Inactive Google link redirect and random audio playing

F

FHorn

Posts: 8   +0
Hello - Whenever I search on Google and click a link I get redirected to random advertisements. In addition, random audio will play even without IE being open. Thank you in advance for you assistance. Here are the logs from teh 5-step process:

MBAM-Log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.09.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nicole :: PC677134193111 [administrator]

1/9/2012 12:19:58 PM
mbam-log-2012-01-09 (12-19-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235531
Time elapsed: 4 hour(s), 40 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\avSofT (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKCU\Software\AVSuitE (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|yyxjrdvb (Rogue.AntivirusSuite.Gen) -> Data: C:\Documents and Settings\Nicole\Local Settings\Application Data\kdbobjttp\cnxienqtssd.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5577 -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Q5WFA4SN\MyFunCards[1].exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl7704702928480094313.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.

(end)

gmer:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-09 19:57:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST960812A rev.3.05
Running: gybbwcx0.exe; Driver: C:\DOCUME~1\Nicole\LOCALS~1\Temp\fflirkod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- EOF - GMER 1.0.15 ----

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Nicole at 9:41:22 on 2012-01-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.997 [GMT -8:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\BUFFALO\Encrdisk\ENCRDLG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\program files\real\realplayer\update\realsched.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [<NO NAME>]
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hp\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [RegistryQuick.exe] c:\program files\rq\RegistryQuick.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\nicole\startm~1\programs\startup\memeoa~1.lnk - c:\documents and settings\nicole\application data\microsoft\installer\{bd1f8143-c678-43cd-a296-a3a32a8c2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\ENCRFIL.SYS [2009-3-1 725120]
R0 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\SLWFIL.SYS [2009-3-1 725248]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2012-1-7 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2012-1-7 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2012-1-7 136312]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2012-1-7 130008]
R2 SecureLockWare_InputPassword;SecureLockWare Service;c:\program files\buffalo\encrdisk\encrdlg.exe -service_execute --> c:\program files\buffalo\encrdisk\ENCRDLG.exe -Service_Execute [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-8 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120107.001\IDSXpx86.sys [2012-1-9 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120110.002\NAVENG.SYS [2012-1-10 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\virusdefs\20120110.002\NAVEX15.SYS [2012-1-10 1576312]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-12 136176]
S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [2009-9-27 8960]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-9-27 17152]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-12 136176]
S3 NUVision;Zoran USB Live! (1004);c:\windows\system32\drivers\NUVision.sys [2009-10-8 154976]
S3 stv676;USB Video Camera;c:\windows\system32\drivers\stv676.sys [2009-10-8 64512]
S3 stv676m;USB Video Cameram;c:\windows\system32\drivers\stv676m.sys [2009-10-8 6144]
.
=============== Created Last 30 ================
.
2012-01-10 17:29:05 887 ----a-w- c:\documents and settings\all users\application data\koznaaa.tmp
2012-01-10 03:35:55 851 ----a-w- c:\documents and settings\all users\application data\klnnaaa.tmp
2012-01-10 03:35:55 840 ----a-w- c:\documents and settings\all users\application data\ilnnaaa.tmp
2012-01-10 03:34:39 816 ----a-w- c:\documents and settings\all users\application data\jlnnaaa.tmp
2012-01-10 03:33:39 845 ----a-w- c:\documents and settings\all users\application data\hlnnaaa.tmp
2012-01-10 03:23:35 809 ----a-w- c:\documents and settings\all users\application data\glnnaaa.tmp
2012-01-09 20:17:00 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-09 20:17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-09 12:45:09 852 ----a-w- c:\documents and settings\all users\application data\tyonaaa.tmp
2012-01-09 05:43:09 -------- d-----w- c:\documents and settings\nicole\local settings\application data\NPE
2012-01-09 05:32:48 -------- d-----w- C:\66ea9cec9032b4dc3d80e009ce3412
2012-01-09 01:43:12 -------- d-----w- c:\documents and settings\nicole\application data\ElevatedDiagnostics
2012-01-08 07:18:04 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys
2012-01-08 07:18:04 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2012-01-08 07:18:04 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2012-01-08 07:18:04 369784 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdi.sys
2012-01-08 07:18:04 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys
2012-01-08 07:18:04 331384 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys
2012-01-08 07:18:04 296568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2012-01-08 07:18:03 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys
2012-01-08 07:17:19 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
.
==================== Find3M ====================
.
2012-01-08 07:22:43 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-01-08 07:22:43 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-14 18:16:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 9:47:03.34 ===============

DDS Attach: Edit: Duplicate of DDS.txt log left in error deleted by Bobbye.Requested correct log
 
Welcome to TechSpot! Can you please back up and find the other log from the DDS scan? It's named Attach.txt You have copied the other log, DDS.txt twice. Just paste the log into the next reply- no need to zip it either.

It looks like you're running 2 Registry Cleaners, RegGuard and RegistryQuick. We don't recommend registry cleaner to anyone. The risk far outweights any benefit you think you may get.
===========================
You have been using FunWebProducts site and their partner sites to get screenvers, cursor, wallpaper, Smilies and other 'cute' things to put on the system.

Uninstall the FunWebProduct and My Web Search option from Add/Remove Programs
1) Click on Start, Settings, Control Panel
2) Double click on Add/Remove Programs
3) Find any programs from in the list of installed programs and click on Change/Remove to uninstall it.
  • FunWebProducts
  • My Web Search (Smiley Central or FWP product as applicable)
  • My Way Speedbar (Smiley Central or other FWP as applicable)
  • My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
  • My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
  • Search Assistant -
4) Reboot your Computer.
5) Right click on Start> Choose Explore.
6) My Computer> Local Drive (C)> double-click on the Program Files folder
7) ]Right-click and delete the progrm folder fo each of the programs you uninstalled.:
8) If you have FunWebProducts saved as a Bookmark or Favorite, delete it

Stay away from: Other FunWebProducts
Smiley Central
Cursor Mania
FunBuddyIcons
My Mail Stationery
My Mail Signature
My Mail Stamps
Popular Screensavers
Webfetti
Click to expand...
============================================
It appears that you have been infected by the Rogue Antivirus, 2012
  1. Pretends to be a security update for Windows installed via Automatic Updates. It will then install itself as a single executable that has a random consisting of three characters
  2. Clicking on any executable loads the malware
  3. Display fake security alerts on the infected computer.
  4. May not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer
  5. Changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program.

To fix #5, you start here: Download a Registry file that will fix these changes.
Please download FixNCR.reg and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.
  • Insert the removable device into the infected computer and open the folder the drive letter associated with it.(Usually C)
  • Double click the FixNCR.reg file
  • You should now be able to run the .exe files.
====================================
There may be a proxy enabled that can cause a redirect> please check this:
Reset your browser proxies
  • For Firefox:
    o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
    o Click on the "Network" tab, and then on the "Settings" button.
    o Please make sure that the "No Proxy" option is selected.
  • For Internet Explorer:
    o Open Internet Explorer.
    o Click on "Tools" and then select "Internet Options".
    o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
    o Uncheck "Use a Proxy server for your LAN".
    o Click Ok to close the Local Area Network (LAN) Settings window.
    o Click Ok to close the Internet Options window.
===================================
To end the processes that belong to the rogue program:
Please click on RKill
  • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
  • Double click on the iExplore.exe icon
  • Please be patient- it may take a bit.
  • The black Window will close when through and you can continue.
Note: If you get a message that RKill is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after running RKill as the malware programs will start again.
================================
Update and rescan with Malwarebytes:
  • Select Perform Full Scan on the Scanner tab
  • Click on the Scan button.
  • When scan has finished, you will see this image:
    scan-finished.jpg
  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
==============================
This should remove the major offender. Reboot the Computer into Normal Mode and run the following:
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=======================================
There are some other entries to remove, so please run the following-(Normal Mode) Note that you will need to disable Norton:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
====================================
Please include logs from RKill, Full Mbam scan, Eset and Combofix in next reply.
===================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Attach Log

Sorry for the mistake of posting DDS twice. Here is the Attach log and I will get the other logs to you soon. Thank you.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/26/2006 7:27:59 AM
System Uptime: 1/10/2012 8:26:39 AM (1 hours ago)
.
Motherboard: Quanta | | 308F
Processor: Intel(R) Celeron(R) M processor 1.60GHz | U1 | 1596/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 47 GiB total, 19.63 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.549 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 1/7/2012 10:51:31 PM - System Checkpoint
RP2: 1/8/2012 5:32:04 PM - Installed %1 %2.
RP3: 1/10/2012 3:00:40 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.7
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
AnyBizSoft PDF Password Remover (Build 1.0.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applied Vision 2.0
Bing Bar
Broadcom 802.11 Wireless LAN Adapter
BUFFALO eco Manager for HD
BUFFALO INC. DISK FORMATTER
BUFFALO Secure Lock Ware
BUFFALO TurboUSB for FLASH/HDD
BufferChm
C4100
c4100_Help
Canon iP1600
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Destinations
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
eMusic Download Manager 4.1.4
eSupportQFolder
EZ Calendar (remove only)
Fax_CDA
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP QuickPlay 2.0
HP Solution Center 7.0
HP User Guides--System Recovery
HP User Guides 0001
HP Wireless Assistant 2.00 B3
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Inspiration 8
InstallMgr
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver for Mobile
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 13
LG Outlook Sync
LG USB Modem driver
LightScribe 1.4.56.1
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
Memeo AutoBackup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Sounds
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MicroWorlds EX Demo
Move Media Player
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
muvee autoProducer 4.5
Netscape Browser (remove only)
NewCopy_CDA
Norton 360
Nvu 1.0
OaksSecureBrowser3.1 (3.1)
OaksSecureBrowser4.0
OCR Software by I.R.I.S 7.0
Office 2003 Trial Assistant
OpenOffice.org Installer 1.0
OptionalContentQFolder
Oracle JInitiator 1.3.1.22
PanoStandAlone
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
ProductContextNPI
PSShortcutsP
PSUsage
Quick Launch Buttons 5.20 F2
Quicken 2006
QuickTime
RandMap
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
ScannerCopy
ScienceMatrix Demo v1.05 Demo Version 1.05
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SHARP MX Series PCL/PS Printer Driver
SHARP PCL6 T1 Printer Driver
SkinsHP1
SlideShow
SmartFTP Client
SmartFTP Client 2.5 Setup Files (remove only)
Soft Data Fax Modem with SmartCP
SolutionCenter
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 9
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TourSetup
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USA Explorer
USB Video Camera v221 Installation Files
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Series TweakMP PowerToy
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
Winkflash Transporter
Wireless Home Network Setup
Woodalls 1.0
Write-N-Cite
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 7:58:11 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/9/2012 12:17:42 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR210\0000 disappeared from the system without first being prepared for removal.
1/9/2012 12:11:21 PM, error: Service Control Manager [7022] - The hpqwmiex service hung on starting.
1/8/2012 10:27:25 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TrkWks service.
1/8/2012 10:25:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde PCIIde ViaIde
1/6/2012 8:39:44 PM, error: Dhcp [1002] - The IP address lease 192.168.1.141 for the Network Card with network address 0014A57416D3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/6/2012 11:00:12 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
1/5/2012 8:20:12 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer FRONTOFFICE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{36022206-A409-49. The master browser is stopping or an election is being forced.
1/5/2012 5:34:32 PM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 0014A57416D3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/4/2012 8:36:16 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JEFF-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{36022206-A409-498B-B. The master browser is stopping or an election is being forced.
1/4/2012 8:04:22 AM, error: Dhcp [1002] - The IP address lease 192.168.2.103 for the Network Card with network address 0014A57416D3 has been denied by the DHCP server 192.168.1.9 (The DHCP Server sent a DHCPNACK message).
1/4/2012 4:56:54 PM, error: Dhcp [1002] - The IP address lease 192.168.1.109 for the Network Card with network address 0014A57416D3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/3/2012 11:13:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
1/3/2012 11:13:59 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/10/2012 8:06:47 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
.
==== End Of File ===========================
 
No problem- happens frequently. Suggest you uninstall RegistryQuick in Add/Remove Programs. Then use Windows Explorer to access Computer> Local Drive(C)> Programs> do a right click> delete in it's program folder. We don't recommend a registry cleaner to anyone. Risk far outreach and benefit.

Okay to go ahead with my instructions, then post logs when ready.
 
Logs

Thanks again for your help. Here are the logs. As a side note, when I do "Remove programs" or look at the Program files, I do not see the QuickRegistry nor the other malicious programs. Not sure if they were removed by the recent malware programs that have been ran. I did do one Google search and things appear to be working. Anyway, here are the logs:

RKill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/11/2012 at 20:41:17.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\verclsid.exe


Rkill completed on 01/11/2012 at 20:44:29.


MBAM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nicole :: PC677134193111 [administrator]

1/12/2012 5:43:49 PM
mbam-log-2012-01-12 (17-43-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 336669
Time elapsed: 2 hour(s), 23 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET

C:\RECYCLER\S-1-5-21-4171789061-3901554716-3973874397-500\Dc1.exe Win32/Adware.RegistryQuick application

Combofix

ComboFix 12-01-13.03 - Nicole 01/13/2012 8:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1278 [GMT -8:00]
Running from: c:\documents and settings\Nicole\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\amqnaaa.tmp
c:\documents and settings\All Users\Application Data\emqnaaa.tmp
c:\documents and settings\All Users\Application Data\glnnaaa.tmp
c:\documents and settings\All Users\Application Data\hlnnaaa.tmp
c:\documents and settings\All Users\Application Data\ilnnaaa.tmp
c:\documents and settings\All Users\Application Data\ioznaaa.tmp
c:\documents and settings\All Users\Application Data\jlnnaaa.tmp
c:\documents and settings\All Users\Application Data\joznaaa.tmp
c:\documents and settings\All Users\Application Data\klnnaaa.tmp
c:\documents and settings\All Users\Application Data\koznaaa.tmp
c:\documents and settings\All Users\Application Data\mkknaaa.tmp
c:\documents and settings\All Users\Application Data\nkknaaa.tmp
c:\documents and settings\All Users\Application Data\okknaaa.tmp
c:\documents and settings\All Users\Application Data\pkknaaa.tmp
c:\documents and settings\All Users\Application Data\qkknaaa.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\tyonaaa.tmp
c:\documents and settings\Nicole\My Documents\~WRL0001.tmp
c:\documents and settings\Nicole\My Documents\~WRL0230.tmp
c:\documents and settings\Nicole\My Documents\~WRL0597.tmp
c:\documents and settings\Nicole\My Documents\~WRL1067.tmp
c:\documents and settings\Nicole\My Documents\~WRL1177.tmp
c:\documents and settings\Nicole\My Documents\~WRL1428.tmp
c:\documents and settings\Nicole\My Documents\~WRL1507.tmp
c:\documents and settings\Nicole\My Documents\~WRL2029.tmp
c:\documents and settings\Nicole\My Documents\~WRL2578.tmp
c:\documents and settings\Nicole\My Documents\~WRL2731.tmp
c:\documents and settings\Nicole\My Documents\~WRL3115.tmp
c:\documents and settings\Nicole\My Documents\~WRL3368.tmp
c:\documents and settings\Nicole\WINDOWS
c:\windows\setupapi.log
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000111_.tmp.dll
D:\Autorun.inf
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-13 04:31 . 2012-01-13 04:31 -------- d-----w- c:\program files\ESET
2012-01-12 15:25 . 2012-01-12 15:25 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-09 20:17 . 2012-01-09 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-09 20:17 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-09 05:43 . 2012-01-09 16:22 -------- d-----w- c:\documents and settings\Nicole\Local Settings\Application Data\NPE
2012-01-09 05:32 . 2012-01-09 06:21 -------- d-----w- C:\66ea9cec9032b4dc3d80e009ce3412
2012-01-09 01:43 . 2012-01-09 01:43 -------- d-----w- c:\documents and settings\Nicole\Application Data\ElevatedDiagnostics
2012-01-08 07:17 . 2012-01-08 16:44 -------- d-----w- c:\windows\system32\drivers\N360\0501000.01D
2012-01-08 06:54 . 2012-01-08 06:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-08 06:54 . 2012-01-08 06:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 15:25 . 2004-08-04 08:00 1058816 ----a-w- c:\windows\explorer.exe
2012-01-08 07:22 . 2010-12-30 04:10 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-01-08 07:22 . 2010-12-30 04:10 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-14 18:16 . 2011-07-07 16:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-04 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-06-26 20:40 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 08:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-04 19:20 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 08:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 08:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-04 08:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 08:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2005-10-28 679936]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-12 273528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-23 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Nicole\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\documents and settings\Nicole\Application Data\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-9-27 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\ENCRFIL.SYS [3/1/2009 9:14 PM 725120]
R0 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\SLWFIL.SYS [3/1/2009 9:14 PM 725248]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [1/7/2012 11:18 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [1/7/2012 11:18 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 6:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [1/7/2012 11:18 PM 136312]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [1/7/2012 11:17 PM 130008]
R2 SecureLockWare_InputPassword;SecureLockWare Service;c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe -Service_Execute --> c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe -Service_Execute [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/8/2012 9:07 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120112.002\IDSXpx86.sys [1/12/2012 5:42 PM 356280]
S1 hjflzhha;hjflzhha;\??\c:\windows\system32\drivers\hjflzhha.sys --> c:\windows\system32\drivers\hjflzhha.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2011 10:33 AM 136176]
S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [9/27/2009 7:29 PM 8960]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [9/27/2009 7:27 PM 17152]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2011 10:33 AM 136176]
S3 NUVision;Zoran USB Live! (1004);c:\windows\system32\drivers\NUVision.sys [10/8/2009 1:18 PM 154976]
S3 stv676;USB Video Camera;c:\windows\system32\drivers\stv676.sys [10/8/2009 1:06 PM 64512]
S3 stv676m;USB Video Cameram;c:\windows\system32\drivers\stv676m.sys [10/8/2009 1:06 PM 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 18:33]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 18:33]
.
2012-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 21:40]
.
2012-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4171789061-3901554716-3973874397-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 21:40]
.
2012-01-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 21:40]
.
2012-01-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4171789061-3901554716-3973874397-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 21:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-RegistryQuick.exe - c:\program files\Rq\RegistryQuick.exe
AddRemove-HP Game Console - c:\program files\WildTangent\Apps\hpuninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-13 09:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?@???? ?,?B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,8e,8a,a6,9a,50,65,44,86,5f,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,8e,8a,a6,9a,50,65,44,86,5f,59,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(856)
c:\windows\system32\WININET.dll
c:\program files\NORTON 360\ENGINE\5.1.0.29\Microsoft.VC90.CRT\MSVCR90.dll
c:\program files\NORTON 360\ENGINE\5.1.0.29\Microsoft.VC90.CRT\MSVCP90.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Memeo\AutoBackup\MemeoBackup.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-01-13 09:37:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-13 17:37
.
Pre-Run: 20,709,683,200 bytes free
Post-Run: 20,885,422,080 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 5C6D6B935D1F99311DC1AFF2148AAA34
 
Okay- found Registry Quick: it was deleted and is now in the Recycler Folder: I will have you remove it shortly:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
explorer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
================================
I'd like you to run a special scan before we deal with Combofix:
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org free on-line scan service
  • Copy and paste each of the following file paths into the "Suspicious files to scan" box on the top of the page, one at a time:
    Code: 
        [b]c:\windows\system32\userinit.exe

    c:\windows\explorer.exe

    c:\window\system32\svchost.exe[/b]
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
 
Thanks again for the help.

Here is the System Look log:

SystemLook 30.07.11 by jpshortstuff
Log created at 08:25 on 14/01/2012 by Nicole
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\explorer.exe --a---- 1058816 bytes [08:00 04/08/2004] [15:25 12/01/2012] C921497CA89B781DA93E20219EC15044
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe --a---- 1033216 bytes [11:26 13/06/2007] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe -----c- 1033216 bytes [01:42 23/05/2009] [10:23 13/06/2007] 97BD6515465659FF8F3B7BE375B2EA87
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -----c- 1032192 bytes [05:30 16/08/2007] [08:00 04/08/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\ServicePackFiles\i386\explorer.exe ------- 1033728 bytes [04:53 06/08/2008] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

-= EOF =-

The other was unable to do any scans. For all three .exe files, it stated:

Error: returned status code 403 Forbidden

Let me know what you advise. Thanks.
 
You got Error: returned status code 403 Forbidden when you accessed VirScan?

The URL is good> http://virscan.org/. It brings up page:

VirSCAN
Suspicious file(s) to scan:

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
With the box to put each of the files in, one at a time.

Please try it again. If that site, VirSCAN.org still causes a problem, try one of these:

VirusTotal
Jotti
 
virscan.org logs

Last time I tried it, I received the error message when I clicked "upload." I tried it again and it worked just fine. Looks like a trojan horse in explorer.exe. Here are the logs in order:

Log for c:\windows\system32\userinit.exe


VirSCAN.org Scanned Report :
Scanned time : 2012/01/17 08:04:01 (CST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 26112 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
Online report : http://r.virscan.org/5b11e2d2af8d6f28112845314a3403c2

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120117080231 2012-01-17 0.27 -
AhnLab V3 2012.01.16.03 2012.01.16 2012-01-16 5.47 -
AntiVir 8.2.8.26 7.11.21.50 2012-01-16 0.25 -
Antiy 2.0.18 20120116.15731644 2012-01-16 0.02 -
Arcavir 2011 201201161326 2012-01-16 3.46 -
Authentium 5.1.1 201201162023 2012-01-16 1.49 -
AVAST! 4.7.4 120116-1 2012-01-16 0.01 -
AVG 10.0.1405 2090/4147 2012-01-16 0.06 -
BitDefender 7.90123.7930552 7.40621 2012-01-17 4.16 -
ClamAV 0.97.1 14314 2012-01-16 0.00 -
Comodo 5.1 11289 2012-01-16 2.12 -
CP Secure 1.3.0.5 2012.01.17 2012-01-17 0.04 -
Dr.Web 7.0.0.11250 2012.01.17 2012-01-17 11.64 -
F-Prot 4.6.2.117 20120116 2012-01-16 0.76 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 10.85 -
Fortinet 4.2.257 15.97 2012-01-14 0.10 -
GData 22.3504 20120117 2012-01-17 4.85 -
ViRobot 20120116 2012.01.16 2012-01-16 0.33 -
Ikarus T3.1.32.20.0 2012.01.16.80250 2012-01-16 5.06 -
JiangMin 13.0.900 2011.11.26 2011-11-26 1.93 -
Kaspersky 5.5.10 2012.01.16 2012-01-16 0.19 -
KingSoft 2009.2.5.15 2012.1.17.9 2012-01-17 0.87 -
McAfee 5400.1158 6591 2012-01-16 10.73 -
Microsoft 1.7903 2012.01.16 2012-01-16 3.29 -
NOD32 3.0.21 6800 2012-01-16 0.00 -
Panda 9.05.01 2012.01.16 2012-01-16 2.37 -
Trend Micro 9.500-1005 8.712.13 2012-01-16 0.04 -
Quick Heal 11.00 2012.01.16 2012-01-16 0.92 -
Rising 20.0 23.93.00.02 2012-01-16 2.40 -
Sophos 3.27.0 4.73 2012-01-17 4.52 -
Sunbelt 3.9.2526.2 11407 2012-01-16 0.69 -
Symantec 1.3.0.24 20120116.002 2012-01-16 0.05 -
nProtect 20120116.02 11851100 2012-01-16 1.30 -
The Hacker 6.7.0.1 v00380 2012-01-16 0.51 -
VBA32 3.12.16.4 20120116.0721 2012-01-16 3.70 -
VirusBuster 5.4.0.10 14.1.170.0/74162742012-01-17 0.01 -



virscan.org - scan of c:\windows\explorer.exe


VirSCAN.org Scanned Report :
Scanned time : 2012/01/17 08:48:54 (CST)
Scanner results: 3% Scanner(s) (1/36) found malware!
File Name : explorer.exe
File Size : 1058816 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : c921497ca89b781da93e20219ec15044
SHA1 : 9c3dd108b62380ade06ad72c0322607f76b58c60
Online report : http://r.virscan.org/eb6aa10b71864c93d87535b8e04deae8

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120117080231 2012-01-17 0.41 -
AhnLab V3 2012.01.16.03 2012.01.16 2012-01-16 3.26 -
AntiVir 8.2.8.26 7.11.21.50 2012-01-16 0.25 -
Antiy 2.0.18 20120116.15731644 2012-01-16 0.02 -
Arcavir 2011 201201161326 2012-01-16 3.53 -
Authentium 5.1.1 201201162023 2012-01-16 1.49 -
AVAST! 4.7.4 120116-1 2012-01-16 0.08 -
AVG 10.0.1405 2090/4147 2012-01-16 0.08 -
BitDefender 7.90123.7930552 7.40621 2012-01-17 4.10 -
ClamAV 0.97.1 14314 2012-01-16 0.29 -
Comodo 5.1 11289 2012-01-16 3.64 -
CP Secure 1.3.0.5 2012.01.17 2012-01-17 0.40 -
Dr.Web 7.0.0.11250 2012.01.17 2012-01-17 11.62 -
F-Prot 4.6.2.117 20120116 2012-01-16 0.81 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 12.61 -
Fortinet 4.2.257 15.105 2012-01-16 0.10 -
GData 22.3506 20120117 2012-01-17 4.84 -
ViRobot 20120116 2012.01.16 2012-01-16 0.36 -
Ikarus T3.1.32.20.0 2012.01.16.80250 2012-01-16 5.20 -
JiangMin 13.0.900 2011.11.26 2011-11-26 1.93 -
Kaspersky 5.5.10 2012.01.16 2012-01-16 0.12 -
KingSoft 2009.2.5.15 2012.1.17.9 2012-01-17 0.86 -
McAfee 5400.1158 6591 2012-01-16 10.89 -
Microsoft 1.7903 2012.01.17 2012-01-17 5.30 -
NOD32 3.0.21 6800 2012-01-16 0.10 -
Panda 9.05.01 2012.01.16 2012-01-16 2.62 -
Trend Micro 9.500-1005 8.712.13 2012-01-16 0.04 -
Quick Heal 11.00 2012.01.16 2012-01-16 1.43 -
Rising 20.0 23.93.00.02 2012-01-16 2.26 Trojan.Win32.Generic.12ADF86E
Sophos 3.27.0 4.73 2012-01-17 4.53 -
Sunbelt 3.9.2526.2 11407 2012-01-16 1.31 -
Symantec 1.3.0.24 20120116.002 2012-01-16 0.09 -
nProtect 20120116.02 11851100 2012-01-16 1.69 -
The Hacker 6.7.0.1 v00380 2012-01-16 0.87 -
VBA32 3.12.16.4 20120116.0721 2012-01-16 3.92 -
VirusBuster 5.4.0.10 14.1.170.0/74162742012-01-17 0.02 -



virscan.org log of c:\windows\system32\svchost.exe

VirSCAN.org Scanned Report :
Scanned time : 2012/01/17 08:52:39 (CST)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
Online report : http://r.virscan.org/6b0c513cf7fc34877e3289c75c53566b

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120117080231 2012-01-17 0.26 -
AhnLab V3 2012.01.16.03 2012.01.16 2012-01-16 2.84 -
AntiVir 8.2.8.26 7.11.21.50 2012-01-16 0.25 -
Antiy 2.0.18 20120116.15731644 2012-01-16 0.02 -
Arcavir 2011 201201161326 2012-01-16 3.42 -
Authentium 5.1.1 201201162023 2012-01-16 1.44 -
AVAST! 4.7.4 120116-1 2012-01-16 0.01 -
AVG 10.0.1405 2090/4147 2012-01-16 0.06 -
BitDefender 7.90123.7930552 7.40621 2012-01-17 4.04 -
ClamAV 0.97.1 14314 2012-01-16 0.01 -
Comodo 5.1 11289 2012-01-16 2.05 -
CP Secure 1.3.0.5 2012.01.17 2012-01-17 0.04 -
Dr.Web 7.0.0.11250 2012.01.17 2012-01-17 11.37 -
F-Prot 4.6.2.117 20120116 2012-01-16 0.76 -
F-Secure 7.02.73807 2012.01.10.04 2012-01-10 0.20 -
Fortinet 4.2.257 15.105 2012-01-16 0.10 -
GData 22.3506 20120117 2012-01-17 4.73 -
ViRobot 20120116 2012.01.16 2012-01-16 0.33 -
Ikarus T3.1.32.20.0 2012.01.16.80250 2012-01-16 5.07 -
JiangMin 13.0.900 2011.11.26 2011-11-26 2.08 -
Kaspersky 5.5.10 2012.01.16 2012-01-16 0.11 -
KingSoft 2009.2.5.15 2012.1.17.9 2012-01-17 0.93 -
McAfee 5400.1158 6591 2012-01-16 10.77 -
Microsoft 1.7903 2012.01.17 2012-01-17 3.32 -
NOD32 3.0.21 6800 2012-01-16 0.01 -
Panda 9.05.01 2012.01.16 2012-01-16 2.32 -
Trend Micro 9.500-1005 8.712.13 2012-01-16 0.03 -
Quick Heal 11.00 2012.01.16 2012-01-16 1.31 -
Rising 20.0 23.93.00.02 2012-01-16 2.53 -
Sophos 3.27.0 4.73 2012-01-17 4.51 -
Sunbelt 3.9.2526.2 11407 2012-01-16 0.67 -
Symantec 1.3.0.24 20120116.002 2012-01-16 0.05 -
nProtect 20120116.02 11851100 2012-01-16 1.35 -
The Hacker 6.7.0.1 v00380 2012-01-16 0.52 -
VBA32 3.12.16.4 20120116.0721 2012-01-16 3.79 -
VirusBuster 5.4.0.10 14.1.170.0/74162742012-01-17 0.01 -


Let me know what you think. Thank you again.
 
updates?

Just wanted to see if you have any more updates. As a side note, I am running Norton 360. Thank you.

FHorn
 
Got behind over the holidays- still trying to catch up! That you for your patience.

I'm replacing the infected explorer.exe file below:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
Folder::
C:\66ea9cec9032b4dc3d80e009ce3412
DDS::
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [RegistryQuick.exe] c:\program files\rq\RegistryQuick.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
Clearjavacache::
FCopy::
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe | c:\windows\explorer.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
=============================================
You may have a flash drive infection, evident as a quarantine in Combofix for Drive D. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=======================================
Note: Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..

Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Please update the Adobe Reader:Visit this Adobe Reader site make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
=================
I recommend that you stop these Scheduled Tasks:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.:
To delete a task> right-click the task> click Delete.
(Duplicates of both)
c:\windows\Tasks\RealUpgradeLogonTaskS
c:\windows\Tasks\RealUpgradeLogonTaskS
c:\windows\Tasks\RealUpgradeScheduledTaskS
c:\windows\Tasks\RealUpgradeScheduledTaskS
======================================
Since you had evidence of
 
Got behind over the holidays- still trying to catch up! That you for your patience.

I'm replacing the infected explorer.exe file below:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
Folder::
C:\66ea9cec9032b4dc3d80e009ce3412
DDS::
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [RegistryQuick.exe] c:\program files\rq\RegistryQuick.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
Clearjavacache::
FCopy::
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe | c:\windows\explorer.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
=============================================
You may have a flash drive infection, evident as a quarantine in Combofix for Drive D. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=======================================
Note: Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..

Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Please update the Adobe Reader:Visit this Adobe Reader site make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
=================
I recommend that you stop these Scheduled Tasks:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.:
To delete a task> right-click the task> click Delete.
(Duplicates of both)
c:\windows\Tasks\RealUpgradeLogonTaskS
c:\windows\Tasks\RealUpgradeLogonTaskS
c:\windows\Tasks\RealUpgradeScheduledTaskS
c:\windows\Tasks\RealUpgradeScheduledTaskS
======================================
Since you had evidence of the rogue antivirus suite, I'd like to make sure it has been removed. Please go on to the next reply. (Save Combofix log, post in next reply)
 
Let's make sure we got all the bad entries.

Please do the following to help you run other programs:

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode with Networking option when the Windows Advanced Opti
    ons menu appears, using your up/down arrows to reach it and then press ENTER.

This infection may change your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software, we will first need need to fix this: Launch Internet Explorer
  • Access Internet Options through Tools> Connections tab
  • Click on the Lan Settings at the bottom
  • Proxy Server section> uncheck the box labeled 'Use a proxy server for your LAN.
  • Then click on OK> and OK again to close Internet Options.
===============================
This malware frequently comes with the TDSS rootkit, so do the following:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result. Save the log to post in next reply.
  • A reboot is required after disinfection.
====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
To end the processes that belong to the rogue program:
Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 3 different versions. If one of them won't run then download and try to run the other one. (Vista and Win7 users need to right click Rkill and choose Run as Administrator)

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot until instructed. as it will start the malware again
==================================
You will run another scan with Mbam, after it updates, but this time, on the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
========================================
TDSSKiller
RKill
New Malwarebytes
Combofix log from previous post.
=======================================
The Recycler folder is a hidden folder where the files you delete are stored, until you empty the Recycle Bin on NTFS partition. It will eventually get overwritten in time, but will show on scan until it is removed.

The Recycler folder contains a Recycle Bin for each user that logs on to the computer, sorted by their security identifier (SID).Example: S-1-5-21-330564415-2671475969-752554860-1006. We need to remove the infected file that is still in the Recycler.

Note: The Recycle Bin on the Desktop must be empty. Close any running programs

1.How could you clear this area using Command Prompt?
Start> Run> type in cm> enter
At a Command Prompt type rd /s /q c:\recycler
Windows will create a new recycler for the drive when the computer is rebooted.

2.How could you clear this area using Windows explorer
  1. Right click on Start> Explore> Computer> Local Drive
  2. Go to Tools> Folder Options> View tab
  3. Check 'show hidden files and folders
  4. Uncheck 'hide protected systeem files (Recommended
  5. Click Yes to confirm
  6. Scroll down to and double click on the Recycler
  7. Highlight all the files> Hold shift and press the Delete key
Go back to Folder Options> View tab
  • Check 'do not show hidden files and folders'
  • Recheck 'hide protected system files' (Recommended)
  • Click on OK> Apply> OK> Exit Windows Explorer.
 
Logs

Bobbye,

Thanks for your response and here are the logs of the scans. I also believe I got the recycler cleaned out.

TDSSkill Log

04:54:05.0781 0248 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
04:54:06.0203 0248 ============================================================
04:54:06.0203 0248 Current date / time: 2012/01/21 04:54:06.0203
04:54:06.0203 0248 SystemInfo:
04:54:06.0203 0248
04:54:06.0203 0248 OS Version: 5.1.2600 ServicePack: 3.0
04:54:06.0203 0248 Product type: Workstation
04:54:06.0203 0248 ComputerName: PC677134193111
04:54:06.0203 0248 UserName: Nicole
04:54:06.0203 0248 Windows directory: C:\WINDOWS
04:54:06.0203 0248 System windows directory: C:\WINDOWS
04:54:06.0203 0248 Processor architecture: Intel x86
04:54:06.0203 0248 Number of processors: 1
04:54:06.0203 0248 Page size: 0x1000
04:54:06.0203 0248 Boot type: Safe boot with network
04:54:06.0203 0248 ============================================================
04:54:09.0843 0248 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
04:54:10.0000 0248 Initialize success
04:54:11.0796 1180 ============================================================
04:54:11.0796 1180 Scan started
04:54:11.0796 1180 Mode: Manual;
04:54:11.0796 1180 ============================================================
04:54:13.0203 1180 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
04:54:13.0203 1180 61883 - ok
04:54:13.0234 1180 Abiosdsk - ok
04:54:13.0265 1180 abp480n5 - ok
04:54:13.0359 1180 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:54:13.0375 1180 ACPI - ok
04:54:13.0437 1180 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
04:54:13.0437 1180 ACPIEC - ok
04:54:13.0453 1180 adpu160m - ok
04:54:13.0515 1180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
04:54:13.0515 1180 aec - ok
04:54:13.0593 1180 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
04:54:13.0593 1180 AFD - ok
04:54:13.0640 1180 Aha154x - ok
04:54:13.0671 1180 aic78u2 - ok
04:54:13.0703 1180 aic78xx - ok
04:54:13.0796 1180 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
04:54:13.0796 1180 AliIde - ok
04:54:13.0828 1180 amsint - ok
04:54:13.0921 1180 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
04:54:13.0921 1180 Arp1394 - ok
04:54:13.0953 1180 asc - ok
04:54:13.0984 1180 asc3350p - ok
04:54:14.0015 1180 asc3550 - ok
04:54:14.0140 1180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:54:14.0140 1180 AsyncMac - ok
04:54:14.0203 1180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
04:54:14.0203 1180 atapi - ok
04:54:14.0234 1180 Atdisk - ok
04:54:14.0281 1180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:54:14.0281 1180 Atmarpc - ok
04:54:14.0359 1180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
04:54:14.0359 1180 audstub - ok
04:54:14.0421 1180 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
04:54:14.0437 1180 Avc - ok
04:54:14.0546 1180 bautopw (635a3989ad02a75827dcf94ce61cf1f8) C:\WINDOWS\system32\drivers\bautopw.sys
04:54:14.0546 1180 bautopw - ok
04:54:14.0843 1180 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
04:54:14.0906 1180 BCM43XX - ok
04:54:15.0015 1180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
04:54:15.0015 1180 Beep - ok
04:54:15.0093 1180 bfturboh (94a5e2424bc8b94d02f88dea0702246b) C:\WINDOWS\system32\drivers\bfturboh.sys
04:54:15.0109 1180 bfturboh - ok
04:54:15.0453 1180 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
04:54:15.0500 1180 BHDrvx86 - ok
04:54:15.0750 1180 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
04:54:15.0750 1180 Bridge - ok
04:54:15.0765 1180 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
04:54:15.0765 1180 BridgeMP - ok
04:54:15.0921 1180 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys
04:54:15.0921 1180 BTWUSB - ok
04:54:15.0984 1180 CAMCAUD (4ebc37b6677a6768b307ae40839d788f) C:\WINDOWS\system32\drivers\camc6aud.sys
04:54:15.0984 1180 CAMCAUD - ok
04:54:16.0031 1180 CAMCHALA (9a38fc432ad8b3400cefb70a7236979e) C:\WINDOWS\system32\drivers\camc6hal.sys
04:54:16.0046 1180 CAMCHALA - ok
04:54:16.0234 1180 catchme - ok
04:54:16.0453 1180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
04:54:16.0453 1180 cbidf2k - ok
04:54:16.0531 1180 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
04:54:16.0531 1180 CCDECODE - ok
04:54:16.0562 1180 cd20xrnt - ok
04:54:16.0625 1180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
04:54:16.0625 1180 Cdaudio - ok
04:54:16.0656 1180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
04:54:16.0656 1180 Cdfs - ok
04:54:16.0703 1180 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:54:16.0703 1180 Cdrom - ok
04:54:16.0734 1180 Changer - ok
04:54:16.0828 1180 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
04:54:16.0828 1180 CmBatt - ok
04:54:16.0859 1180 CmdIde - ok
04:54:16.0906 1180 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
04:54:16.0906 1180 Compbatt - ok
04:54:16.0968 1180 Cpqarray - ok
04:54:17.0015 1180 dac2w2k - ok
04:54:17.0046 1180 dac960nt - ok
04:54:17.0125 1180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
04:54:17.0125 1180 Disk - ok
04:54:17.0218 1180 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
04:54:17.0265 1180 dmboot - ok
04:54:17.0312 1180 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
04:54:17.0312 1180 dmio - ok
04:54:17.0390 1180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
04:54:17.0406 1180 dmload - ok
04:54:17.0750 1180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
04:54:17.0750 1180 DMusic - ok
04:54:17.0875 1180 dpti2o - ok
04:54:17.0921 1180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
04:54:17.0921 1180 drmkaud - ok
04:54:18.0015 1180 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
04:54:18.0015 1180 eabfiltr - ok
04:54:18.0062 1180 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
04:54:18.0062 1180 eabusb - ok
04:54:18.0312 1180 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
04:54:18.0328 1180 eeCtrl - ok
04:54:18.0375 1180 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:54:18.0421 1180 EraserUtilRebootDrv - ok
04:54:18.0671 1180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
04:54:18.0671 1180 Fastfat - ok
04:54:18.0765 1180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
04:54:18.0765 1180 Fdc - ok
04:54:18.0875 1180 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
04:54:18.0875 1180 Fips - ok
04:54:18.0953 1180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
04:54:18.0953 1180 Flpydisk - ok
04:54:19.0015 1180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
04:54:19.0031 1180 FltMgr - ok
04:54:19.0093 1180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:54:19.0093 1180 Fs_Rec - ok
04:54:19.0140 1180 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:54:19.0140 1180 Ftdisk - ok
04:54:19.0218 1180 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
04:54:19.0218 1180 GEARAspiWDM - ok
04:54:19.0250 1180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:54:19.0250 1180 Gpc - ok
04:54:19.0578 1180 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:54:19.0578 1180 HidUsb - ok
04:54:19.0640 1180 hjflzhha - ok
04:54:19.0687 1180 hpn - ok
04:54:19.0812 1180 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
04:54:19.0828 1180 HPZid412 - ok
04:54:19.0859 1180 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
04:54:19.0859 1180 HPZipr12 - ok
04:54:19.0968 1180 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
04:54:19.0984 1180 HPZius12 - ok
04:54:20.0062 1180 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
04:54:20.0062 1180 HSFHWICH - ok
04:54:20.0203 1180 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
04:54:20.0265 1180 HSF_DP - ok
04:54:20.0328 1180 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
04:54:20.0343 1180 HTTP - ok
04:54:20.0390 1180 i2omgmt - ok
04:54:20.0421 1180 i2omp - ok
04:54:20.0484 1180 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:54:20.0484 1180 i8042prt - ok
04:54:20.0640 1180 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
04:54:20.0703 1180 ialm - ok
04:54:21.0109 1180 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120120.002\IDSxpx86.sys
04:54:21.0125 1180 IDSxpx86 - ok
04:54:21.0328 1180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
04:54:21.0328 1180 Imapi - ok
04:54:21.0437 1180 ini910u - ok
04:54:21.0484 1180 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
04:54:21.0484 1180 IntelIde - ok
04:54:21.0531 1180 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
04:54:21.0531 1180 intelppm - ok
04:54:21.0593 1180 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
04:54:21.0593 1180 Ip6Fw - ok
04:54:21.0656 1180 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:54:21.0656 1180 IpFilterDriver - ok
04:54:21.0703 1180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:54:21.0703 1180 IpInIp - ok
04:54:21.0750 1180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:54:21.0750 1180 IpNat - ok
04:54:21.0812 1180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:54:21.0812 1180 IPSec - ok
04:54:21.0875 1180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
04:54:21.0875 1180 IRENUM - ok
04:54:21.0937 1180 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:54:21.0937 1180 isapnp - ok
04:54:21.0968 1180 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:54:21.0984 1180 Kbdclass - ok
04:54:22.0031 1180 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
04:54:22.0031 1180 kbdhid - ok
04:54:22.0078 1180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
04:54:22.0093 1180 kmixer - ok
04:54:22.0171 1180 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
04:54:22.0171 1180 KSecDD - ok
04:54:22.0218 1180 lbrtfdc - ok
04:54:22.0343 1180 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
04:54:22.0343 1180 mdmxsdk - ok
04:54:22.0421 1180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
04:54:22.0421 1180 mnmdd - ok
04:54:22.0500 1180 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
04:54:22.0500 1180 Modem - ok
04:54:22.0531 1180 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:54:22.0531 1180 Mouclass - ok
04:54:22.0578 1180 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:54:22.0593 1180 mouhid - ok
04:54:22.0687 1180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
04:54:22.0687 1180 MountMgr - ok
04:54:22.0718 1180 mraid35x - ok
04:54:22.0765 1180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:54:22.0765 1180 MRxDAV - ok
04:54:22.0828 1180 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:54:22.0843 1180 MRxSmb - ok
04:54:23.0093 1180 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
04:54:23.0093 1180 MSDV - ok
04:54:23.0156 1180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
04:54:23.0156 1180 Msfs - ok
04:54:23.0218 1180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:54:23.0218 1180 MSKSSRV - ok
04:54:23.0250 1180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:54:23.0250 1180 MSPCLOCK - ok
04:54:23.0281 1180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
04:54:23.0296 1180 MSPQM - ok
04:54:23.0390 1180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:54:23.0390 1180 mssmbios - ok
04:54:23.0468 1180 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
04:54:23.0468 1180 MSTEE - ok
04:54:23.0515 1180 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
04:54:23.0515 1180 Mup - ok
04:54:23.0578 1180 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
04:54:23.0578 1180 NABTSFEC - ok
04:54:23.0968 1180 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120121.009\NAVENG.SYS
04:54:23.0984 1180 NAVENG - ok
04:54:24.0234 1180 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120121.009\NAVEX15.SYS
04:54:24.0328 1180 NAVEX15 - ok
04:54:24.0546 1180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
04:54:24.0562 1180 NDIS - ok
04:54:24.0656 1180 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
04:54:24.0656 1180 NdisIP - ok
04:54:24.0718 1180 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:54:24.0718 1180 NdisTapi - ok
04:54:24.0781 1180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:54:24.0781 1180 Ndisuio - ok
04:54:24.0828 1180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:54:24.0828 1180 NdisWan - ok
04:54:24.0890 1180 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
04:54:24.0890 1180 NDProxy - ok
04:54:24.0953 1180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
04:54:24.0953 1180 NetBIOS - ok
04:54:25.0000 1180 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
04:54:25.0000 1180 NetBT - ok
04:54:25.0093 1180 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
04:54:25.0093 1180 NIC1394 - ok
04:54:25.0156 1180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
04:54:25.0156 1180 Npfs - ok
04:54:25.0203 1180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
04:54:25.0218 1180 Ntfs - ok
04:54:25.0312 1180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
04:54:25.0312 1180 Null - ok
04:54:25.0421 1180 NUVision (0abc9349a15a75c2ed6620cc5dacad4b) C:\WINDOWS\system32\DRIVERS\NUVision.sys
04:54:25.0421 1180 NUVision - ok
04:54:25.0500 1180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:54:25.0500 1180 NwlnkFlt - ok
04:54:25.0546 1180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:54:25.0546 1180 NwlnkFwd - ok
04:54:25.0812 1180 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
04:54:25.0812 1180 ohci1394 - ok
04:54:25.0890 1180 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
04:54:25.0890 1180 Parport - ok
04:54:25.0921 1180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
04:54:25.0921 1180 PartMgr - ok
04:54:25.0984 1180 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
04:54:25.0984 1180 ParVdm - ok
04:54:26.0062 1180 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
04:54:26.0062 1180 PCI - ok
04:54:26.0093 1180 PCIDump - ok
04:54:26.0187 1180 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
04:54:26.0187 1180 PCIIde - ok
04:54:26.0250 1180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
04:54:26.0250 1180 Pcmcia - ok
04:54:26.0281 1180 PDCOMP - ok
04:54:26.0328 1180 PDFRAME - ok
04:54:26.0359 1180 PDRELI - ok
04:54:26.0390 1180 PDRFRAME - ok
04:54:26.0421 1180 perc2 - ok
04:54:26.0453 1180 perc2hib - ok
04:54:26.0609 1180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:54:26.0609 1180 PptpMiniport - ok
04:54:26.0656 1180 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
04:54:26.0656 1180 PSched - ok
04:54:26.0718 1180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:54:26.0718 1180 Ptilink - ok
04:54:26.0796 1180 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
04:54:26.0796 1180 PxHelp20 - ok
04:54:26.0828 1180 ql1080 - ok
04:54:26.0859 1180 Ql10wnt - ok
04:54:26.0890 1180 ql12160 - ok
04:54:26.0921 1180 ql1240 - ok
04:54:26.0953 1180 ql1280 - ok
04:54:27.0000 1180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:54:27.0000 1180 RasAcd - ok
04:54:27.0078 1180 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
04:54:27.0078 1180 Rasirda - ok
04:54:27.0140 1180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:54:27.0140 1180 Rasl2tp - ok
04:54:27.0171 1180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:54:27.0171 1180 RasPppoe - ok
04:54:27.0234 1180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
04:54:27.0234 1180 Raspti - ok
04:54:27.0312 1180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:54:27.0312 1180 Rdbss - ok
04:54:27.0343 1180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:54:27.0343 1180 RDPCDD - ok
04:54:27.0562 1180 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
04:54:27.0578 1180 RDPWD - ok
04:54:27.0687 1180 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
04:54:27.0687 1180 redbook - ok
04:54:27.0796 1180 RimUsb - ok
04:54:27.0859 1180 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
04:54:27.0859 1180 RimVSerPort - ok
04:54:27.0906 1180 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
04:54:27.0906 1180 ROOTMODEM - ok
04:54:28.0109 1180 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
04:54:28.0109 1180 RTL8023xp - ok
04:54:28.0234 1180 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
04:54:28.0234 1180 sdbus - ok
04:54:28.0296 1180 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:54:28.0296 1180 Secdrv - ok
04:54:28.0421 1180 SecureLockWare_EncryptFilterDriver (22a5647418cdfa56a53aad5ea12ee42d) C:\WINDOWS\system32\DRIVERS\ENCRFIL.SYS
04:54:28.0453 1180 SecureLockWare_EncryptFilterDriver - ok
04:54:28.0531 1180 SecureLockWare_EncryptFilterDriver2 (5378bda6cd8453ea32cad99ceaa9e485) C:\WINDOWS\system32\DRIVERS\SLWFIL.SYS
04:54:28.0546 1180 SecureLockWare_EncryptFilterDriver2 - ok
04:54:28.0640 1180 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
04:54:28.0640 1180 serenum - ok
04:54:28.0671 1180 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
04:54:28.0687 1180 Serial - ok
04:54:28.0953 1180 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
04:54:28.0953 1180 Sfloppy - ok
04:54:29.0015 1180 Simbad - ok
04:54:29.0062 1180 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
04:54:29.0062 1180 SLIP - ok
04:54:29.0125 1180 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
04:54:29.0125 1180 SMCIRDA - ok
04:54:29.0203 1180 Sparrow - ok
04:54:29.0281 1180 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
04:54:29.0296 1180 splitter - ok
04:54:29.0343 1180 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
04:54:29.0343 1180 sr - ok
04:54:29.0562 1180 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0501000.01D\SRTSP.SYS
04:54:29.0578 1180 SRTSP - ok
04:54:29.0687 1180 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0501000.01D\SRTSPX.SYS
04:54:29.0687 1180 SRTSPX - ok
04:54:29.0781 1180 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
04:54:29.0781 1180 Srv - ok
04:54:29.0953 1180 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
04:54:29.0953 1180 streamip - ok
04:54:30.0046 1180 stv676 (314d365f43a2114069bd69f1fb326aba) C:\WINDOWS\system32\drivers\stv676.sys
04:54:30.0046 1180 stv676 - ok
04:54:30.0078 1180 stv676m (05e17d53726f07d50870837929451e3f) C:\WINDOWS\system32\drivers\stv676m.sys
04:54:30.0078 1180 stv676m - ok
04:54:30.0140 1180 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
04:54:30.0140 1180 swenum - ok
04:54:30.0187 1180 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
04:54:30.0187 1180 swmidi - ok
04:54:30.0250 1180 symc810 - ok
04:54:30.0281 1180 symc8xx - ok
04:54:30.0421 1180 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMDS.SYS
04:54:30.0421 1180 SymDS - ok
04:54:30.0656 1180 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMEFA.SYS
04:54:30.0671 1180 SymEFA - ok
04:54:30.0843 1180 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
04:54:30.0843 1180 SymEvent - ok
04:54:30.0953 1180 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0501000.01D\Ironx86.SYS
04:54:30.0953 1180 SymIRON - ok
04:54:31.0078 1180 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\system32\drivers\N360\0501000.01D\SYMTDI.SYS
04:54:31.0093 1180 SYMTDI - ok
04:54:31.0125 1180 sym_hi - ok
04:54:31.0156 1180 sym_u3 - ok
04:54:31.0250 1180 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
04:54:31.0250 1180 SynTP - ok
04:54:31.0296 1180 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
04:54:31.0312 1180 sysaudio - ok
04:54:31.0406 1180 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:54:31.0421 1180 Tcpip - ok
04:54:31.0562 1180 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
04:54:31.0562 1180 TDPIPE - ok
04:54:31.0593 1180 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
04:54:31.0609 1180 TDTCP - ok
04:54:31.0671 1180 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
04:54:31.0671 1180 TermDD - ok
04:54:31.0781 1180 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
04:54:31.0781 1180 tifm21 - ok
04:54:31.0828 1180 TosIde - ok
04:54:31.0921 1180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
04:54:31.0921 1180 Udfs - ok
04:54:31.0968 1180 ultra - ok
04:54:32.0046 1180 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
04:54:32.0062 1180 Update - ok
04:54:32.0187 1180 usbbus (5aadc9297c39aa249cd994acdba19034) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
04:54:32.0187 1180 usbbus - ok
04:54:32.0296 1180 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:54:32.0296 1180 usbccgp - ok
04:54:32.0375 1180 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
04:54:32.0375 1180 UsbDiag - ok
04:54:32.0437 1180 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:54:32.0437 1180 usbehci - ok
04:54:32.0515 1180 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:54:32.0515 1180 usbhub - ok
04:54:32.0671 1180 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
04:54:32.0671 1180 USBModem - ok
04:54:32.0750 1180 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
04:54:32.0765 1180 usbprint - ok
04:54:32.0843 1180 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:54:32.0843 1180 usbscan - ok
04:54:32.0921 1180 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:54:32.0921 1180 USBSTOR - ok
04:54:32.0984 1180 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
04:54:32.0984 1180 usbuhci - ok
04:54:33.0015 1180 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
04:54:33.0015 1180 VgaSave - ok
04:54:33.0062 1180 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
04:54:33.0062 1180 ViaIde - ok
04:54:33.0093 1180 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
04:54:33.0093 1180 VolSnap - ok
04:54:33.0328 1180 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
04:54:33.0484 1180 w29n51 - ok
04:54:33.0625 1180 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:54:33.0625 1180 Wanarp - ok
04:54:33.0656 1180 WDICA - ok
04:54:33.0703 1180 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
04:54:33.0703 1180 wdmaud - ok
04:54:33.0828 1180 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
04:54:33.0875 1180 winachsf - ok
04:54:34.0000 1180 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
04:54:34.0000 1180 WmiAcpi - ok
04:54:34.0109 1180 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
04:54:34.0109 1180 WpdUsb - ok
04:54:34.0187 1180 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
04:54:34.0187 1180 WS2IFSL - ok
04:54:34.0296 1180 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
04:54:34.0296 1180 WSTCODEC - ok
04:54:34.0375 1180 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:54:34.0375 1180 WudfPf - ok
04:54:34.0453 1180 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
04:54:34.0453 1180 WUDFRd - ok
04:54:34.0609 1180 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
04:54:34.0656 1180 \Device\Harddisk0\DR0 - ok
04:54:34.0656 1180 Boot (0x1200) (8ffd04c05d98011bafdc09fb7ff7e69d) \Device\Harddisk0\DR0\Partition0
04:54:34.0671 1180 \Device\Harddisk0\DR0\Partition0 - ok
04:54:34.0687 1180 Boot (0x1200) (04e220d70684d769d0ef0ccf95f83f55) \Device\Harddisk0\DR0\Partition1
04:54:34.0687 1180 \Device\Harddisk0\DR0\Partition1 - ok
04:54:34.0703 1180 ============================================================
04:54:34.0703 1180 Scan finished
04:54:34.0703 1180 ============================================================
04:54:34.0734 1136 Detected object count: 0
04:54:34.0734 1136 Actual detected object count: 0


RKill Log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/22/2012 at 11:43:28.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 01/22/2012 at 11:43:33.


Malwarebytes Log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.22.03

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Nicole :: PC677134193111 [administrator]

1/22/2012 11:48:56 AM
mbam-log-2012-01-22 (11-48-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347563
Time elapsed: 1 hour(s), 1 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Combofix log

ComboFix 12-01-21.02 - Nicole 01/20/2012 10:45:06.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1217 [GMT -8:00]
Running from: c:\documents and settings\Nicole\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nicole\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\66ea9cec9032b4dc3d80e009ce3412
c:\66ea9cec9032b4dc3d80e009ce3412\mrt.exe
c:\66ea9cec9032b4dc3d80e009ce3412\mrtstub.exe
c:\windows\expl.dat
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
2012-01-20 18:44 . 2012-01-20 18:44 -------- d-----w- c:\windows\LastGood
2012-01-20 18:44 . 2007-06-13 10:23 1033216 ----a-w- c:\windows\OLD41.tmp
2012-01-13 04:31 . 2012-01-13 04:31 -------- d-----w- c:\program files\ESET
2012-01-12 15:25 . 2012-01-12 15:25 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-09 20:17 . 2012-01-09 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-09 20:17 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-09 05:43 . 2012-01-09 16:22 -------- d-----w- c:\documents and settings\Nicole\Local Settings\Application Data\NPE
2012-01-09 01:43 . 2012-01-09 01:43 -------- d-----w- c:\documents and settings\Nicole\Application Data\ElevatedDiagnostics
2012-01-08 07:17 . 2012-01-08 16:44 -------- d-----w- c:\windows\system32\drivers\N360\0501000.01D
2012-01-08 06:54 . 2012-01-08 06:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-08 06:54 . 2012-01-08 06:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 07:22 . 2010-12-30 04:10 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-01-08 07:22 . 2010-12-30 04:10 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-14 18:16 . 2011-07-07 16:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2004-08-04 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-06-26 20:40 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 08:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 08:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 08:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-04 08:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-04 08:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-04 08:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 08:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-12 273528]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-23 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\documents and settings\Nicole\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\documents and settings\Nicole\Application Data\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-9-27 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\ENCRFIL.SYS [3/1/2009 9:14 PM 725120]
R0 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\SLWFIL.SYS [3/1/2009 9:14 PM 725248]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [1/7/2012 11:18 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [1/7/2012 11:18 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys [11/30/2011 6:25 PM 820344]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [1/7/2012 11:18 PM 136312]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 4:33 PM 249648]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [1/7/2012 11:17 PM 130008]
R2 SecureLockWare_InputPassword;SecureLockWare Service;c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe -Service_Execute --> c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe -Service_Execute [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/8/2012 9:07 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120120.002\IDSXpx86.sys [1/19/2012 1:39 PM 356280]
S1 hjflzhha;hjflzhha;\??\c:\windows\system32\drivers\hjflzhha.sys --> c:\windows\system32\drivers\hjflzhha.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2011 10:33 AM 136176]
S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [9/27/2009 7:29 PM 8960]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 6:31 PM 195336]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [9/27/2009 7:27 PM 17152]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2011 10:33 AM 136176]
S3 NUVision;Zoran USB Live! (1004);c:\windows\system32\drivers\NUVision.sys [10/8/2009 1:18 PM 154976]
S3 stv676;USB Video Camera;c:\windows\system32\drivers\stv676.sys [10/8/2009 1:06 PM 64512]
S3 stv676m;USB Video Cameram;c:\windows\system32\drivers\stv676m.sys [10/8/2009 1:06 PM 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 18:33]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 18:33]
.
2012-01-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 21:40]
.
2012-01-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4171789061-3901554716-3973874397-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 21:40]
.
2012-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 21:40]
.
2012-01-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4171789061-3901554716-3973874397-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 21:40]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-20 11:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?`???? ?,?B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,8e,8a,a6,9a,50,65,44,86,5f,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,8e,8a,a6,9a,50,65,44,86,5f,59,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-01-20 11:17:42
ComboFix-quarantined-files.txt 2012-01-20 19:17
ComboFix2.txt 2012-01-13 17:37
.
Pre-Run: 20,805,128,192 bytes free
Post-Run: 20,748,349,440 bytes free
.
- - End Of File - - A28F222B4188687C3A381BC1E7E29716


Thank you again for all of your help.

FHorn
 
You're welcome. Tell me about these:

2012-01-20 18:44 . 2012-01-20 18:44 -------- d-----w- c:\windows\LastGood>> Did you restore to Last Good Configuration?

2012-01-20 18:44 . 2007-06-13 10:23 1033216 ----a-w- c:\windows\OLD41.tmp Please do a right click> Properties on this file. Tell me how many bytes, files and/or folder and any other info you find.
===========================================
Repeating: Recommend you delete these Scheduled Tasks:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.:
To delete a task> right-click the task> click Delete.
(Duplicates of both)
c:\windows\Tasks\RealUpgradeLogonTaskS
c:\windows\Tasks\RealUpgradeLogonTaskS
c:\windows\Tasks\RealUpgradeScheduledTaskS
c:\windows\Tasks\RealUpgradeScheduledTaskS
Click to expand...
===========================================
Consider: Install Date: 6/26/2006. All manufacturers pre-load processes before shipping. Rarely does anyone use all, nor know theses can be uninstalled if not needed/wanted/used. Check them out when you can:
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP QuickPlay 2.0
HP Solution Center 7.0
HP User Guides--System Recovery
HP User Guides 0001
HP Wireless Assistant 2.00 B3
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Click to expand...
================================
Have the redirects stopped? And the audio in the background?
 
response

Yes, the redirects and audio have stopped, so thank you SO much.

The system restore was asked during safe mode and I thought I hit "No" but I didn't read the whole paragraph, so it asked me if I wanted again to restore and I did not. Not sure why it states that I did.

Thanks for letting me know about all of the HP programs. I have removed most of them so far.

Thank you again for everything, seems to be working well. Take care.

F Horn
 
You're welcome. Glad we resolved the problems. I still advise stopping all those useless auto-updates.

About System Restore> I'm not sure what's happening here. I'm not aware of a system requesting a System Restore in Safe More.
----------------------------------------------
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
===========================================
Tips for added security and safer browsing: (Links are in Bold Blue)
  1. Browser Security
    [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
    [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
    [o] Replace the Host Files
    [o] Google Toolbar Pop Up Blocker
    [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
  2. Have layered Security:
    [o]Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o]Avast-Free Antivirus
    [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  3. Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy
  4. Updates: Stay current:
    [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
    [o]Adobe Reader Install current, uninstall old.
    [o]Java Updates Install current, uninstall old.
  5. Tracking Cookies
    Reset Cookie:
    [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
    [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List
    [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
  6. Do regular Maintenance
    Clean the temporary internet files often:
    [o] Temporary File Cleaner]
    or
    [o] ATF Cleaner by Atribune
  7. Restore Points:
    [o]See System Restore Guide
  8. Safe Email Handling
    [o] Don't open email from anyone you don't know.
    [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
    [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
Please let me know if you find any bad link.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back