.txt 2012-02-27 08:04
    .
    Pre-Run: 71,321,272,320 bytes free
    Post-Run: 71,331,414,016 bytes free
    .
    - - End Of File - - 8EBB2259097269CE3B88C200D6C9E393


    HijackThis

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 08:33:48 AM, on 2/27/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\system32\HPSIsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Rachael\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (file missing)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
    O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
    O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [NetMeter] C:\Program Files\HooTech Net Meter\HooNetMeter.exe
    O4 - Startup: Easy Display Manager for XP.lnk = ?
    O4 - Startup: Magic Keyboard.lnk = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (file missing)
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ehrecvr (aswrdr) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (file missing)
    O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
    O23 - Service: SRS WOWXT/TSXT Service (SRS_WOWXT_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS WOW XT and TSXT\SRS_PostInstaller.exe
    O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

    --
    End of file - 8964 bytes


    ESET Log to come in a bit
     
  14. rlm59

    rlm59 TS Rookie Topic Starter

    C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.vir a variant of Win32/Rootkit.Kryptik.JK trojan
    C:\System Volume Information\_restore{E1F33385-A01D-4131-BFE1-739C8A0617D2}\RP429\A0272891.sys a variant of Win32/Rootkit.Kryptik.JK trojan
    C:\System Volume Information\_restore{E1F33385-A01D-4131-BFE1-739C8A0617D2}\RP429\A0273892.sys a variant of Win32/Rootkit.Kryptik.JK trojan
    C:\System Volume Information\_restore{E1F33385-A01D-4131-BFE1-739C8A0617D2}\RP429\A0275064.sys a variant of Win32/Rootkit.Kryptik.JK trojan
    C:\System Volume Information\_restore{E1F33385-A01D-4131-BFE1-739C8A0617D2}\RP429\A0279527.dll probably a variant of Win32/Sirefef.ER trojan
    C:\System Volume Information\_restore{E1F33385-A01D-4131-BFE1-739C8A0617D2}\RP429\A0279528.dll probably a variant of Win32/Sirefef.ER trojan
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I hope you're feeling better.

    Please tell me how the system is doing now. Are there any problems you are aware of?

    There is a file of concern. Did you have Daemon Tools installed? There is a non-standard driver from that program.

    I'd like you to run the following and leave the log in your net reply, along with current description of problems.

    Oops! [​IMG] Forgot to leave the scan:
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
     
  16. rlm59

    rlm59 TS Rookie Topic Starter

    The system seems running fine/it no longer seems slow. My plug and play function is not working for things like USB sticks, and My Computer still seems a bit glitchy, with basic settings like window size being reset every time I open it. Once I get home I will run the CKScanner and post it here, I will also check on Daemon Tools.
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You haven't told me what happens or how Plug N Play doesn't work, just mentioned a couple of time there was a problem :
    1. Are you wanting it to autorun and it isn't?
    2. Did you check the Device Manager for error? Control Panel> System> Hardware tab> Device Manager> click on + sign to expand System Devices> Plug and Play Device Enumerator> Do you see and error icon [​IMG]
    Right click on check for hardware changes
    Right click> Properties> Troubleshoot> follow the Help Center.
    3. Did you check to make sure Plug N Play Service is set to Automatic?
    Click on Start> run> type in services.msc> Enter> Double click on Plug N Play> Startup type should be Automatic. If it isn't, set it in the dialog box.

    That's the best I can do on PNP without knowing the problem.
    =================================
    I can't do much for "glitchy"- that's an 'unnown.' But I can help with the Windows size. Please tell me if you are referring to the default Windows size or the 'Open new Window' feature.

    If a Window opens too small and you use the Maximize box to resize, it will revert back to the smaller size when it opens again>>unless you reset by hand without using the Maximize button:

    Open the Window> Do not use the Maximize box to change it> Instead, to enlarge hold left mouse button own on top frame of Window and drag the Window up to top left corner> If you want it larger-or maximized-hold left mouse button down on the /// diagonal lines on the lower right corner of the Window> while holding left mouse button down, drag corner to larger or smaller, the size you want it to reopen next time> when finished, click the X on to right to close the Window.

    Next time you call up that Windows, it should be the size you set. The trick to keeping the setting is not to use the Maximize button.

    You can also set a Window to open smaller using the same principal.

    If the particular Window you're working with does not have the /// at lower right corner: Run the cursor over the right side and the bottom of the Window (one at a time) until you see the double arrow> then hold left mouse button down and either move to the right or go down and drag the Windows edges to the size you want. Same as the other-don't use the Maximize box-Close on X when through.
    ====================
    The rootkit frequently leaves the system with the following 'glitches.' If you notice them, reset as instructed:
    Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    • Click on Start> Control Panel> Appearance & Personalization
    • Select Change Theme or Change Desktop Background
    =====================================
    Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    =====================================
     
  18. rlm59

    rlm59 TS Rookie Topic Starter

    Ok below is the CKScanner log. The plug n play problem has appeared to be fixed, as has the window size problem, and as of now I am not seeing any problems.

    I did at one time have daemon tools installed, but I do no longer, so I m not sure what the driver that you are talking about is. Please let me know if anything else needs to be done to declare the system clean.

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\rachael\application data\macromedia\flash player\#sharedobjects\fnj4cs4e\crackle.com\cracklesettings.sol
    c:\documents and settings\rachael\application data\macromedia\flash player\#sharedobjects\fnj4cs4e\www.crackle.com\cracklesettings.sol
    c:\documents and settings\rachael\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
    c:\documents and settings\rachael\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#www.crackle.com\settings.sol
    c:\program files\hootech net meter\crack\hoonetmeter.exe
    scanner sequence 3.DF.11.IQAPTA
    ----- EOF -----
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This is a pirated program: c:\program files\hootech net meter\crack\hoonetmeter.exe

    To continue support, any pirated software will have to be removed.
     
  20. rlm59

    rlm59 TS Rookie Topic Starter

    My apologies, I had forgotten to delete the crack after I realized I liked the program and subsequently bought it. I have uninstalled it for now, and will reactivate it with my purchased key after cleaning.
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay- there are no 'missing' icons, programs files etc? Desktop isn't black?/ Start menu is set correctly? If these are 2 'no' and last 'yes', then the possible after effects of the rootkit have been resolved and you can remove the cleaning tools:

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Let me know if you have any questions.
     
  22. rlm59

    rlm59 TS Rookie Topic Starter

    Thank you very much for all of you help. This has solved all the problems.
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're very welcome!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.